From 17157387c42a69a6296e05a32283e5d91eb90a9f Mon Sep 17 00:00:00 2001 From: Aleksandr Pasechnik Date: Mon, 28 Apr 2025 12:42:36 -0400 Subject: [PATCH 1/5] feat: [SVLS-6242] FIPSish client builder for reqwest --- Cargo.lock | 17 +++++++ crates/dogstatsd/Cargo.toml | 5 ++- crates/dogstatsd/src/datadog.rs | 8 ++-- crates/dogstatsd/src/fips.rs | 79 +++++++++++++++++++++++++++++++++ crates/dogstatsd/src/lib.rs | 1 + 5 files changed, 106 insertions(+), 4 deletions(-) create mode 100644 crates/dogstatsd/src/fips.rs diff --git a/Cargo.lock b/Cargo.lock index 561d6e8b..05ebbde0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -272,12 +272,27 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" +[[package]] +name = "aws-lc-fips-sys" +version = "0.13.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d9c2e952a1f57e8cbc78b058a968639e70c4ce8b9c0a5e6363d4e5670eed795" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", + "regex", +] + [[package]] name = "aws-lc-rs" version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19b756939cb2f8dc900aa6dcd505e6e2428e9cae7ff7b028c49e3946efa70878" dependencies = [ + "aws-lc-fips-sys", "aws-lc-sys", "zeroize", ] @@ -1019,6 +1034,8 @@ dependencies = [ "protobuf", "regex", "reqwest", + "rustls", + "rustls-native-certs 0.8.1", "serde", "serde_json", "thiserror 1.0.69", diff --git a/crates/dogstatsd/Cargo.toml b/crates/dogstatsd/Cargo.toml index 6caa862f..38059b20 100644 --- a/crates/dogstatsd/Cargo.toml +++ b/crates/dogstatsd/Cargo.toml @@ -24,6 +24,9 @@ tokio-util = { version = "0.7.11", default-features = false } tracing = { version = "0.1.40", default-features = false } regex = { version = "1.10.6", default-features = false } zstd = { version = "0.13.3", default-features = false } +rustls = { version = "0.23.18", default-features = false, features = ["fips"], optional = true } +rustls-native-certs = { version = "0.8.1", optional = true } + [dev-dependencies] mockito = { version = "1.5.0", default-features = false } @@ -32,4 +35,4 @@ tracing-test = { version = "0.2.5", default-features = false } [features] default = [ "reqwest/rustls-tls" ] -fips = [ "reqwest/rustls-tls-no-provider" ] +fips = [ "reqwest/rustls-tls-no-provider", "rustls", "rustls-native-certs" ] diff --git a/crates/dogstatsd/src/datadog.rs b/crates/dogstatsd/src/datadog.rs index 4bbcd13d..a4d10ccc 100644 --- a/crates/dogstatsd/src/datadog.rs +++ b/crates/dogstatsd/src/datadog.rs @@ -3,6 +3,7 @@ //!Types to serialize data into the Datadog API +use crate::fips::create_reqwest_client_builder; use crate::flusher::ShippingError; use datadog_protos::metrics::SketchPayload; use derive_more::{Display, Into}; @@ -12,6 +13,7 @@ use reqwest; use reqwest::{Client, Response}; use serde::{Serialize, Serializer}; use serde_json; +use std::error::Error; use std::io::Write; use std::sync::OnceLock; use std::time::Duration; @@ -285,12 +287,12 @@ pub enum RetryStrategy { LinearBackoff(u64, u64), // attempts, delay } -fn build_client(https_proxy: Option, timeout: Duration) -> Result { - let mut builder = Client::builder().timeout(timeout); +fn build_client(https_proxy: Option, timeout: Duration) -> Result> { + let mut builder = create_reqwest_client_builder()?.timeout(timeout); if let Some(proxy) = https_proxy { builder = builder.proxy(reqwest::Proxy::https(proxy)?); } - builder.build() + Ok(builder.build()?) } #[derive(Debug, Serialize, Clone, Copy)] diff --git a/crates/dogstatsd/src/fips.rs b/crates/dogstatsd/src/fips.rs new file mode 100644 index 00000000..96d33ee3 --- /dev/null +++ b/crates/dogstatsd/src/fips.rs @@ -0,0 +1,79 @@ +use reqwest::ClientBuilder; +use