From 4965219872709fe15811d8453f06720cbed71e71 Mon Sep 17 00:00:00 2001
From: Ben Ramsey <ben@benramsey.com>
Date: Wed, 1 Mar 2023 14:58:28 -0600
Subject: [PATCH] Add layer for Datadog extensions

Closes #35
---
 Readme.md                  |  5 +++++
 docs/datadog.md            | 37 +++++++++++++++++++++++++++++++++++++
 layers/datadog/Dockerfile  | 32 ++++++++++++++++++++++++++++++++
 layers/datadog/config.json |  7 +++++++
 layers/datadog/test.php    |  8 ++++++++
 5 files changed, 89 insertions(+)
 create mode 100644 docs/datadog.md
 create mode 100644 layers/datadog/Dockerfile
 create mode 100644 layers/datadog/config.json
 create mode 100644 layers/datadog/test.php

diff --git a/Readme.md b/Readme.md
index 84b4703c..82a4c801 100644
--- a/Readme.md
+++ b/Readme.md
@@ -44,6 +44,7 @@ functions:
 | Blackfire          | `${bref-extra:blackfire-php-81}`      |
 | Calendar           | `${bref-extra:calendar-php-81}`       |
 | Cassandra          | `${bref-extra:cassandra-php-81}`      |
+| Datadog            | `${bref-extra:datadog-php-81}`        |
 | Decimal            | `${bref-extra:decimal-php-81}`        |
 | DS                 | `${bref-extra:ds-php-81}`             |
 | Elastic APM        | `${bref-extra:elastic-apm-php-81}`    |
@@ -136,6 +137,10 @@ in your `serverless.yaml` in order to tell unixODBC to load the required ini fil
 
 Read [the New Relic tutorial](docs/newrelic.md).
 
+### Datadog
+
+Read [the notes on configuring Datadog extensions](docs/datadog.md).
+
 ## Docker images
 
 There are Docker images for every layer. They are updated on every push to master
diff --git a/docs/datadog.md b/docs/datadog.md
new file mode 100644
index 00000000..1d2a5293
--- /dev/null
+++ b/docs/datadog.md
@@ -0,0 +1,37 @@
+# Configuring Datadog extensions
+
+This layer provides two Datadog extensions:
+
+- `ddtrace.so` for application performance monitoring (APM)
+- `ddappsec.so` for application security management (ASM)
+
+The [Continous Profiler extension][] is not available on serverless platforms.
+
+The _ddtrace_ extension is enabled by default, and the [INI settings][] for the
+extension are set to their default values.
+
+To enable the _ddappsec_ extension, follow the [Bref documentation][] to create
+a custom PHP INI file. For example, you might create a file in your project at
+`php/conf.d/datadog.ini`. To this INI file, add the following line:
+
+```ini
+extension=/opt/bref-extra/ddappsec.so
+```
+
+As an alternative, you may pass the environment variable `DD_APPSEC_ENABLED=true`
+to your application. See [PHP Getting Started with ASM][] for more details.
+
+If you wish to configure any of the INI settings, check the Datadog
+documentation for [Configuring the PHP Tracing Library][ini settings]. You may
+pass many of the settings to your application through environment variables, or
+you may configure them using a custom PHP INI file with Bref, as described
+above.
+
+See the [Datadog documentation][] for more information about serverless
+monitoring for AWS Lambda.
+
+[continous profiler extension]: https://docs.datadoghq.com/profiler/enabling/php/
+[ini settings]: https://docs.datadoghq.com/tracing/trace_collection/library_config/php/
+[bref documentation]: https://bref.sh/docs/environment/php.html
+[php getting started with asm]: https://docs.datadoghq.com/security/application_security/getting_started/php/
+[datadog documentation]: https://docs.datadoghq.com/serverless/aws_lambda
diff --git a/layers/datadog/Dockerfile b/layers/datadog/Dockerfile
new file mode 100644
index 00000000..3d9cefa8
--- /dev/null
+++ b/layers/datadog/Dockerfile
@@ -0,0 +1,32 @@
+ARG PHP_VERSION
+FROM bref/build-php-$PHP_VERSION:1.7.14 AS ext
+
+ENV DDTRACE_BUILD_DIR=${BUILD_DIR}/ddtrace
+
+RUN set -xe; \
+    mkdir -p ${DDTRACE_BUILD_DIR}; \
+    curl -Ls -o ${DDTRACE_BUILD_DIR}/datadog-setup.php https://github.com/DataDog/dd-trace-php/releases/latest/download/datadog-setup.php
+
+WORKDIR ${DDTRACE_BUILD_DIR}
+
+RUN php datadog-setup.php --php-bin=all
+
+RUN cp "$(php-config --extension-dir)/ddtrace.so" /tmp/ddtrace.so
+RUN echo 'extension=/opt/bref-extra/ddtrace.so' > /tmp/ext.ini
+
+FROM scratch
+
+COPY --from=ext /tmp/ddtrace.so /opt/bref-extra/ddtrace.so
+COPY --from=ext /tmp/ext.ini /opt/bref/etc/php/conf.d/98-ddtrace.ini
+
+# This adds the Datadog Agent to the layer.
+# Refer to https://gallery.ecr.aws/datadog/lambda-extension
+COPY --from=public.ecr.aws/datadog/lambda-extension:latest /opt/extensions/ /opt/extensions
+
+ENV DD_AGENT_HOST=127.0.0.1
+ENV DD_APM_ENABLED=1
+ENV DD_LOG_LEVEL=info
+ENV DD_SITE=datadoghq.com
+ENV DD_TRACE_CLI_ENABLED=0
+ENV DD_TRACE_DEBUG=0
+ENV DD_TRACE_ENABLED=1
diff --git a/layers/datadog/config.json b/layers/datadog/config.json
new file mode 100644
index 00000000..a5a35316
--- /dev/null
+++ b/layers/datadog/config.json
@@ -0,0 +1,7 @@
+{
+    "php": [
+        "80",
+        "81",
+        "82"
+    ]
+}
diff --git a/layers/datadog/test.php b/layers/datadog/test.php
new file mode 100644
index 00000000..5168713c
--- /dev/null
+++ b/layers/datadog/test.php
@@ -0,0 +1,8 @@
+<?php
+
+if (!function_exists($func = '\DDTrace\trace_method')) {
+    echo sprintf('FAIL: Function "%s" does not exist.', $func).PHP_EOL;
+    exit(1);
+}
+
+exit(0);