From 685769a66ac8b99def9884373319f84d5e0cd583 Mon Sep 17 00:00:00 2001 From: John Chrostek Date: Thu, 2 Apr 2026 19:43:42 -0400 Subject: [PATCH] feat: add DD_ORG_UUID to datadog-agent-config crate Adds the `DD_ORG_UUID` config field to the shared `datadog-agent-config` crate to support delegated AWS authentication. When set, consumers can use this field to auto-enable AWS credential-based auth instead of a static API key. Co-Authored-By: Claude Sonnet 4.6 (1M context) --- crates/datadog-agent-config/env.rs | 9 +++++++++ crates/datadog-agent-config/mod.rs | 4 ++++ crates/datadog-agent-config/yaml.rs | 1 + 3 files changed, 14 insertions(+) diff --git a/crates/datadog-agent-config/env.rs b/crates/datadog-agent-config/env.rs index f24d6be..b26033a 100644 --- a/crates/datadog-agent-config/env.rs +++ b/crates/datadog-agent-config/env.rs @@ -478,6 +478,11 @@ pub struct EnvConfig { /// The delay between two samples of the API Security schema collection, in seconds. #[serde(deserialize_with = "deserialize_optional_duration_from_seconds")] pub api_security_sample_delay: Option, + /// @env `DD_ORG_UUID` + /// + /// The Datadog organization UUID. When set, delegated AWS auth is auto-enabled. + #[serde(deserialize_with = "deserialize_optional_string")] + pub org_uuid: Option, } #[allow(clippy::too_many_lines)] @@ -680,6 +685,7 @@ fn merge_config(config: &mut Config, env_config: &EnvConfig) { merge_option_to_value!(config, env_config, appsec_waf_timeout); merge_option_to_value!(config, env_config, api_security_enabled); merge_option_to_value!(config, env_config, api_security_sample_delay); + merge_string!(config, dd_org_uuid, env_config, org_uuid); } #[derive(Debug, PartialEq, Clone, Copy)] @@ -880,6 +886,7 @@ mod tests { "arn:aws:ssm:us-east-1:123:parameter/key", ), ("DD_APPSEC_RULES", "/opt/custom-rules.json"), + ("DD_ORG_UUID", "test-org-uuid"), ]; // Programmatic guard: count `pub ` fields in the EnvConfig struct from @@ -955,6 +962,7 @@ mod tests { Some("keep".to_string()); expected.otlp_config_metrics_summaries_mode = Some("noquantiles".to_string()); expected.appsec_rules = Some("/opt/custom-rules.json".to_string()); + expected.dd_org_uuid = "test-org-uuid".to_string(); assert_eq!(config, expected); Ok(()) @@ -1282,6 +1290,7 @@ mod tests { appsec_waf_timeout: Duration::from_secs(1), api_security_enabled: false, api_security_sample_delay: Duration::from_secs(60), + dd_org_uuid: String::default(), }; assert_eq!(config, expected_config); diff --git a/crates/datadog-agent-config/mod.rs b/crates/datadog-agent-config/mod.rs index 6fc858a..65bd4f6 100644 --- a/crates/datadog-agent-config/mod.rs +++ b/crates/datadog-agent-config/mod.rs @@ -368,6 +368,8 @@ pub struct Config { pub appsec_waf_timeout: Duration, pub api_security_enabled: bool, pub api_security_sample_delay: Duration, + + pub dd_org_uuid: String, } impl Default for Config { @@ -483,6 +485,8 @@ impl Default for Config { appsec_waf_timeout: Duration::from_millis(5), api_security_enabled: true, api_security_sample_delay: Duration::from_secs(30), + + dd_org_uuid: String::default(), } } } diff --git a/crates/datadog-agent-config/yaml.rs b/crates/datadog-agent-config/yaml.rs index 06b7851..901712c 100644 --- a/crates/datadog-agent-config/yaml.rs +++ b/crates/datadog-agent-config/yaml.rs @@ -1245,6 +1245,7 @@ api_security_sample_delay: 60 # Seconds dogstatsd_so_rcvbuf: Some(1_048_576), dogstatsd_buffer_size: Some(65507), dogstatsd_queue_size: Some(2048), + dd_org_uuid: String::default(), }; // Assert that