Merge pull request #4481 from chef/jdm/fips-58

Allow use of command line fips switch for knife

4 files changed, 14 insertions, 7 deletions

diff --git a/lib/chef/application/knife.rb b/lib/chef/application/knife.rb
index d433252a50..bb1e1f7918 100644
--- a/lib/chef/application/knife.rb
+++ b/lib/chef/application/knife.rb
@@ -134,6 +134,12 @@ class Chef::Application::Knife < Chef::Application
     :proc         => lambda {|v| puts "Chef: #{::Chef::VERSION}"},
     :exit         => 0
 
+  option :fips,
+    :long         => "--[no-]fips",
+    :description  => "Enable fips mode",
+    :boolean      => true,
+    :default      => nil
+
   # Run knife
   def run
     Mixlib::Log::Formatter.show_time = false
diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb
index bd34981008..56a23e0dde 100644
--- a/lib/chef/knife.rb
+++ b/lib/chef/knife.rb
@@ -398,7 +398,6 @@ class Chef
       merge_configs
       apply_computed_config
       Chef::Config.export_proxies
-      Chef::Config.init_openssl
       # This has to be after apply_computed_config so that Mixlib::Log is configured
       Chef::Log.info("Using configuration from #{config[:config_file]}") if config[:config_file]
     end
@@ -412,6 +411,7 @@ class Chef
         ui.error "You need to add a #run method to your knife command before you can use it"
       end
       enforce_path_sanity
+      maybe_setup_fips
       Chef::LocalMode.with_server_connectivity do
         run
       end
@@ -570,5 +570,11 @@ class Chef
       Chef::Config[:chef_server_url]
     end
 
+    def maybe_setup_fips
+      if !config[:fips].nil?
+        Chef::Config[:fips] = config[:fips]
+      end
+      Chef::Config.init_openssl
+    end
   end
 end
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb
index f01cebd9c9..a1172aefc9 100644
--- a/lib/chef/knife/bootstrap.rb
+++ b/lib/chef/knife/bootstrap.rb
@@ -250,11 +250,6 @@ class Chef
           Chef::Config[:knife][:bootstrap_vault_item]
         }
 
-      option :fips,
-        :long => "--fips",
-        :description => "Set openssl to run in fips mode",
-        :boolean => true
-
       def initialize(argv=[])
         super
         @client_builder = Chef::Knife::Bootstrap::ClientBuilder.new(
diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb
index 62ea54721a..a863e0cdb7 100644
--- a/lib/chef/knife/core/bootstrap_context.rb
+++ b/lib/chef/knife/core/bootstrap_context.rb
@@ -120,7 +120,7 @@ validation_client_name "#{@chef_config[:validation_client_name]}"
             client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n}
           end
 
-          if @config[:fips]
+          if Chef::Config[:fips]
             client_rb << %Q{fips true\n}
           end