From 506ecd0ebfd578771f88d97ac067fb3f795864f6 Mon Sep 17 00:00:00 2001 From: Vikentiy Fesunov Date: Thu, 12 Dec 2024 16:49:54 +0100 Subject: [PATCH 1/5] Add fips option for agent docker images Also expose FIPS and JMX options via command-line config arguments for local testing --- common/config/environment.go | 10 ++++++++++ components/datadog/agent/docker.go | 5 +++++ components/datadog/dockeragentparams/params.go | 10 ++++++++++ scenarios/aws/ec2/vm_run.go | 8 ++++++++ 4 files changed, 33 insertions(+) diff --git a/common/config/environment.go b/common/config/environment.go index c0e714a40..99eef08e0 100644 --- a/common/config/environment.go +++ b/common/config/environment.go @@ -55,6 +55,8 @@ const ( DDAgentSite = "site" DDAgentMajorVersion = "majorVersion" DDAgentExtraEnvVars = "extraEnvVars" // extraEnvVars is expected in the format: =,=,... + DDAgentJMX = "jmx" + DDAgentFIPS = "fips" // Updater Namespace DDUpdaterParamName = "deploy" @@ -430,3 +432,11 @@ func (e *CommonEnvironment) GetIntWithDefault(config *sdkconfig.Config, paramNam return defaultValue } + +func (e *CommonEnvironment) GetFIPS() bool { + return e.GetBoolWithDefault(e.AgentConfig, DDAgentJMX, false) +} + +func (e *CommonEnvironment) GetJMX() bool { + return e.GetBoolWithDefault(e.AgentConfig, DDAgentFIPS, false) +} diff --git a/components/datadog/agent/docker.go b/components/datadog/agent/docker.go index 72f5104b3..6d9008166 100644 --- a/components/datadog/agent/docker.go +++ b/components/datadog/agent/docker.go @@ -127,6 +127,11 @@ func dockerAgentComposeManifest(agentImagePath string, apiKey pulumi.StringInput } func defaultAgentParams(params *dockeragentparams.Params) { + defer func(p *dockeragentparams.Params) { + if p.FIPS { + p.FullImagePath += "-fips" + } + }(params) // After setting params.FullImagePath check if you need to use JMX Docker image defer func(p *dockeragentparams.Params) { if p.JMX { diff --git a/components/datadog/dockeragentparams/params.go b/components/datadog/dockeragentparams/params.go index 52abcb284..6c93ec1e8 100644 --- a/components/datadog/dockeragentparams/params.go +++ b/components/datadog/dockeragentparams/params.go @@ -49,6 +49,8 @@ type Params struct { EnvironmentVariables pulumi.StringMap // PulumiDependsOn is a list of resources to depend on. PulumiDependsOn []pulumi.ResourceOption + // FIPS is true if FIPS image is needed. + FIPS bool } type Option = func(*Params) error @@ -91,6 +93,14 @@ func WithJMX() func(*Params) error { } } +// WithFIPS makes the image FIPS enabled +func WithFIPS() func(*Params) error { + return func(p *Params) error { + p.FIPS = true + return nil + } +} + func WithFullImagePath(fullImagePath string) func(*Params) error { return func(p *Params) error { p.FullImagePath = fullImagePath diff --git a/scenarios/aws/ec2/vm_run.go b/scenarios/aws/ec2/vm_run.go index 485ac3349..4d3fa6470 100644 --- a/scenarios/aws/ec2/vm_run.go +++ b/scenarios/aws/ec2/vm_run.go @@ -105,6 +105,14 @@ func VMRunWithDocker(ctx *pulumi.Context) error { agentOptions = append(agentOptions, dockeragentparams.WithImageTag(env.AgentVersion())) } + if env.GetJMX() { + agentOptions = append(agentOptions, dockeragentparams.WithJMX()) + } + + if env.GetFIPS() { + agentOptions = append(agentOptions, dockeragentparams.WithFIPS()) + } + if env.AgentUseFakeintake() { fakeIntakeOptions := []fakeintake.Option{} From 51cd5b6de8e4ce180fd2b8ed9c83060ca3524048 Mon Sep 17 00:00:00 2001 From: Vikentiy Fesunov Date: Wed, 18 Dec 2024 14:34:46 +0000 Subject: [PATCH 2/5] Fix order of suffixes The image name is `foo-fips-jmx`. `-fips` must be added to the suffix first, thus it's defer must come last. --- components/datadog/agent/docker.