std::error::Error; +#[cfg(feature = "fips")] +use tracing::debug; + +// TODO: once we confirm that this does what we think it does we'll move it to a separate crate. +// for now going to copy the this code to bottlecap and make sure that all the clients we build do +// in fact do the fips thing right. + +/// Creates a reqwest client builder with TLS configuration. +/// When the "fips" feature is enabled, it uses a FIPS-compliant TLS configuration. +/// Otherwise, it uses reqwest's default rustls TLS implementation. +#[cfg(not(feature = "fips"))] +pub fn create_reqwest_client_builder() -> Result> { + // Just return the default builder with rustls TLS + Ok(reqwest::Client::builder().use_rustls_tls()) +} + +/// Creates a reqwest client builder with FIPS-compliant TLS configuration. +/// This version loads native root certificates and verifies FIPS compliance. +#[cfg(feature = "fips")] +pub fn create_reqwest_client_builder() -> Result> { + // Get the runtime crypto provider that should have been configured elsewhere in the application + let provider = + rustls::crypto::CryptoProvider::get_default().ok_or("No crypto provider configured")?; + + // Verify the provider is FIPS-compliant + if !provider.fips() { + return Err("Crypto provider is not FIPS-compliant".into()); + } + + // Create an empty root cert store + let mut root_cert_store = rustls::RootCertStore::empty(); + + // Load native certificates + let native_certs = rustls_native_certs::load_native_certs(); + + // Add the certificates to the store + let mut valid_count = 0; + + for cert in native_certs.certs { + match root_cert_store.add(cert) { + Ok(()) => valid_count += 1, + Err(err) => { + // Optionally log errors + debug!("Failed to parse certificate: {:?}", err); + } + } + } + + // Verify we have at least some valid certificates + if valid_count == 0 { + return Err("No valid certificates found in native root store".into()); + } + + // Configure TLS versions (FIPS typically requires TLS 1.2 or higher) + let versions = rustls::ALL_VERSIONS.to_vec(); + + // Build the client config + let config_builder = rustls::ClientConfig::builder_with_provider(provider.clone()) + .with_protocol_versions(&versions) + .map_err(|_| "Failed to set protocol versions")?; + + // Complete the configuration without client authentication + let config = config_builder + .with_root_certificates(root_cert_store) + .with_no_client_auth(); + + // Verify the final config is FIPS-compliant + if !config.fips() { + return Err("The final TLS configuration is not FIPS-compliant".into()); + } + debug!("Client Builder is in FIPS mode"); + + // Create the reqwest client builder with our FIPS-compliant TLS configuration + let client_builder = reqwest::Client::builder().use_preconfigured_tls(config); + + Ok(client_builder) +} diff --git a/crates/dogstatsd/src/lib.rs b/crates/dogstatsd/src/lib.rs index 4009db14..561a7c45 100644 --- a/crates/dogstatsd/src/lib.rs +++ b/crates/dogstatsd/src/lib.rs @@ -12,5 +12,6 @@ pub mod constants; pub mod datadog; pub mod dogstatsd; pub mod errors; +pub mod fips; pub mod flusher; pub mod metric; From 45247128bbde3bbf3e10a6f041fe2c554b6e83de Mon Sep 17 00:00:00 2001 From: Aleksandr Pasechnik Date: Tue, 29 Apr 2025 10:26:22 -0400 Subject: [PATCH 2/5] chore: move reqwest adapter to the new datadog-serverless-fips crate --- .github/workflows/cargo.yml | 9 +++++- Cargo.lock | 13 ++++++-- crates/datadog-serverless-fips/Cargo.toml | 17 +++++++++++ crates/datadog-serverless-fips/README.md | 3 ++ crates/datadog-serverless-fips/src/lib.rs | 4 +++ .../src/reqwest_adapter.rs} | 30 ++++--------------- crates/dogstatsd/Cargo.toml | 6 ++-- crates/dogstatsd/src/datadog.rs | 2 +- crates/dogstatsd/src/lib.rs | 1 - 9 files changed, 51 insertions(+), 34 deletions(-) create mode 100644 crates/datadog-serverless-fips/Cargo.toml create mode 100644 crates/datadog-serverless-fips/README.md create mode 100644 crates/datadog-serverless-fips/src/lib.rs rename crates/{dogstatsd/src/fips.rs => datadog-serverless-fips/src/reqwest_adapter.rs} (67%) diff --git a/.github/workflows/cargo.yml b/.github/workflows/cargo.yml index 6f24591d..28dd4e54 100644 --- a/.github/workflows/cargo.yml +++ b/.github/workflows/cargo.yml @@ -53,7 +53,14 @@ jobs: shell: bash run: chmod +x ./scripts/install-protoc.sh && ./scripts/install-protoc.sh $HOME - shell: bash - run: cargo clippy --workspace --all-features + run: | + if [[ "${{ inputs.runner }}" == "windows-2022" ]]; then + # we don't technially support the datadog-serverless-fips module on + # windows right now anyway, so let's set this so that the windows + # build doesn't fail. + export AWS_LC_FIPS_SYS_NO_ASM=1 + fi + cargo clippy --workspace --all-features build: name: Build diff --git a/Cargo.lock b/Cargo.lock index 05ebbde0..bccfcb37 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -773,6 +773,16 @@ dependencies = [ "tracing-subscriber", ] +[[package]] +name = "datadog-serverless-fips" +version = "0.1.0" +dependencies = [ + "reqwest", + "rustls", + "rustls-native-certs 0.8.1", + "tracing", +] + [[package]] name = "datadog-trace-agent" version = "0.1.0" @@ -1025,6 +1035,7 @@ name = "dogstatsd" version = "0.1.0" dependencies = [ "datadog-protos", + "datadog-serverless-fips", "ddsketch-agent", "derive_more", "fnv", @@ -1034,8 +1045,6 @@ dependencies = [ "protobuf", "regex", "reqwest", - "rustls", - "rustls-native-certs 0.8.1", "serde", "serde_json", "thiserror 1.0.69", diff --git a/crates/datadog-serverless-fips/Cargo.toml b/crates/datadog-serverless-fips/Cargo.toml new file mode 100644 index 00000000..994a60ba --- /dev/null +++ b/crates/datadog-serverless-fips/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "datadog-serverless-fips" +version = "0.1.0" +edition.workspace = true +license.workspace = true +homepage.workspace = true +repository.workspace = true + +[dependencies] +reqwest = { version = "0.12.4", features = ["json", "http2"], default-features = false } +rustls = { version = "0.23.18", default-features = false, features = ["fips"], optional = true } +rustls-native-certs = { version = "0.8.1", optional = true } +tracing = { version = "0.1.40", default-features = false } + +[features] +default = [ "reqwest/rustls-tls" ] +fips = [ "reqwest/rustls-tls-no-provider", "rustls", "rustls-native-certs" ] diff --git a/crates/datadog-serverless-fips/README.md b/crates/datadog-serverless-fips/README.md new file mode 100644 index 00000000..c6cd0400 --- /dev/null +++ b/crates/datadog-serverless-fips/README.md @@ -0,0 +1,3 @@ +# Datadog Serverless FIPS + +A package to support FIPS builds for serverless tools. Currently tested with the datadog-lambda-extension, but it may be useful in other environments. diff --git a/crates/datadog-serverless-fips/src/lib.rs b/crates/datadog-serverless-fips/src/lib.rs new file mode 100644 index 00000000..3e16bec6 --- /dev/null +++ b/crates/datadog-serverless-fips/src/lib.rs @@ -0,0 +1,4 @@ +// Copyright 2025-Present Datadog, Inc. https://www.datadoghq.com/ +// SPDX-License-Identifier: Apache-2.0 + +pub mod reqwest_adapter; diff --git a/crates/dogstatsd/src/fips.rs b/crates/datadog-serverless-fips/src/reqwest_adapter.rs similarity index 67% rename from crates/dogstatsd/src/fips.rs rename to crates/datadog-serverless-fips/src/reqwest_adapter.rs