Merge pull request #995 from rabbitmq/fips

Log a line when FIPS is enabled

Author: Zerpet

Dockerfile

@@ -22,6 +22,9 @@ ARG TARGETARCH
 ENV GOOS=$TARGETOS
 ENV GOARCH=$TARGETARCH
 
+ARG FIPS_MODE=off
+ENV GOFIPS140=$FIPS_MODE
+
 # Build
 RUN CGO_ENABLED=0 GO111MODULE=on go build -a -tags timetzdata -o manager main.go
 

Makefile

@@ -192,10 +192,11 @@ generate-client-set:
 
 GIT_COMMIT=$(shell git rev-parse --short HEAD)-dev
 OPERATOR_IMAGE ?= rabbitmqoperator/messaging-topology-operator
+GOFIPS140 ?= off
 .PHONY: docker-build-dev
 docker-build-dev:
 	$(call check_defined, DOCKER_REGISTRY_SERVER, URL of docker registry containing the Operator image (e.g. registry.my-company.com))
-	$(BUILD_KIT) buildx build --build-arg=GIT_COMMIT=$(GIT_COMMIT) -t $(DOCKER_REGISTRY_SERVER)/$(OPERATOR_IMAGE):$(GIT_COMMIT) .
+	$(BUILD_KIT) buildx build --build-arg=FIPS_MODE=$(GOFIPS140) --build-arg=GIT_COMMIT=$(GIT_COMMIT) -t $(DOCKER_REGISTRY_SERVER)/$(OPERATOR_IMAGE):$(GIT_COMMIT) .
 	$(BUILD_KIT) push $(DOCKER_REGISTRY_SERVER)/$(OPERATOR_IMAGE):$(GIT_COMMIT)
 
 # docker-build-local and deploy-local work in local Kubernetes installations where the Kubernetes API

main.go

@@ -10,6 +10,7 @@ This product may include a number of subcomponents with separate copyright notic
 package main
 
 import (
+	"crypto/fips140"
 	"flag"
 	"fmt"
 	"os"
@@ -387,6 +388,7 @@ func main() {
 		log.Error(err, "unable to create controller", "controller", controllers.SuperStreamControllerName)
 		os.Exit(1)
 	}
+	// +kubebuilder:scaffold:builder
 
 	if os.Getenv(controllers.EnableWebhooksEnvVar) != "false" {
 		if err = (&topology.Binding{}).SetupWebhookWithManager(mgr); err != nil {
@@ -443,7 +445,9 @@ func main() {
 		}
 	}
 
-	// +kubebuilder:scaffold:builder
+	if fips140.Enabled() {
+		log.Info("FIPS 140-3 mode enabled")
+	}
 
 	log.Info("starting manager")
 	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {