Have client.rb verify that FIPS mode can be enforcedksubrama/fips_guard

author: Kartik Null Cating-Subramanian <ksubramanian@chef.io> 2016-02-25 14:53:58 -0500
committer: Kartik Null Cating-Subramanian <ksubramanian@chef.io> 2016-02-25 14:53:58 -0500
commit: 433ccf630cc2d4b78d44dcc6d0a46dc3c576cbfd (patch)
tree: 72f95be3c7087fbc954673100102ed5e73036a65 /lib/chef/knife
parent: 5f72ac57337bd4914d87a48bdfb49c2d1d039951 (diff)
download: chef-433ccf630cc2d4b78d44dcc6d0a46dc3c576cbfd.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb
index b05cae688c..6c3e69ceaf 100644
--- a/lib/chef/knife/core/bootstrap_context.rb
+++ b/lib/chef/knife/core/bootstrap_context.rb
@@ -122,7 +122,13 @@ validation_client_name "#{@chef_config[:validation_client_name]}"
           end
 
           if Chef::Config[:fips]
-            client_rb << %Q{fips true\n}
+            client_rb << <<-CONFIG
+fips true
+chef_version = ::Chef::VERSION.split(".")
+unless chef_version[0].to_i > 12 || (chef_version[0].to_i == 12 && chef_version[1].to_i >= 8)
+  raise "FIPS Mode requested but not supported by this client"
+end
+CONFIG
           end
 
           client_rb
author	Kartik Null Cating-Subramanian <ksubramanian@chef.io>	2016-02-25 14:53:58 -0500
committer	Kartik Null Cating-Subramanian <ksubramanian@chef.io>	2016-02-25 14:53:58 -0500
commit	433ccf630cc2d4b78d44dcc6d0a46dc3c576cbfd (patch)
tree	72f95be3c7087fbc954673100102ed5e73036a65 /lib/chef/knife
parent	5f72ac57337bd4914d87a48bdfb49c2d1d039951 (diff)
download	chef-433ccf630cc2d4b78d44dcc6d0a46dc3c576cbfd.tar.gz