Add fips option for agent docker images

Also expose FIPS and JMX options via command-line config arguments for local testing
DataDog · Dec 13, 2024 · 506ecd0 · 506ecd0
1 parent 1c333ed
commit 506ecd0
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 0 deletions.
diff --git a/common/config/environment.go b/common/config/environment.go
@@ -55,6 +55,8 @@ const (
 	DDAgentSite                          = "site"
 	DDAgentMajorVersion                  = "majorVersion"
 	DDAgentExtraEnvVars                  = "extraEnvVars" // extraEnvVars is expected in the format: <key1>=<value1>,<key2>=<value2>,...
+	DDAgentJMX                           = "jmx"
+	DDAgentFIPS                          = "fips"
 
 	// Updater Namespace
 	DDUpdaterParamName = "deploy"
@@ -430,3 +432,11 @@ func (e *CommonEnvironment) GetIntWithDefault(config *sdkconfig.Config, paramNam
 
 	return defaultValue
 }
+
+func (e *CommonEnvironment) GetFIPS() bool {
+	return e.GetBoolWithDefault(e.AgentConfig, DDAgentJMX, false)
+}
+
+func (e *CommonEnvironment) GetJMX() bool {
+	return e.GetBoolWithDefault(e.AgentConfig, DDAgentFIPS, false)
+}
diff --git a/components/datadog/agent/docker.go b/components/datadog/agent/docker.go
@@ -127,6 +127,11 @@ func dockerAgentComposeManifest(agentImagePath string, apiKey pulumi.StringInput
 }
 
 func defaultAgentParams(params *dockeragentparams.Params) {
+	defer func(p *dockeragentparams.Params) {
+		if p.FIPS {
+			p.FullImagePath += "-fips"
+		}
+	}(params)
 	// After setting params.FullImagePath check if you need to use JMX Docker image
 	defer func(p *dockeragentparams.Params) {
 		if p.JMX {

diff --git a/components/datadog/dockeragentparams/params.go b/components/datadog/dockeragentparams/params.go
@@ -49,6 +49,8 @@ type Params struct {
 	EnvironmentVariables pulumi.StringMap
 	// PulumiDependsOn is a list of resources to depend on.
 	PulumiDependsOn []pulumi.ResourceOption
+	// FIPS is true if FIPS image is needed.
+	FIPS bool
 }
 
 type Option = func(*Params) error
@@ -91,6 +93,14 @@ func WithJMX() func(*Params) error {
 	}
 }
 
+// WithFIPS makes the image FIPS enabled
+func WithFIPS() func(*Params) error {
+	return func(p *Params) error {
+		p.FIPS = true
+		return nil
+	}
+}
+
 func WithFullImagePath(fullImagePath string) func(*Params) error {
 	return func(p *Params) error {
 		p.FullImagePath = fullImagePath

diff --git a/scenarios/aws/ec2/vm_run.go b/scenarios/aws/ec2/vm_run.go
@@ -105,6 +105,14 @@ func VMRunWithDocker(ctx *pulumi.Context) error {
 			agentOptions = append(agentOptions, dockeragentparams.WithImageTag(env.AgentVersion()))
 		}
 
+		if env.GetJMX() {
+			agentOptions = append(agentOptions, dockeragentparams.WithJMX())
+		}
+
+		if env.GetFIPS() {
+			agentOptions = append(agentOptions, dockeragentparams.WithFIPS())
+		}
+
 		if env.AgentUseFakeintake() {
 			fakeIntakeOptions := []fakeintake.Option{}