diff options
-rw-r--r-- | chef-config/lib/chef-config/config.rb | 8 | ||||
-rw-r--r-- | lib/chef/formatters/doc.rb | 4 | ||||
-rw-r--r-- | lib/chef/formatters/minimal.rb | 4 | ||||
-rw-r--r-- | lib/chef/knife/bootstrap.rb | 4 | ||||
-rw-r--r-- | lib/chef/knife/core/bootstrap_context.rb | 4 | ||||
-rw-r--r-- | spec/unit/application_spec.rb | 2 | ||||
-rw-r--r-- | spec/unit/client_spec.rb | 4 |
7 files changed, 15 insertions, 15 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index 7bf5d05572..f352d754c6 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -452,12 +452,12 @@ module ChefConfig default :recipe_url, nil # Set to true if Chef is to set OpenSSL to run in FIPS mode - default :openssl_fips, false + default :fips, false # Initialize openssl def self.init_openssl - if openssl_fips - ChefConfig.logger.warn "The `openssl_fips` is still a work in progress. This feature is incomplete." + if fips + ChefConfig.logger.warn "The `fips` feature is still a work in progress. This feature is incomplete." OpenSSL.fips_mode = true require 'digest' require 'digest/sha1' @@ -471,7 +471,7 @@ module ChefConfig # the 'mixlib-authorization' project for more detail). Currently, versions # 1.0, 1.1, and 1.3 are available. default :authentication_protocol_version do - if openssl_fips + if fips "1.3" else "1.1" diff --git a/lib/chef/formatters/doc.rb b/lib/chef/formatters/doc.rb index 901caa92cf..ab450cdeac 100644 --- a/lib/chef/formatters/doc.rb +++ b/lib/chef/formatters/doc.rb @@ -42,8 +42,8 @@ class Chef end def run_start(version) - puts_line "Starting Chef Client#{" (FIPS mode)" if Chef::Config[:openssl_fips]}" \ - ", version #{version}" + puts_line "Starting Chef Client, version #{version}" + puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] end def total_resources diff --git a/lib/chef/formatters/minimal.rb b/lib/chef/formatters/minimal.rb index baf0273103..94fbfd3818 100644 --- a/lib/chef/formatters/minimal.rb +++ b/lib/chef/formatters/minimal.rb @@ -29,8 +29,8 @@ class Chef # Called at the very start of a Chef Run def run_start(version) - puts_line "Starting Chef Client#{" (FIPS mode)" if Chef::Config[:openssl_fips]}" \ - ", version #{version}" + puts_line "Starting Chef Client, version #{version}" + puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] end # Called at the end of the Chef run. diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 3816857c46..4db6c22f2e 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -250,8 +250,8 @@ class Chef Chef::Config[:knife][:bootstrap_vault_item] } - option :openssl_fips, - :long => "--openssl-fips", + option :fips, + :long => "--fips", :description => "Set openssl to run in fips mode", :boolean => true diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index e530d115d7..46ade9f00f 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -120,8 +120,8 @@ validation_client_name "#{@chef_config[:validation_client_name]}" client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n} end - if @config[:openssl_fips] - client_rb << %Q{openssl_fips true\n} + if @config[:fips] + client_rb << %Q{fips true\n} end client_rb diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb index c8f138cdcc..d66cc26927 100644 --- a/spec/unit/application_spec.rb +++ b/spec/unit/application_spec.rb @@ -138,7 +138,7 @@ describe Chef::Application do context "when openssl fips" do before do - allow(Chef::Config).to receive(:openssl_fips).and_return(true) + allow(Chef::Config).to receive(:fips).and_return(true) end it "sets openssl in fips mode" do diff --git a/spec/unit/client_spec.rb b/spec/unit/client_spec.rb index 26cc8f3cf9..82adf057dc 100644 --- a/spec/unit/client_spec.rb +++ b/spec/unit/client_spec.rb @@ -52,7 +52,7 @@ describe Chef::Client do end context "when openssl is compiled with the FIPS module" do before do - Chef::Config[:openssl_fips] = true + Chef::Config[:fips] = true end it "defaults to 1.3" do @@ -60,7 +60,7 @@ describe Chef::Client do end after do - Chef::Config[:openssl_fips] = false + Chef::Config[:fips] = false end end end |