only override ssm endpoint url in commercial fips

Author: shreyamalpani

datadog_lambda/api.py

@@ -94,7 +94,7 @@ def get_api_key() -> str:
         # SSM endpoints: https://docs.aws.amazon.com/general/latest/gr/ssm.html
         fips_endpoint = (
             f"https://ssm-fips.{LAMBDA_REGION}.amazonaws.com"
-            if config.fips_mode_enabled
+            if config.fips_mode_enabled and not config.is_gov_region
             else None
         )
         ssm_client = _boto3_client("ssm", endpoint_url=fips_endpoint)

tests/test_api.py

@@ -96,13 +96,33 @@ def test_ssm_fips_endpoint(self, mock_boto3_client):
         }
         mock_boto3_client.return_value = mock_client
 
+        os.environ["AWS_REGION"] = "us-east-1"
+        os.environ["DD_API_KEY_SSM_NAME"] = "test-ssm-param"
+
+        api_key = api.get_api_key()
+
+        mock_boto3_client.assert_called_with(
+            "ssm", endpoint_url="https://ssm-fips.us-east-1.amazonaws.com"
+        )
+        self.assertEqual(api_key, "test-api-key")
+
+    @patch("datadog_lambda.config.Config.fips_mode_enabled", True)
+    @patch("datadog_lambda.config.Config.is_gov_region", True)
+    @patch("botocore.session.Session.create_client")
+    def test_ssm_gov_endpoint(self, mock_boto3_client):
+        mock_client = MagicMock()
+        mock_client.get_parameter.return_value = {
+            "Parameter": {"Value": "test-api-key"}
+        }
+        mock_boto3_client.return_value = mock_client
+
         os.environ["AWS_REGION"] = "us-gov-west-1"
         os.environ["DD_API_KEY_SSM_NAME"] = "test-ssm-param"
 
         api_key = api.get_api_key()
 
         mock_boto3_client.assert_called_with(
-            "ssm", endpoint_url="https://ssm-fips.us-gov-west-1.amazonaws.com"
+            "ssm", endpoint_url=None
         )
         self.assertEqual(api_key, "test-api-key")