[fips140] confmap/provider/internal/configurablehttpprovider.TestFunctionalityDownloadFileHTTPS unit test fails with GODEBUG=fips140=only #13998
Description
Component(s)
No response
Describe the issue you're reporting
Running the confmap/provider/internal/configurablehttpprovider.TestFunctionalityDownloadFileHTTPS unit test with GODEBUG=fips140=only exposes any calls (direct or indirect) to non-FIPS140-compliant algorithms.
Such calls may be made by the test's code or from collector code exercised by the test. Also, the calls may be true positives or false positives (e.g. using md5, which is not FIPS140-compliant for cryptographic uses, in a non-cryptographic context, e.g. hashing for checksums). Depending on where the calls are being made from (test code or collector code) and whether they're true or false positives, we may need to either a) provide an alternative implementation — using the requirefips build tag — for the calls with ones to FIPS-compliant algorithms, b) skip the test when GODEBUG=fips140=only (should be done only if the calls are being made from the test code itself), or c) disable the code paths leading to the calls when the module is built with the requirefips build tag and document this (least preferred option).
Steps to reproduce
Run the configurablehttpprovider.TestFunctionalityDownloadFileHTTPS unit test with GODEBUG=fips140=only.
$ cd confmap/
$ GODEBUG=fips140=only go test ./provider/internal/configurablehttpprovider/... -test.v -test.run TestFunctionalityDownloadFileHTTPS -count 1
Observed output
=== RUN TestFunctionalityDownloadFileHTTPS
--- FAIL: TestFunctionalityDownloadFileHTTPS (0.11s)
panic: crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode [recovered, repanicked]
goroutine 19 [running]:
testing.tRunner.func1.2({0x1052cfc60, 0x1053613a0})
/Users/shaunak/.gvm/gos/go1.25.1/src/testing/testing.go:1872 +0x190
testing.tRunner.func1()
/Users/shaunak/.gvm/gos/go1.25.1/src/testing/testing.go:1875 +0x31c
panic({0x1052cfc60?, 0x1053613a0?})
/Users/shaunak/.gvm/gos/go1.25.1/src/runtime/panic.go:783 +0x120
crypto/sha1.Sum({0x1400033c240?, 0x1400033ad28?, 0x1400033a850?})
/Users/shaunak/.gvm/gos/go1.25.1/src/crypto/sha1/sha1.go:278 +0x104
crypto/x509.CreateCertificate({0x105363800, 0x140000981c0}, 0x1400033afc0, 0x1400033afc0, {0x1052f0c80, 0x14000229f10}, {0x105333160?, 0x14000229f10})
/Users/shaunak/.gvm/gos/go1.25.1/src/crypto/x509/x509.go:1738 +0x424
go.opentelemetry.io/collector/confmap/provider/internal/configurablehttpprovider.generateCertificate(0x14000082fc0, {0x10520103c, 0x9})
/Users/shaunak/development/github/opentelemetry-collector/confmap/provider/internal/configurablehttpprovider/provider_test.go:82 +0x358
go.opentelemetry.io/collector/confmap/provider/internal/configurablehttpprovider.TestFunctionalityDownloadFileHTTPS(0x14000082fc0)
/Users/shaunak/development/github/opentelemetry-collector/confmap/provider/internal/configurablehttpprovider/provider_test.go:127 +0x40
testing.tRunner(0x14000082fc0, 0x10535e670)
/Users/shaunak/.gvm/gos/go1.25.1/src/testing/testing.go:1934 +0xc8
created by testing.(*T).Run in goroutine 1
/Users/shaunak/.gvm/gos/go1.25.1/src/testing/testing.go:1997 +0x364
FAIL go.opentelemetry.io/collector/confmap/provider/internal/configurablehttpprovider 0.473s
FAIL
Tip
React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.