index 96d33ee3..a6b1100f 100644 --- a/crates/dogstatsd/src/fips.rs +++ b/crates/datadog-serverless-fips/src/reqwest_adapter.rs @@ -3,10 +3,6 @@ use std::error::Error; #[cfg(feature = "fips")] use tracing::debug; -// TODO: once we confirm that this does what we think it does we'll move it to a separate crate. -// for now going to copy the this code to bottlecap and make sure that all the clients we build do -// in fact do the fips thing right. - /// Creates a reqwest client builder with TLS configuration. /// When the "fips" feature is enabled, it uses a FIPS-compliant TLS configuration. /// Otherwise, it uses reqwest's default rustls TLS implementation. @@ -20,60 +16,44 @@ pub fn create_reqwest_client_builder() -> Result> /// This version loads native root certificates and verifies FIPS compliance. #[cfg(feature = "fips")] pub fn create_reqwest_client_builder() -> Result> { - // Get the runtime crypto provider that should have been configured elsewhere in the application + // Get the runtime crypto provider that should have been configured at the start of the + // application using something like rustls::crypto::default_fips_provider().install_default() let provider = rustls::crypto::CryptoProvider::get_default().ok_or("No crypto provider configured")?; - // Verify the provider is FIPS-compliant if !provider.fips() { return Err("Crypto provider is not FIPS-compliant".into()); } - // Create an empty root cert store let mut root_cert_store = rustls::RootCertStore::empty(); - - // Load native certificates let native_certs = rustls_native_certs::load_native_certs(); - - // Add the certificates to the store let mut valid_count = 0; - for cert in native_certs.certs { match root_cert_store.add(cert) { Ok(()) => valid_count += 1, Err(err) => { - // Optionally log errors debug!("Failed to parse certificate: {:?}", err); } } } - - // Verify we have at least some valid certificates if valid_count == 0 { return Err("No valid certificates found in native root store".into()); } - // Configure TLS versions (FIPS typically requires TLS 1.2 or higher) + // FIPS typically requires TLS 1.2 or higher let versions = rustls::ALL_VERSIONS.to_vec(); - - // Build the client config let config_builder = rustls::ClientConfig::builder_with_provider(provider.clone()) .with_protocol_versions(&versions) .map_err(|_| "Failed to set protocol versions")?; - // Complete the configuration without client authentication let config = config_builder .with_root_certificates(root_cert_store) .with_no_client_auth(); - // Verify the final config is FIPS-compliant if !config.fips() { return Err("The final TLS configuration is not FIPS-compliant".into()); } - debug!("Client Builder is in FIPS mode"); - - // Create the reqwest client builder with our FIPS-compliant TLS configuration - let client_builder = reqwest::Client::builder().use_preconfigured_tls(config); + debug!("Client builder is configured with FIPS."); - Ok(client_builder) + Ok(reqwest::Client::builder().use_preconfigured_tls(config)) } diff --git a/crates/dogstatsd/Cargo.toml b/crates/dogstatsd/Cargo.toml index 38059b20..68f88165 100644 --- a/crates/dogstatsd/Cargo.toml +++ b/crates/dogstatsd/Cargo.toml @@ -24,9 +24,7 @@ tokio-util = { version = "0.7.11", default-features = false } tracing = { version = "0.1.40", default-features = false } regex = { version = "1.10.6", default-features = false } zstd = { version = "0.13.3", default-features = false } -rustls = { version = "0.23.18", default-features = false, features = ["fips"], optional = true } -rustls-native-certs = { version = "0.8.1", optional = true } - +datadog-serverless-fips = { path = "../datadog-serverless-fips", default-features = false } [dev-dependencies] mockito = { version = "1.5.0", default-features = false } @@ -35,4 +33,4 @@ tracing-test = { version = "0.2.5", default-features = false } [features] default = [ "reqwest/rustls-tls" ] -fips = [ "reqwest/rustls-tls-no-provider", "rustls", "rustls-native-certs" ] +fips = [ "reqwest/rustls-tls-no-provider", "datadog-serverless-fips/fips" ] diff --git a/crates/dogstatsd/src/datadog.rs b/crates/dogstatsd/src/datadog.rs index a4d10ccc..c98fc659 100644 --- a/crates/dogstatsd/src/datadog.rs +++ b/crates/dogstatsd/src/datadog.rs @@ -3,9 +3,9 @@ //!Types to serialize data into the Datadog API -use crate::fips::create_reqwest_client_builder; use crate::flusher::ShippingError; use datadog_protos::metrics::SketchPayload; +use datadog_serverless_fips::reqwest_adapter::create_reqwest_client_builder; use derive_more::{Display, Into}; use protobuf::Message; use regex::Regex; diff --git a/crates/dogstatsd/src/lib.rs b/crates/dogstatsd/src/lib.rs index 561a7c45..4009db14 100644 --- a/crates/dogstatsd/src/lib.rs +++ b/crates/dogstatsd/src/lib.rs @@ -12,6 +12,5 @@ pub mod constants; pub mod datadog; pub mod dogstatsd; pub mod errors; -pub mod fips; pub mod flusher; pub mod metric; From 30f419f135085f4e62230e96f49b52d82cc6ada9 Mon Sep 17 00:00:00 2001 From: Aleksandr Pasechnik Date: Tue, 29 Apr 2025 13:00:47 -0400 Subject: [PATCH 3/5] chore: add clippy rule for reqwest::Client::builder --- clippy.toml | 3 +++ crates/datadog-serverless-fips/README.md | 13 +++++++++++-- .../datadog-serverless-fips/src/reqwest_adapter.rs | 6 +++++- 3 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 clippy.toml diff --git a/clippy.toml b/clippy.toml new file mode 100644 index 00000000..bc512ef7 --- /dev/null +++ b/clippy.toml @@ -0,0 +1,3 @@ +disallowed-methods = [ + { path = "reqwest::Client::builder", reason = "prefer the FIPS-compatible adapter", replacement = "datadog_serverless_fips::reqwest_adapter::create_reqwest_client_builder" }, +] diff --git a/crates/datadog-serverless-fips/README.md b/crates/datadog-serverless-fips/README.md index c6cd0400..070dc684 100644 --- a/crates/datadog-serverless-fips/README.md +++ b/crates/datadog-serverless-fips/README.md @@ -1,3 +1,12 @@ -# Datadog Serverless FIPS +# Datadog FIPS for Serverless -A package to support FIPS builds for serverless tools. Currently tested with the datadog-lambda-extension, but it may be useful in other environments. +A package to support FIPS builds for serverless tools. Currently tested with +the datadog-lambda-extension, but it may be useful in other environments. + +Please add the following to your `clippy.toml`: + +``` +disallowed-methods = [ + { path = "reqwest::Client::builder", reason = "prefer the FIPS-compatible adapter", replacement = "datadog_serverless_fips::reqwest_adapter::create_reqwest_client_builder" }, +] +``` diff --git a/crates/datadog-serverless-fips/src/reqwest_adapter.rs b/crates/datadog-serverless-fips/src/reqwest_adapter.rs index a6b1100f..375bf2fa 100644 --- a/crates/datadog-serverless-fips/src/reqwest_adapter.rs +++ b/crates/datadog-serverless-fips/src/reqwest_adapter.rs @@ -8,7 +8,9 @@ use tracing::debug; /// Otherwise, it uses reqwest's default rustls TLS implementation. #[cfg(not(feature = "fips"))] pub fn create_reqwest_client_builder() -> Result> { - // Just return the default builder with rustls TLS + // Just return the default builder with rustls TLS. This is the one place we should be okay + // to call reqwest::Client::builder(). + #[allow(clippy::disallowed_methods)] Ok(reqwest::Client::builder().use_rustls_tls()) } @@ -55,5 +57,7 @@ pub fn create_reqwest_client_builder() -> Result> } debug!