From fdda7adeaa5ae7adc0ec8bc28896dd1373e464fa Mon Sep 17 00:00:00 2001 From: skpratt Date: Wed, 31 May 2023 09:01:44 -0500 Subject: [PATCH] issue a warning if major FIPS assumptions are broken (#17524) --- agent/agent.go | 6 ++++++ agent/agent_oss.go | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/agent/agent.go b/agent/agent.go index acb0ccd94e01..388c7c3e6ffe 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -597,6 +597,12 @@ func (a *Agent) Start(ctx context.Context) error { // regular and on-demand state synchronizations (anti-entropy). a.sync = ae.NewStateSyncer(a.State, c.AEInterval, a.shutdownCh, a.logger) + err = validateFIPSConfig(a.config) + if err != nil { + // Log warning, rather than force breaking + a.logger.Warn("FIPS 140-2 Compliance", "issue", err) + } + // create the config for the rpc server/client consulCfg, err := newConsulConfig(a.config, a.logger) if err != nil { diff --git a/agent/agent_oss.go b/agent/agent_oss.go index 4153c66a0bd7..93e633cc656f 100644 --- a/agent/agent_oss.go +++ b/agent/agent_oss.go @@ -40,6 +40,11 @@ func (a *Agent) reloadEnterprise(conf *config.RuntimeConfig) error { func enterpriseConsulConfig(_ *consul.Config, _ *config.RuntimeConfig) { } +// validateFIPSConfig is a noop stub for the func defined in agent_ent.go +func validateFIPSConfig(_ *config.RuntimeConfig) error { + return nil +} + // WriteEvent is a noop stub for the func defined agent_ent.go func (a *Agent) WriteEvent(eventType string, payload interface{}) { }