issue a warning if major FIPS assumptions are broken (#17524)

2023-05-31 09:01:44 -05:00 · 2023-05-31 09:01:44 -05:00 · 82946aebf9
parent 36b1534b7c
commit 82946aebf9
2 changed files with 11 additions and 0 deletions
--- a/agent/agent.go
+++ b/agent/agent.go
@ -597,6 +597,12 @@ func (a *Agent) Start(ctx context.Context) error {
 	// regular and on-demand state synchronizations (anti-entropy).
 	a.sync = ae.NewStateSyncer(a.State, c.AEInterval, a.shutdownCh, a.logger)

+	err = validateFIPSConfig(a.config)
+	if err != nil {
+		// Log warning, rather than force breaking
+		a.logger.Warn("FIPS 140-2 Compliance", "issue", err)
+	}
+
 	// create the config for the rpc server/client
 	consulCfg, err := newConsulConfig(a.config, a.logger)
 	if err != nil {
--- a/agent/agent_oss.go
+++ b/agent/agent_oss.go
@ -40,6 +40,11 @@ func (a *Agent) reloadEnterprise(conf *config.RuntimeConfig) error {
 func enterpriseConsulConfig(_ *consul.Config, _ *config.RuntimeConfig) {
 }

+// validateFIPSConfig is a noop stub for the func defined in agent_ent.go
+func validateFIPSConfig(_ *config.RuntimeConfig) error {
+	return nil
+}
+
 // WriteEvent is a noop stub for the func defined agent_ent.go
 func (a *Agent) WriteEvent(eventType string, payload interface{}) {
 }