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/components/datadog/agent/docker.go b/components/datadog/agent/docker.go index 6d9008166..93d2fdcfb 100644 --- a/components/datadog/agent/docker.go +++ b/components/datadog/agent/docker.go @@ -127,17 +127,17 @@ func dockerAgentComposeManifest(agentImagePath string, apiKey pulumi.StringInput } func defaultAgentParams(params *dockeragentparams.Params) { - defer func(p *dockeragentparams.Params) { - if p.FIPS { - p.FullImagePath += "-fips" - } - }(params) // After setting params.FullImagePath check if you need to use JMX Docker image defer func(p *dockeragentparams.Params) { if p.JMX { p.FullImagePath = fmt.Sprintf("%s-jmx", p.FullImagePath) } }(params) + defer func(p *dockeragentparams.Params) { + if p.FIPS { + p.FullImagePath += "-fips" + } + }(params) if params.FullImagePath != "" { return From 24bf170f28a36deca72cf94a4b9fdf2404c2673b Mon Sep 17 00:00:00 2001 From: Vickenty Fesunov Date: Thu, 19 Dec 2024 12:50:35 +0100 Subject: [PATCH 3/5] Update common/config/environment.go Co-authored-by: pducolin <45568537+pducolin@users.noreply.github.com> --- common/config/environment.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/common/config/environment.go b/common/config/environment.go index 99eef08e0..e221def8c 100644 --- a/common/config/environment.go +++ b/common/config/environment.go @@ -433,10 +433,10 @@ func (e *CommonEnvironment) GetIntWithDefault(config *sdkconfig.Config, paramNam return defaultValue } -func (e *CommonEnvironment) GetFIPS() bool { - return e.GetBoolWithDefault(e.AgentConfig, DDAgentJMX, false) +func (e *CommonEnvironment) AgentFIPS() bool { + return e.GetBoolWithDefault(e.AgentConfig, DDAgentFIPS, false) } -func (e *CommonEnvironment) GetJMX() bool { - return e.GetBoolWithDefault(e.AgentConfig, DDAgentFIPS, false) +func (e *CommonEnvironment) AgentJMX() bool { + return e.GetBoolWithDefault(e.AgentConfig, DDAgentJMX, false) } From 3ac0e0e3408d958f0d45e3401f9fdfd9abcb2ef5 Mon Sep 17 00:00:00 2001 From: Vikentiy Fesunov Date: Thu, 19 Dec 2024 12:04:14 +0000 Subject: [PATCH 4/5] Update getter names --- scenarios/aws/ec2/vm_run.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scenarios/aws/ec2/vm_run.go b/scenarios/aws/ec2/vm_run.go index 4d3fa6470..23935c6ce 100644 --- a/scenarios/aws/ec2/vm_run.go +++ b/scenarios/aws/ec2/vm_run.go @@ -105,11 +105,11 @@ func VMRunWithDocker(ctx *pulumi.Context) error { agentOptions = append(agentOptions, dockeragentparams.WithImageTag(env.AgentVersion())) } - if env.GetJMX() { + if env.AgentJMX() { agentOptions = append(agentOptions, dockeragentparams.WithJMX()) } - if env.GetFIPS() { + if env.AgentFIPS() { agentOptions = append(agentOptions, dockeragentparams.WithFIPS()) } From 9481ff47deacc54fd888ed2baf909baff2947d77 Mon Sep 17 00:00:00 2001 From: Vikentiy Fesunov Date: Fri, 20 Dec 2024 13:37:02 +0000 Subject: [PATCH 5/5] Combine defers --- components/datadog/agent/docker.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/components/datadog/agent/docker.go b/components/datadog/agent/docker.go index 93d2fdcfb..7f82a452f 100644 --- a/components/datadog/agent/docker.go +++ b/components/datadog/agent/docker.go @@ -128,15 +128,13 @@ func dockerAgentComposeManifest(agentImagePath string, apiKey pulumi.StringInput func defaultAgentParams(params *dockeragentparams.Params) { // After setting params.FullImagePath check if you need to use JMX Docker image - defer func(p *dockeragentparams.Params) { - if p.JMX { - p.FullImagePath = fmt.Sprintf("%s-jmx", p.FullImagePath) - } - }(params) defer func(p *dockeragentparams.Params) { if p.FIPS { p.FullImagePath += "-fips" } + if p.JMX { + p.FullImagePath = fmt.Sprintf("%s-jmx", p.FullImagePath) + } }(params) if params.FullImagePath != "" {