Revert "Run in fips mode if node is fips enabled"

author: Thom May <thom@may.lt> 2016-04-27 18:11:12 +0100
committer: Thom May <thom@may.lt> 2016-04-27 18:11:12 +0100
commit: fae30e6a075977bfad381a22dd979601e350258d (patch)
tree: af8aac7006160c4782246e1ba9b5a2ea5e2a3a1e /chef-config
parent: 68c9cbc93ed0d7dd995ae7240c1a8075c7d4387a (diff)
download: chef-fae30e6a075977bfad381a22dd979601e350258d.tar.gz
3 files changed, 1 insertions, 82 deletions
diff --git a/chef-config/Gemfile b/chef-config/Gemfile
index 8f10ee91e6..96ab544690 100644
--- a/chef-config/Gemfile
+++ b/chef-config/Gemfile
@@ -2,5 +2,3 @@ source "https://rubygems.org"
 
 # Specify your gem's dependencies in chef-config.gemspec
 gemspec
-
-gem "ohai", "~> 8.15"
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb
index e5260e4633..e6192c22cb 100644
--- a/chef-config/lib/chef-config/config.rb
+++ b/chef-config/lib/chef-config/config.rb
@@ -38,8 +38,6 @@ module ChefConfig
     extend Mixlib::Config
     extend ChefConfig::Mixin::FuzzyHostnameMatcher
 
-    @ohai_mutex = Mutex.new
-
     # Evaluates the given string as config.
     #
     # +filename+ is used for context in stacktraces, but doesn't need to be the name of an actual file.
@@ -515,31 +513,7 @@ module ChefConfig
     default :recipe_url, nil
 
     # Set to true if Chef is to set OpenSSL to run in FIPS mode
-    default(:fips) do
-      !ENV["CHEF_FIPS"].nil? || check_fips_via_ohai
-    end
-
-    # we want to synchronize this ohai call because ohai is not thread safe
-    # if this gets called in a mulithreaded context, each thread's ohai instance
-    # will call reset_system while other threads are loading plugins
-    # the destructive power of reset_system is scoped to the module and not to the instance
-    def self.check_fips_via_ohai
-      return @sync_value if defined?(@sync_value)
-
-      @ohai_mutex.synchronize do
-        return @sync_value if defined?(@sync_value)
-        require "ohai"
-        o = Ohai::System.new
-        o.load_plugins
-        begin
-          o.require_plugin "fips"
-          @sync_value = o[:fips][:kernel][:enabled]
-        rescue Ohai::Exceptions::DependencyNotFound
-          @sync_value = false
-        end
-      end
-      @sync_value
-    end
+    default(:fips) { ENV["CHEF_FIPS"] == "1" }
 
     # Initialize openssl
     def self.init_openssl
@@ -992,7 +966,6 @@ module ChefConfig
       Digest.const_set("SHA1", OpenSSL::Digest::SHA1)
       OpenSSL::Digest.send(:remove_const, "MD5") if OpenSSL::Digest.const_defined?("MD5")
       OpenSSL::Digest.const_set("MD5", Digest::MD5)
-      ChefConfig.logger.debug "FIPS mode is enabled."
     end
   end
 end
diff --git a/chef-config/spec/unit/config_spec.rb b/chef-config/spec/unit/config_spec.rb
index 8d0bc8f203..72c0981eca 100644
--- a/chef-config/spec/unit/config_spec.rb
+++ b/chef-config/spec/unit/config_spec.rb
@@ -19,7 +19,6 @@
 
 require "spec_helper"
 require "chef-config/config"
-require "ohai"
 
 RSpec.describe ChefConfig::Config do
   before(:each) do
@@ -166,57 +165,6 @@ RSpec.describe ChefConfig::Config do
           allow(ChefConfig::Config).to receive(:path_accessible?).and_return(false)
         end
 
-        describe "ChefConfig::Config[:fips]" do
-          let(:fips_ohai) { double("Ohai::System", load_plugins: nil, require_plugin: nil) }
-          let(:fips_ohai_data) do
-            {
-              kernel: {
-                enabled: fips_ohai_value,
-              },
-            }
-          end
-          let(:fips_ohai_value) { false }
-
-          before(:all) do
-            @original_env = ENV.to_hash
-          end
-
-          after(:all) do
-            ENV.clear
-            ENV.update(@original_env)
-          end
-
-          before(:each) do
-            ENV["CHEF_FIPS"] = nil
-            allow(Ohai::System).to receive(:new).and_return(fips_ohai)
-            allow(fips_ohai).to receive(:[]).with(:fips).and_return(fips_ohai_data)
-          end
-
-          it "returns false when no environment is set and ohai flag is disabled" do
-            expect(ChefConfig::Config[:fips]).to eq(false)
-            ChefConfig::Config.instance_eval { remove_instance_variable(:@sync_value) }
-          end
-
-          context "when ENV['CHEF_FIPS'] is set" do
-            before do
-              ENV["CHEF_FIPS"] = "1"
-            end
-
-            it "returns true" do
-              expect(ChefConfig::Config[:fips]).to eq(true)
-            end
-          end
-
-          context "when fips is enabled in ohai data" do
-            let(:fips_ohai_value) { true }
-
-            it "returns true" do
-              expect(ChefConfig::Config[:fips]).to eq(true)
-              ChefConfig::Config.instance_eval { remove_instance_variable(:@sync_value) }
-            end
-          end
-        end
-
         describe "ChefConfig::Config[:chef_server_root]" do
           context "when chef_server_url isn't set manually" do
             it "returns the default of 'https://localhost:443'" do
author	Thom May <thom@may.lt>	2016-04-27 18:11:12 +0100
committer	Thom May <thom@may.lt>	2016-04-27 18:11:12 +0100
commit	fae30e6a075977bfad381a22dd979601e350258d (patch)
tree	af8aac7006160c4782246e1ba9b5a2ea5e2a3a1e /chef-config
parent	68c9cbc93ed0d7dd995ae7240c1a8075c7d4387a (diff)
download	chef-fae30e6a075977bfad381a22dd979601e350258d.tar.gz