chore: we need to specify a provider

Author: apiarian-datadog

bottlecap-run/runBottlecap.sh

@@ -1,23 +1,47 @@
 #!/bin/bash
 
 set -ex
-arch=$(uname -a)
-cd ../bottlecap
-# build bottlecap in debug mode
-if (echo $arch | grep -q "Darwin"); then
-    PATH=/usr/bin:$PATH cargo zigbuild --target=aarch64-unknown-linux-gnu
-    build_path=../bottlecap/target/aarch64-unknown-linux-gnu/debug/bottlecap
+
+# Setup cleanup trap to ensure docker container is stopped and removed even if script is interrupted
+cleanup() {
+  if [ -n "${docker_name}" ]; then
+    echo "Cleaning up Docker container..."
+    docker stop "${docker_name}" 2>/dev/null || true
+    docker rm "${docker_name}" 2>/dev/null || true
+  fi
+}
+
+# Register trap for EXIT, INT (Ctrl+C), TERM, and ERR
+trap cleanup EXIT INT TERM ERR
+
+if [ -z "$PREBUILT_BUILD_PATH" ]; then
+    cd ../bottlecap
+    arch=$(uname -a)
+    # build bottlecap in debug mode
+    if (echo $arch | grep -q "Darwin"); then
+        PATH=/usr/bin:$PATH cargo zigbuild --target=aarch64-unknown-linux-gnu
+        build_path=../bottlecap/target/aarch64-unknown-linux-gnu/debug/bottlecap
+    else
+        cargo build
+        build_path=../bottlecap/target/debug/bottlecap
+    fi
+    cd -
+
 else
-    cargo build
-    build_path=../bottlecap/target/debug/bottlecap
+    echo "using a prebuilt bottlecap from $PREBUILT_BUILD_PATH"
+    build_path="$PREBUILT_BUILD_PATH"
 fi
-cd -
 
 # run a hello world function in Lambda RIE (https://github.com/aws/aws-lambda-runtime-interface-emulator)
 # the lambda_extension binary is copied to /opt/extensions
 docker_name=$(docker create \
   --publish 9000:8080 \
   -e DD_API_KEY=XXX \
+  -e DD_SERVERLESS_FLUSH_STRATEGY='periodically,1' \
+  -e DD_LOG_LEVEL=debug \
+  -e RUST_BACKTRACE=full \
+  -e DD_ENV=dev \
+  -e DD_VERSION=1 \
   "public.ecr.aws/lambda/nodejs:20" "index.handler")
 echo -e 'export const handler = async () => {\n\tconsole.log("Hello world!");\n};' > /tmp/index.mjs
 docker cp "/tmp/index.mjs" "${docker_name}:/var/task/index.mjs"
@@ -26,5 +50,3 @@ docker exec "${docker_name}" mkdir -p /opt/extensions
 docker cp "${build_path}" "${docker_name}:/opt/extensions/datadog-agent"
 curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d '{}'
 docker logs "${docker_name}"                                             
-docker stop "${docker_name}" 
-docker rm "${docker_name}" 

bottlecap/Cargo.lock

@@ -75,7 +75,7 @@ fips = [
     "ddcommon/fips",
     "datadog-trace-utils/fips",
     "dogstatsd/fips",
-    "reqwest/rustls-tls-no-provider",
+    "reqwest/rustls-tls-native-roots-no-provider",
     "rustls/fips",
 ]
 force_fallback = []

bottlecap/Cargo.toml

@@ -87,6 +87,26 @@ fn log_fips_status() {
     debug!("FIPS mode is disabled");
 }
 
+/// Sets up the client provider for TLS operations.
+/// In FIPS mode, this installs the AWS-LC crypto provider.
+/// In non-FIPS mode, this is a no-op.
+#[cfg(feature = "fips")]
+fn prepare_client_provider() -> Result<()> {
+    rustls::crypto::CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider())
+        .map_err(|e| {
+            Error::new(
+                std::io::ErrorKind::InvalidData,
+                format!("Failed to set up crypto provider: {e:?}"),
+            )
+        })
+}
+
+#[cfg(not(feature = "fips"))]
+fn prepare_client_provider() -> Result<()> {
+    // No-op in non-FIPS mode
+    Ok(())
+}
+
 #[derive(Clone, Deserialize)]
 #[serde(rename_all = "camelCase")]
 struct RegisterResponse {
@@ -206,6 +226,7 @@ async fn main() -> Result<()> {
     log_fips_status();
     let version_without_next = EXTENSION_VERSION.split('-').next().unwrap_or("NA");
     debug!("Starting Datadog Extension {version_without_next}");
+    prepare_client_provider()?;
     let client = Client::builder().no_proxy().build().map_err(|e| {
         Error::new(
             std::io::ErrorKind::InvalidData,