SLS-3042: Respect DD_PROXY_HTTP/DD_PROXY_HTTPS for secrets manager and KMS clients #15574
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
IvanTopolcic
changed the base branch from
main
to
ivan.topolcic/fix-aws-lambda-secrets-manager-crashes
IvanTopolcic
changed the base branch from
ivan.topolcic/fix-aws-lambda-secrets-manager-crashes
to
main
IvanTopolcic
commented
Feb 13, 2023
Comment on lines
+82
to
+84
| sess, err := session.NewSession(aws.NewConfig().WithHTTPClient(&http.Client{ | ||
| Transport: datadogHttp.CreateHTTPTransport(), | ||
| })) |
There was a problem hiding this comment.
Difficult to add tests, and CreateHTTPTransport is already tested so I believe it would be redundant.
IvanTopolcic
commented
Feb 13, 2023
Comment on lines
+109
to
+111
| sess, err := session.NewSession(aws.NewConfig().WithHTTPClient(&http.Client{ | ||
| Transport: datadogHttp.CreateHTTPTransport(), | ||
| })) |
There was a problem hiding this comment.
Difficult to add tests, and CreateHTTPTransport is already tested so I believe it would be redundant.
IvanTopolcic
added
changelog/no-changelog
[deprecated] qa/skip-qa - use other qa/ labels
IvanTopolcic
force-pushed
the
ivan.topolcic/secrets-manager-use-proxy
branch
from
33ab2e2
to
f9380c6
Compare
IvanTopolcic
commented
Feb 14, 2023
| @@ -183,14 +185,13 @@ func runAgent(stopCh chan struct{}) (serverlessDaemon *daemon.Daemon, err error) | |||
| // execution to be stopped. TODO(remy): discuss with AWS if there is way | |||
| // of reporting non-critical init errors. | |||
| // serverless.ReportInitError(serverlessID, serverless.FatalNoAPIKey) | |||
| log.Error("No API key configured, exiting") | |||
| log.Error("No API key configured") | |||
There was a problem hiding this comment.
I figured this makes more sense, as we never actually exit
There was a problem hiding this comment.
maybe we should exit(1) as there is no point of wasting cpu/memory?
There was a problem hiding this comment.
we need to keep the extension running or else a process exit will cause the customer's function to crash. We could in theory refactor to accomplish this but I think we can probably worry about this later
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This PR makes the secrets manager and KMS decrypt functions in Serverless respect using DD_PROXY_HTTP(S) values. If those are set, it'll try to retrieve the secrets / the key via the proxy instead of a bare connection.
Motivation
Additional Notes
Possible Drawbacks / Trade-offs
Describe how to test/QA your changes
Reviewer's Checklist
Triagemilestone is set.major_changelabel if your change either has a major impact on the code base, is impacting multiple teams or is changing important well-established internals of the Agent. This label will be use during QA to make sure each team pay extra attention to the changed behavior. For any customer facing change use a releasenote.changelog/no-changeloglabel has been applied.qa/skip-qalabel is not applied.team/..label has been applied, indicating the team(s) that should QA this change.need-change/operatorandneed-change/helmlabels have been applied.k8s/<min-version>label, indicating the lowest Kubernetes version compatible with this feature.