diff options
-rw-r--r-- | chef-config/lib/chef-config/config.rb | 21 | ||||
-rw-r--r-- | spec/unit/application/knife_spec.rb | 8 | ||||
-rw-r--r-- | spec/unit/application_spec.rb | 2 |
3 files changed, 19 insertions, 12 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index 68cece43da..e4a12e8949 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -496,13 +496,7 @@ module ChefConfig # Initialize openssl def self.init_openssl if fips - ChefConfig.logger.warn "The `fips` feature is still a work in progress. This feature is incomplete." - OpenSSL.fips_mode = true - require "digest" - require "digest/sha1" - require "digest/md5" - Digest.const_set("SHA1", OpenSSL::Digest::SHA1) - OpenSSL::Digest.const_set("MD5", Digest::MD5) + self.enable_fips_mode end end @@ -910,5 +904,18 @@ module ChefConfig def self._this_file File.expand_path(__FILE__) end + + # Set fips mode in openssl. Do any patching necessary to make + # sure Chef runs do not crash. + # @api private + def self.enable_fips_mode + ChefConfig.logger.warn "The `fips` feature is still a work in progress. This feature is incomplete." + OpenSSL.fips_mode = true + require "digest" + require "digest/sha1" + require "digest/md5" + Digest.const_set("SHA1", OpenSSL::Digest::SHA1) + OpenSSL::Digest.const_set("MD5", Digest::MD5) + end end end diff --git a/spec/unit/application/knife_spec.rb b/spec/unit/application/knife_spec.rb index c6c3c4d12c..08e058caed 100644 --- a/spec/unit/application/knife_spec.rb +++ b/spec/unit/application/knife_spec.rb @@ -93,7 +93,7 @@ describe Chef::Application::Knife do it "does not initialize fips mode when no flags are passed" do with_argv(*%w{noop knife command}) do expect(@knife).to receive(:exit).with(0) - expect(OpenSSL).not_to receive(:'fips_mode=') + expect(Chef::Config).not_to receive(:enable_fips_mode) @knife.run expect(Chef::Config[:fips]).to eq(false) end @@ -102,7 +102,7 @@ describe Chef::Application::Knife do it "overwrites the Chef::Config value when passed --fips" do with_argv(*%w{noop knife command --fips}) do expect(@knife).to receive(:exit).with(0) - expect(OpenSSL).to receive(:'fips_mode=').with(true) + expect(Chef::Config).to receive(:enable_fips_mode) @knife.run expect(Chef::Config[:fips]).to eq(true) end @@ -117,7 +117,7 @@ describe Chef::Application::Knife do it "initializes fips mode when passed --fips" do with_argv(*%w{noop knife command --fips}) do expect(@knife).to receive(:exit).with(0) - expect(OpenSSL).to receive(:'fips_mode=').with(true) + expect(Chef::Config).to receive(:enable_fips_mode) @knife.run expect(Chef::Config[:fips]).to eq(true) end @@ -126,7 +126,7 @@ describe Chef::Application::Knife do it "overwrites the Chef::Config value when passed --no-fips" do with_argv(*%w{noop knife command --no-fips}) do expect(@knife).to receive(:exit).with(0) - expect(OpenSSL).not_to receive(:'fips_mode=') + expect(Chef::Config).not_to receive(:enable_fips_mode) @knife.run expect(Chef::Config[:fips]).to eq(false) end diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb index 340f062564..ceff3b6eb5 100644 --- a/spec/unit/application_spec.rb +++ b/spec/unit/application_spec.rb @@ -148,7 +148,7 @@ describe Chef::Application do end it "sets openssl in fips mode" do - expect(OpenSSL).to receive(:'fips_mode=').with(true) + expect(Chef::Config).to receive(:enable_fips_mode) @app.configure_chef end end |