diff options
Diffstat (limited to 'lib/chef')
-rw-r--r-- | lib/chef/application.rb | 1 | ||||
-rw-r--r-- | lib/chef/application/apply.rb | 1 | ||||
-rw-r--r-- | lib/chef/application/client.rb | 7 | ||||
-rw-r--r-- | lib/chef/formatters/doc.rb | 1 | ||||
-rw-r--r-- | lib/chef/formatters/minimal.rb | 3 | ||||
-rw-r--r-- | lib/chef/http/authenticator.rb | 13 | ||||
-rw-r--r-- | lib/chef/knife.rb | 1 | ||||
-rw-r--r-- | lib/chef/knife/bootstrap.rb | 5 | ||||
-rw-r--r-- | lib/chef/knife/core/bootstrap_context.rb | 4 |
9 files changed, 31 insertions, 5 deletions
diff --git a/lib/chef/application.rb b/lib/chef/application.rb index 4562d84a5d..a4d4fc209d 100644 --- a/lib/chef/application.rb +++ b/lib/chef/application.rb @@ -84,6 +84,7 @@ class Chef parse_options load_config_file Chef::Config.export_proxies + Chef::Config.init_openssl end # Parse the config file diff --git a/lib/chef/application/apply.rb b/lib/chef/application/apply.rb index f6348a951b..42b2d5fc9a 100644 --- a/lib/chef/application/apply.rb +++ b/lib/chef/application/apply.rb @@ -125,6 +125,7 @@ class Chef::Application::Apply < Chef::Application Chef::Config.merge!(config) configure_logging Chef::Config.export_proxies + Chef::Config.init_openssl parse_json end diff --git a/lib/chef/application/client.rb b/lib/chef/application/client.rb index ba357b420d..5b124b60a7 100644 --- a/lib/chef/application/client.rb +++ b/lib/chef/application/client.rb @@ -274,6 +274,11 @@ class Chef::Application::Client < Chef::Application :description => "Whether a local mode (-z) server binds to a port", :boolean => true + option :fips, + :long => "--fips", + :description => "Enable fips mode", + :boolean => true + IMMEDIATE_RUN_SIGNAL = "1".freeze attr_reader :chef_client_json @@ -287,6 +292,8 @@ class Chef::Application::Client < Chef::Application set_specific_recipes + Chef::Config[:fips] = config[:fips] if config.has_key? :fips + Chef::Config[:chef_server_url] = config[:chef_server_url] if config.has_key? :chef_server_url Chef::Config.local_mode = config[:local_mode] if config.has_key?(:local_mode) diff --git a/lib/chef/formatters/doc.rb b/lib/chef/formatters/doc.rb index 5510956754..ab450cdeac 100644 --- a/lib/chef/formatters/doc.rb +++ b/lib/chef/formatters/doc.rb @@ -43,6 +43,7 @@ class Chef def run_start(version) puts_line "Starting Chef Client, version #{version}" + puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] end def total_resources diff --git a/lib/chef/formatters/minimal.rb b/lib/chef/formatters/minimal.rb index 2e32968b4b..94fbfd3818 100644 --- a/lib/chef/formatters/minimal.rb +++ b/lib/chef/formatters/minimal.rb @@ -29,7 +29,8 @@ class Chef # Called at the very start of a Chef Run def run_start(version) - puts "Starting Chef Client, version #{version}" + puts_line "Starting Chef Client, version #{version}" + puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] end # Called at the end of the Chef run. diff --git a/lib/chef/http/authenticator.rb b/lib/chef/http/authenticator.rb index 02074171f8..ab4804c964 100644 --- a/lib/chef/http/authenticator.rb +++ b/lib/chef/http/authenticator.rb @@ -47,8 +47,8 @@ class Chef end def handle_request(method, url, headers={}, data=false) - headers.merge!(authentication_headers(method, url, data)) if sign_requests? headers.merge!({"X-Ops-Server-API-Version" => @api_version}) + headers.merge!(authentication_headers(method, url, data, headers)) if sign_requests? [method, url, headers, data] end @@ -90,12 +90,17 @@ class Chef raise Chef::Exceptions::InvalidPrivateKey, msg end - def authentication_headers(method, url, json_body=nil) - request_params = {:http_method => method, :path => url.path, :body => json_body, :host => "#{url.host}:#{url.port}"} + def authentication_headers(method, url, json_body=nil, headers=nil) + request_params = { + :http_method => method, + :path => url.path, + :body => json_body, + :host => "#{url.host}:#{url.port}", + :headers => headers, + } request_params[:body] ||= "" auth_credentials.signature_headers(request_params) end - end end end diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb index a070c6c858..5cfcc7182a 100644 --- a/lib/chef/knife.rb +++ b/lib/chef/knife.rb @@ -398,6 +398,7 @@ class Chef merge_configs apply_computed_config Chef::Config.export_proxies + Chef::Config.init_openssl # This has to be after apply_computed_config so that Mixlib::Log is configured Chef::Log.info("Using configuration from #{config[:config_file]}") if config[:config_file] end diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 23ec98e563..4db6c22f2e 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -250,6 +250,11 @@ class Chef Chef::Config[:knife][:bootstrap_vault_item] } + option :fips, + :long => "--fips", + :description => "Set openssl to run in fips mode", + :boolean => true + def initialize(argv=[]) super @client_builder = Chef::Knife::Bootstrap::ClientBuilder.new( diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index b0a759dd05..46ade9f00f 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -120,6 +120,10 @@ validation_client_name "#{@chef_config[:validation_client_name]}" client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n} end + if @config[:fips] + client_rb << %Q{fips true\n} + end + client_rb end |