Skip to content

Commit

Permalink
address comments
Browse files Browse the repository at this point in the history
  • Loading branch information
skpratt committed Jun 8, 2023
1 parent c40aef1 commit 9d82cbd
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 14 deletions.
19 changes: 12 additions & 7 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -133,10 +133,14 @@ jobs:
run: |
# Uninstall standard Go and use microsoft/go instead
rm -rf /home/runner/actions-runner/_work/_tool/go
curl https://aka.ms/golang/release/latest/go1.20.linux-amd64.tar.gz -Lo go1.20.linux-amd64.tar.gz
tar -C $HOME -xf go1.20.linux-amd64.tar.gz
curl https://aka.ms/golang/release/latest/go${{ matrix.go }}-1.linux-amd64.tar.gz -Lo go${{ matrix.go }}.linux-amd64.tar.gz
tar -C $HOME -xf go${{ matrix.go }}.linux-amd64.tar.gz
chmod +x $HOME/go/bin
export PATH=$HOME/go/bin:$PATH
if [ $(which go) != "$HOME/go/bin/go" ]; then
echo "Unable to verify microsoft/go toolchain"
exit 1
fi
- name: Install cross-compiler for FIPS on arm
if: ${{ matrix.fips == '.fips1402' && matrix.goarch == 'arm64' }}
Expand Down Expand Up @@ -257,11 +261,11 @@ jobs:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_linux_${{ matrix.goarch }}.zip
path: control-plane/dist/cni/linux/${{ matrix.goarch }}
name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos}}_${{ matrix.goarch }}.zip
path: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }}
- name: extract consul-cni zip
env:
ZIP_LOCATION: control-plane/dist/cni/linux/${{ matrix.goarch }}
ZIP_LOCATION: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }}
run: |
cd "${ZIP_LOCATION}"
unzip -j *.zip
Expand Down Expand Up @@ -293,8 +297,9 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
arch: ["amd64"]
fips: [ ".fips1402", "" ]
include:
- { arch: "amd64" }
- { arch: "amd64", fips: ".fips1402" }
env:
repo: ${{ github.event.repository.name }}
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ cli-dev:

cli-fips-dev:
@echo "==> Installing consul-k8s CLI tool for ${GOOS}/${GOARCH}"
@cd cli; GOEXPERIMENT=boringcrypto go build -o ./bin/consul-k8s -tags "fips"; cp ./bin/consul-k8s ${GOPATH}/bin/
@cd cli; CGO_ENABLED=1 GOEXPERIMENT=boringcrypto go build -o ./bin/consul-k8s -tags "fips"; cp ./bin/consul-k8s ${GOPATH}/bin/


cli-lint: ## Run linter in the control-plane directory.
Expand Down
3 changes: 2 additions & 1 deletion control-plane/build-support/functions/20-build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,8 @@ function build_consul_local {

if [ $GOTAGS == "fips" ]; then
CGO_ENABLED=1
else CGO_ENABLED=0
else
CGO_ENABLED=0
fi

echo "GOEXPERIMENT: $GOEXPERIMENT, GOTAGS: $GOTAGS CGO_ENABLED: $CGO_ENABLED" >> ~/debug.txt
Expand Down
23 changes: 18 additions & 5 deletions control-plane/subcommand/connect-init/command.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,19 @@ import (
"time"

"github.com/cenkalti/backoff"
"github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants"
"github.com/hashicorp/consul-k8s/control-plane/consul"
"github.com/hashicorp/consul-k8s/control-plane/namespaces"
"github.com/hashicorp/consul-k8s/control-plane/subcommand/common"
"github.com/hashicorp/consul-k8s/control-plane/subcommand/flags"
"github.com/hashicorp/consul-server-connection-manager/discovery"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/sdk/iptables"
"github.com/hashicorp/go-hclog"
"github.com/mitchellh/cli"
"github.com/mitchellh/mapstructure"

"github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants"
"github.com/hashicorp/consul-k8s/control-plane/consul"
"github.com/hashicorp/consul-k8s/control-plane/namespaces"
"github.com/hashicorp/consul-k8s/control-plane/subcommand/common"
"github.com/hashicorp/consul-k8s/control-plane/subcommand/flags"
"github.com/hashicorp/consul-k8s/control-plane/version"
)

const (
Expand Down Expand Up @@ -161,6 +163,17 @@ func (c *Command) Run(args []string) int {
c.logger.Error("Unable to get client connection", "error", err)
return 1
}
if version.IsFIPS() {
// make sure we are also using FIPS Consul
var versionInfo map[string]interface{}
_, err := consulClient.Raw().Query("/v1/agent/version", versionInfo, nil)
if err != nil {
c.logger.Warn("This is a FIPS build of consul-k8s, which should be used with FIPS Consul. Unable to verify FIPS Consul while setting up Consul API client.")
}
if val, ok := versionInfo["FIPS"]; !ok || val == "" {
c.logger.Warn("This is a FIPS build of consul-k8s, which should be used with FIPS Consul. A non-FIPS version of Consul was detected.")
}
}
proxyService := &api.AgentService{}
if c.flagGatewayKind != "" {
err = backoff.Retry(c.getGatewayRegistration(consulClient), backoff.WithMaxRetries(backoff.NewConstantBackOff(1*time.Second), c.serviceRegistrationPollingAttempts))
Expand Down

0 comments on commit 9d82cbd

Please sign in to comment.