From 91fc3ca0c92bda0b3d45832e62319ff7ffe6dcd0 Mon Sep 17 00:00:00 2001
From: Raymond Zhao <raymond.zhao@datadoghq.com>
Date: Tue, 25 Feb 2025 18:38:13 +0000
Subject: [PATCH] Add FIPS TODO

Signed-off-by: Raymond Zhao <raymond.zhao@datadoghq.com>
---
 .../src/destinations/datadog/common/proxy.rs  | 26 +++++++++++--------
 lib/saluki-io/src/net/client/http/client.rs   |  4 +++
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/lib/saluki-components/src/destinations/datadog/common/proxy.rs b/lib/saluki-components/src/destinations/datadog/common/proxy.rs
index 3dae39c3..b16db653 100644
--- a/lib/saluki-components/src/destinations/datadog/common/proxy.rs
+++ b/lib/saluki-components/src/destinations/datadog/common/proxy.rs
@@ -16,25 +16,29 @@ pub struct ProxyConfiguration {
 }
 
 impl ProxyConfiguration {
-    /// Creates the list of proxies.
+    /// Builds the configured proxies.
+    ///
+    /// # Errors
+    ///
+    /// If the configured proxy URLs aree invalid, an error is returned.
     pub fn build(&self) -> Result<Vec<Proxy>, GenericError> {
         let mut proxies = Vec::new();
         if let Some(url) = &self.http_server {
-            proxies.push(self.new_proxy(url, Intercept::Http)?);
+            proxies.push(new_proxy(url, Intercept::Http)?);
         }
         if let Some(url) = &self.https_server {
-            proxies.push(self.new_proxy(url, Intercept::Https)?);
+            proxies.push(new_proxy(url, Intercept::Https)?);
         }
         Ok(proxies)
     }
+}
 
-    fn new_proxy(&self, proxy_url: &str, intercept: Intercept) -> Result<Proxy, GenericError> {
-        let url = Url::parse(proxy_url)?;
-        let mut proxy = Proxy::new(intercept, url.as_str().parse()?);
-        if let Some(password) = url.password() {
-            let username = url.username();
-            proxy.set_authorization(Authorization::basic(username, password));
-        }
-        Ok(proxy)
+fn new_proxy(proxy_url: &str, intercept: Intercept) -> Result<Proxy, GenericError> {
+    let url = Url::parse(proxy_url)?;
+    let mut proxy = Proxy::new(intercept, url.as_str().parse()?);
+    if let Some(password) = url.password() {
+        let username = url.username();
+        proxy.set_authorization(Authorization::basic(username, password));
     }
+    Ok(proxy)
 }
diff --git a/lib/saluki-io/src/net/client/http/client.rs b/lib/saluki-io/src/net/client/http/client.rs
index ad8253b5..1289d05b 100644
--- a/lib/saluki-io/src/net/client/http/client.rs
+++ b/lib/saluki-io/src/net/client/http/client.rs
@@ -263,6 +263,10 @@ impl<P> HttpClientBuilder<P> {
     {
         let tls_config = self.tls_builder.build()?;
         let connector = self.connector_builder.build(tls_config);
+        // TODO(fips): Look into updating `hyper-proxy2` to use the provided
+        // connector for establishing the connection to the proxy itself, even
+        // when the proxy is at an HTTPS URL, to ensure our desired TLS stack
+        // is being used.
         let mut proxy_connector = hyper_proxy2::ProxyConnector::new(connector)?;
         if let Some(proxies) = &self.proxies {
             for proxy in proxies {