summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJay Mundrawala <jdmundrawala@gmail.com>2016-01-27 17:44:12 -0800
committerJay Mundrawala <jdmundrawala@gmail.com>2016-01-28 15:28:33 -0800
commited44d58632c02744ce02bcc6af504e4e3c802f1f (patch)
treede5dac9d7bccf99a010e97e7ecaad8b8bfd34e86 /lib
parent97e3ae9540c5c663af2575c579c6e9a445848489 (diff)
downloadchef-ed44d58632c02744ce02bcc6af504e4e3c802f1f.tar.gz
Allow use of command line fips switch for knife
This somewhat worked before. However, it was just for knife bootstrap. It also didn't support --no-fips in the case where it was in your knife.rb and you decided that you didn't want to use fips for that one call. The assumption here is fips mode you run knife with is the fips mode the node will get. This has the nice property that validatorless bootstraps will talk to the chef server in fips mode if the node is requested to be in fips mode.
Diffstat (limited to 'lib')
-rw-r--r--lib/chef/application/knife.rb6
-rw-r--r--lib/chef/knife.rb8
-rw-r--r--lib/chef/knife/bootstrap.rb5
-rw-r--r--lib/chef/knife/core/bootstrap_context.rb2
4 files changed, 14 insertions, 7 deletions
diff --git a/lib/chef/application/knife.rb b/lib/chef/application/knife.rb
index 1742223657..46122b0a7b 100644
--- a/lib/chef/application/knife.rb
+++ b/lib/chef/application/knife.rb
@@ -134,6 +134,12 @@ class Chef::Application::Knife < Chef::Application
:proc => lambda {|v| puts "Chef: #{::Chef::VERSION}"},
:exit => 0
+ option :fips,
+ :long => "--[no-]fips",
+ :description => "Enable fips mode",
+ :boolean => true,
+ :default => nil
+
# Run knife
def run
Mixlib::Log::Formatter.show_time = false
diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb
index 5cfcc7182a..8443186089 100644
--- a/lib/chef/knife.rb
+++ b/lib/chef/knife.rb
@@ -398,7 +398,6 @@ class Chef
merge_configs
apply_computed_config
Chef::Config.export_proxies
- Chef::Config.init_openssl
# This has to be after apply_computed_config so that Mixlib::Log is configured
Chef::Log.info("Using configuration from #{config[:config_file]}") if config[:config_file]
end
@@ -412,6 +411,7 @@ class Chef
ui.error "You need to add a #run method to your knife command before you can use it"
end
enforce_path_sanity
+ maybe_setup_fips
Chef::LocalMode.with_server_connectivity do
run
end
@@ -570,5 +570,11 @@ class Chef
Chef::Config[:chef_server_url]
end
+ def maybe_setup_fips
+ if !config[:fips].nil?
+ Chef::Config[:fips] = config[:fips]
+ end
+ Chef::Config.init_openssl
+ end
end
end
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb
index 4db6c22f2e..23ec98e563 100644
--- a/lib/chef/knife/bootstrap.rb
+++ b/lib/chef/knife/bootstrap.rb
@@ -250,11 +250,6 @@ class Chef
Chef::Config[:knife][:bootstrap_vault_item]
}
- option :fips,
- :long => "--fips",
- :description => "Set openssl to run in fips mode",
- :boolean => true
-
def initialize(argv=[])
super
@client_builder = Chef::Knife::Bootstrap::ClientBuilder.new(
diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb
index 46ade9f00f..86c905c16a 100644
--- a/lib/chef/knife/core/bootstrap_context.rb
+++ b/lib/chef/knife/core/bootstrap_context.rb
@@ -120,7 +120,7 @@ validation_client_name "#{@chef_config[:validation_client_name]}"
client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n}
end
- if @config[:fips]
+ if Chef::Config[:fips]
client_rb << %Q{fips true\n}
end