feat: Abort instrumenting Lambda if runtime is unsupported (#348)

Author: lym953

src/datadog-lambda.ts

@@ -86,7 +86,7 @@ export class DatadogLambda extends Construct {
       }
 
       if (baseProps.addLayers) {
-        applyLayers(
+        const errors = applyLayers(
           this.scope,
           region,
           lambdaFunction,
@@ -96,16 +96,28 @@ export class DatadogLambda extends Construct {
           this.props.dotnetLayerVersion,
           this.props.useLayersFromAccount,
         );
+        if (errors.length > 0) {
+          log.warn(
+            `Failed to apply layers to the Lambda function ${lambdaFunction.functionName}. Skipping instrumenting it.`,
+          );
+          continue;
+        }
       }
 
       if (baseProps.extensionLayerVersion !== undefined) {
-        applyExtensionLayer(
+        const errors = applyExtensionLayer(
           this.scope,
           region,
           lambdaFunction,
           baseProps.extensionLayerVersion,
           this.props.useLayersFromAccount,
         );
+        if (errors.length > 0) {
+          log.warn(
+            `Failed to apply extention layer to the Lambda function ${lambdaFunction.functionName}. Skipping instrumenting it.`,
+          );
+          continue;
+        }
       }
 
       if (baseProps.redirectHandler) {

src/layer.ts

@@ -42,7 +42,9 @@ export function applyLayers(
   const isARM = lam.architecture?.dockerPlatform === Architecture.ARM_64.dockerPlatform;
 
   if (lambdaRuntimeType === undefined || lambdaRuntimeType === RuntimeType.UNSUPPORTED) {
-    log.debug(`Unsupported runtime: ${runtime}`);
+    const error = `Unsupported runtime: ${runtime}`;
+    log.warn(error);
+    errors.push(error);
     return errors;
   }
 
@@ -111,7 +113,9 @@ export function applyExtensionLayer(
   const accountId = useLayersFromAccount;
 
   if (lambdaRuntimeType === undefined || lambdaRuntimeType === RuntimeType.UNSUPPORTED) {
-    log.debug(`Unsupported runtime: ${runtime}`);
+    const error = `Unsupported runtime: ${runtime}`;
+    log.warn(error);
+    errors.push(error);
     return errors;
   }
 

test/datadog-lambda.spec.ts

@@ -465,6 +465,7 @@ describe("addLambdaFunctions", () => {
       },
     });
   });
+
   it("doesn't give lambdas secret read access to the given apiKeySecretArn if grantSecretReadAccess is false", () => {
     const app = new App();
     const stack = new Stack(app, "stack");
@@ -485,6 +486,32 @@ describe("addLambdaFunctions", () => {
     datadogLambda.addLambdaFunctions([hello], stack);
     Template.fromStack(stack).resourceCountIs("AWS::IAM::Policy", 0);
   });
+
+  it("doesn't instrument the lambda function if Node version is unresolved", () => {
+    const app = new App();
+    const stack = new Stack(app, "stack");
+    const hello = new lambda.Function(stack, "HelloHandler", {
+      // unresolved Node runtime. Its name is like '${Token[TOKEN.330]}'.
+      runtime: lambda.determineLatestNodeRuntime(stack),
+      code: lambda.Code.fromInline("test"),
+      handler: "hello.handler",
+    });
+    const datadogLambda = new DatadogLambda(stack, "Datadog", {
+      nodeLayerVersion: NODE_LAYER_VERSION,
+      extensionLayerVersion: EXTENSION_LAYER_VERSION,
+      addLayers: true,
+      apiKeySecretArn: "arn:aws:secretsmanager:sa-east-1:123:secret:test-key",
+      enableDatadogTracing: false,
+      flushMetricsToLogs: false,
+      logLevel: "debug",
+      grantSecretReadAccess: false,
+      forwarderArn: "forwarder-arn",
+    });
+    datadogLambda.addLambdaFunctions([hello], stack);
+    Template.fromStack(stack).resourceCountIs("AWS::Logs::SubscriptionFilter", 0);
+    const lambdaFunction = Object.values(Template.fromStack(stack).findResources("AWS::Lambda::Function"))[0];
+    expect(lambdaFunction.Properties.hasOwnProperty("Tags")).toBe(false);
+  });
 });
 
 describe("redirectHandler", () => {

test/layer.spec.ts

@@ -264,7 +264,8 @@ describe("applyLayers", () => {
     Template.fromStack(stack).hasResourceProperties("AWS::Lambda::Function", {
       Layers: Match.absent(),
     });
-    expect(errors.length).toEqual(0);
+    expect(errors.length).toEqual(1);
+    expect(errors[0]).toEqual("Unsupported runtime: go1.x");
   });
 
   it("doesn't add layer to container image Lambda without extension or layer versions", () => {