Merge pull request #4630 from chef/ksubrama/fips_guard

Have client.rb verify that FIPS mode can be enforced
author: Kartik Null Cating-Subramanian <ksubramanian@chef.io> 2016-02-26 13:07:32 -0500
committer: Kartik Null Cating-Subramanian <ksubramanian@chef.io> 2016-02-26 13:07:32 -0500
commit: bf2eb79da8ad8b9f9d0c97617d4e637ad3fa9a27 (patch)
tree: cb88051b8beafabfe419f490b58bcfc53eebfb06 /lib/chef/knife
parent: 04c71c82eb8fdfd7a272ad61a8820a7246b5db61 (diff)
parent: 433ccf630cc2d4b78d44dcc6d0a46dc3c576cbfd (diff)
download: chef-bf2eb79da8ad8b9f9d0c97617d4e637ad3fa9a27.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb
index 6f1c234796..7ad70bc627 100644
--- a/lib/chef/knife/core/bootstrap_context.rb
+++ b/lib/chef/knife/core/bootstrap_context.rb
@@ -127,7 +127,13 @@ validation_client_name "#{@chef_config[:validation_client_name]}"
           end
 
           if Chef::Config[:fips]
-            client_rb << %Q{fips true\n}
+            client_rb << <<-CONFIG
+fips true
+chef_version = ::Chef::VERSION.split(".")
+unless chef_version[0].to_i > 12 || (chef_version[0].to_i == 12 && chef_version[1].to_i >= 8)
+  raise "FIPS Mode requested but not supported by this client"
+end
+CONFIG
           end
 
           client_rb
author	Kartik Null Cating-Subramanian <ksubramanian@chef.io>	2016-02-26 13:07:32 -0500
committer	Kartik Null Cating-Subramanian <ksubramanian@chef.io>	2016-02-26 13:07:32 -0500
commit	bf2eb79da8ad8b9f9d0c97617d4e637ad3fa9a27 (patch)
tree	cb88051b8beafabfe419f490b58bcfc53eebfb06 /lib/chef/knife
parent	04c71c82eb8fdfd7a272ad61a8820a7246b5db61 (diff)
parent	433ccf630cc2d4b78d44dcc6d0a46dc3c576cbfd (diff)
download	chef-bf2eb79da8ad8b9f9d0c97617d4e637ad3fa9a27.tar.gz