("Client builder is configured with FIPS."); + // This is the one place that it is okay to call reqwest::Client::builder(). + #[allow(clippy::disallowed_methods)] Ok(reqwest::Client::builder().use_preconfigured_tls(config)) } From 5e97ef4f81343db4e8a40b9176dca10ac7f6c576 Mon Sep 17 00:00:00 2001 From: Aleksandr Pasechnik Date: Tue, 29 Apr 2025 13:06:03 -0400 Subject: [PATCH 4/5] chore: rename datadog-serverless-fips to datadog-fips --- .github/workflows/cargo.yml | 6 ++--- Cargo.lock | 22 +++++++++---------- clippy.toml | 2 +- .../Cargo.toml | 2 +- .../README.md | 2 +- .../src/lib.rs | 0 .../src/reqwest_adapter.rs | 0 crates/dogstatsd/Cargo.toml | 4 ++-- crates/dogstatsd/src/datadog.rs | 2 +- 9 files changed, 20 insertions(+), 20 deletions(-) rename crates/{datadog-serverless-fips => datadog-fips}/Cargo.toml (94%) rename crates/{datadog-serverless-fips => datadog-fips}/README.md (74%) rename crates/{datadog-serverless-fips => datadog-fips}/src/lib.rs (100%) rename crates/{datadog-serverless-fips => datadog-fips}/src/reqwest_adapter.rs (100%) diff --git a/.github/workflows/cargo.yml b/.github/workflows/cargo.yml index 28dd4e54..910e72e8 100644 --- a/.github/workflows/cargo.yml +++ b/.github/workflows/cargo.yml @@ -55,9 +55,9 @@ jobs: - shell: bash run: | if [[ "${{ inputs.runner }}" == "windows-2022" ]]; then - # we don't technially support the datadog-serverless-fips module on - # windows right now anyway, so let's set this so that the windows - # build doesn't fail. + # we don't technially support the datadog-fips crate on windows + # right now anyway, so let's set this so that the windows build + # doesn't fail. export AWS_LC_FIPS_SYS_NO_ASM=1 fi cargo clippy --workspace --all-features diff --git a/Cargo.lock b/Cargo.lock index bccfcb37..495e57fa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -743,6 +743,16 @@ version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476" +[[package]] +name = "datadog-fips" +version = "0.1.0" +dependencies = [ + "reqwest", + "rustls", + "rustls-native-certs 0.8.1", + "tracing", +] + [[package]] name = "datadog-protos" version = "0.1.0" @@ -773,16 +783,6 @@ dependencies = [ "tracing-subscriber", ] -[[package]] -name = "datadog-serverless-fips" -version = "0.1.0" -dependencies = [ - "reqwest", - "rustls", - "rustls-native-certs 0.8.1", - "tracing", -] - [[package]] name = "datadog-trace-agent" version = "0.1.0" @@ -1034,8 +1034,8 @@ dependencies = [ name = "dogstatsd" version = "0.1.0" dependencies = [ + "datadog-fips", "datadog-protos", - "datadog-serverless-fips", "ddsketch-agent", "derive_more", "fnv", diff --git a/clippy.toml b/clippy.toml index bc512ef7..63b1f336 100644 --- a/clippy.toml +++ b/clippy.toml @@ -1,3 +1,3 @@ disallowed-methods = [ - { path = "reqwest::Client::builder", reason = "prefer the FIPS-compatible adapter", replacement = "datadog_serverless_fips::reqwest_adapter::create_reqwest_client_builder" }, + { path = "reqwest::Client::builder", reason = "prefer the FIPS-compatible adapter", replacement = "datadog_fips::reqwest_adapter::create_reqwest_client_builder" }, ] diff --git a/crates/datadog-serverless-fips/Cargo.toml b/crates/datadog-fips/Cargo.toml similarity index 94% rename from crates/datadog-serverless-fips/Cargo.toml rename to crates/datadog-fips/Cargo.toml index 994a60ba..9758f41b 100644 --- a/crates/datadog-serverless-fips/Cargo.toml +++ b/crates/datadog-fips/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "datadog-serverless-fips" +name = "datadog-fips" version = "0.1.0" edition.workspace = true license.workspace = true diff --git a/crates/datadog-serverless-fips/README.md b/crates/datadog-fips/README.md similarity index 74% rename from crates/datadog-serverless-fips/README.md rename to crates/datadog-fips/README.md index 070dc684..cedeb06d 100644 --- a/crates/datadog-serverless-fips/README.md +++ b/crates/datadog-fips/README.md @@ -7,6 +7,6 @@ Please add the following to your `clippy.toml`: ``` disallowed-methods = [ - { path = "reqwest::Client::builder", reason = "prefer the FIPS-compatible adapter", replacement = "datadog_serverless_fips::reqwest_adapter::create_reqwest_client_builder" }, + { path = "reqwest::Client::builder", reason = "prefer the FIPS-compatible adapter", replacement = "datadog_fips::reqwest_adapter::create_reqwest_client_builder" }, ] ``` diff --git a/crates/datadog-serverless-fips/src/lib.rs b/crates/datadog-fips/src/lib.rs similarity index 100% rename from crates/datadog-serverless-fips/src/lib.rs rename to crates/datadog-fips/src/lib.rs diff --git a/crates/datadog-serverless-fips/src/reqwest_adapter.rs b/crates/datadog-fips/src/reqwest_adapter.rs similarity index 100% rename from crates/datadog-serverless-fips/src/reqwest_adapter.rs rename to crates/datadog-fips/src/reqwest_adapter.rs diff --git a/crates/dogstatsd/Cargo.toml b/crates/dogstatsd/Cargo.toml index 68f88165..73e07d3a 100644 --- a/crates/dogstatsd/Cargo.toml +++ b/crates/dogstatsd/Cargo.toml @@ -24,7 +24,7 @@ tokio-util = { version = "0.7.11", default-features = false } tracing = { version = "0.1.40", default-features = false } regex = { version = "1.10.6", default-features = false } zstd = { version = "0.13.3", default-features = false } -datadog-serverless-fips = { path = "../datadog-serverless-fips", default-features = false } +datadog-fips = { path = "../datadog-fips", default-features = false } [dev-dependencies] mockito = { version = "1.5.0", default-features = false } @@ -33,4 +33,4 @@ tracing-test = { version = "0.2.5", default-features = false } [features] default = [ "reqwest/rustls-tls" ] -fips = [ "reqwest/rustls-tls-no-provider", "datadog-serverless-fips/fips" ] +fips = [ "reqwest/rustls-tls-no-provider", "datadog-fips/fips" ] diff --git a/crates/dogstatsd/src/datadog.rs b/crates/dogstatsd/src/datadog.rs index c98fc659..ba1f7a12 100644 --- a/crates/dogstatsd/src/datadog.rs +++ b/crates/dogstatsd/src/datadog.rs @@ -4,8 +4,8 @@ //!Types to serialize data into the Datadog API use crate::flusher::ShippingError; +use datadog_fips::reqwest_adapter::create_reqwest_client_builder; use datadog_protos::metrics::SketchPayload; -use datadog_serverless_fips::reqwest_adapter::create_reqwest_client_builder; use derive_more::{Display, Into}; use protobuf::Message; use regex::Regex; From 9c573183d04f667c821031c031f2484af537aa40 Mon Sep 17 00:00:00 2001 From: Aleksandr Pasechnik Date: Tue, 29 Apr 2025 13:25:40 -0400 Subject: [PATCH 5/5] Update crates/datadog-fips/README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: jordan gonzález <30836115+duncanista@users.noreply.github.com> --- crates/datadog-fips/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crates/datadog-fips/README.md b/crates/datadog-fips/README.md index cedeb06d..090f4baf 100644 --- a/crates/datadog-fips/README.md +++ b/crates/datadog-fips/README.md @@ -1,7 +1,6 @@ # Datadog FIPS for Serverless -A package to support FIPS builds for serverless tools. Currently tested with -the datadog-lambda-extension, but it may be useful in other environments. +Crate which provides utils to build FIPS compliant components. Please add the following to your `clippy.toml`: