Add FIPS TODO

Signed-off-by: Raymond Zhao <[email protected]>
DataDog · Feb 25, 2025 · 91fc3ca · 91fc3ca
1 parent 41a242e
commit 91fc3ca
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 11 deletions.
diff --git a/lib/saluki-components/src/destinations/datadog/common/proxy.rs b/lib/saluki-components/src/destinations/datadog/common/proxy.rs
@@ -16,25 +16,29 @@ pub struct ProxyConfiguration {
 }
 
 impl ProxyConfiguration {
-    /// Creates the list of proxies.
+    /// Builds the configured proxies.
+    ///
+    /// # Errors
+    ///
+    /// If the configured proxy URLs aree invalid, an error is returned.
     pub fn build(&self) -> Result<Vec<Proxy>, GenericError> {
         let mut proxies = Vec::new();
         if let Some(url) = &self.http_server {
-            proxies.push(self.new_proxy(url, Intercept::Http)?);
+            proxies.push(new_proxy(url, Intercept::Http)?);
         }
         if let Some(url) = &self.https_server {
-            proxies.push(self.new_proxy(url, Intercept::Https)?);
+            proxies.push(new_proxy(url, Intercept::Https)?);
         }
         Ok(proxies)
     }
+}
 
-    fn new_proxy(&self, proxy_url: &str, intercept: Intercept) -> Result<Proxy, GenericError> {
-        let url = Url::parse(proxy_url)?;
-        let mut proxy = Proxy::new(intercept, url.as_str().parse()?);
-        if let Some(password) = url.password() {
-            let username = url.username();
-            proxy.set_authorization(Authorization::basic(username, password));
-        }
-        Ok(proxy)
+fn new_proxy(proxy_url: &str, intercept: Intercept) -> Result<Proxy, GenericError> {
+    let url = Url::parse(proxy_url)?;
+    let mut proxy = Proxy::new(intercept, url.as_str().parse()?);
+    if let Some(password) = url.password() {
+        let username = url.username();
+        proxy.set_authorization(Authorization::basic(username, password));
     }
+    Ok(proxy)
 }
diff --git a/lib/saluki-io/src/net/client/http/client.rs b/lib/saluki-io/src/net/client/http/client.rs
@@ -263,6 +263,10 @@ impl<P> HttpClientBuilder<P> {
     {
         let tls_config = self.tls_builder.build()?;
         let connector = self.connector_builder.build(tls_config);
+        // TODO(fips): Look into updating `hyper-proxy2` to use the provided
+        // connector for establishing the connection to the proxy itself, even
+        // when the proxy is at an HTTPS URL, to ensure our desired TLS stack
+        // is being used.
         let mut proxy_connector = hyper_proxy2::ProxyConnector::new(connector)?;
         if let Some(proxies) = &self.proxies {
             for proxy in proxies {