From 0a76b5169f6825a812894e244404904d1e2853f9 Mon Sep 17 00:00:00 2001
From: Kevin Fairise <132568982+KevinFairise2@users.noreply.github.com>
Date: Wed, 29 Jan 2025 20:40:35 +0100
Subject: [PATCH] Revert "[ASCII-2691] Change wording on FIPS Mode status
indication (#33507)"
This reverts commit 517df3f51a8434847da4810a62b28e40d7771ab5.
---
comp/core/status/statusimpl/common_header_provider.go | 10 +---------
.../status/statusimpl/common_header_provider_test.go | 4 ----
comp/core/status/statusimpl/status_test.go | 7 -------
comp/core/status/statusimpl/templates/html.tmpl | 6 +++---
comp/core/status/statusimpl/templates/text.tmpl | 2 +-
pkg/fips/fips_disabled.go | 2 +-
pkg/fips/fips_nix.go | 9 +++------
pkg/fips/fips_windows.go | 9 +++------
.../agent-subcommands/status/status_common_test.go | 1 -
.../tests/agent-subcommands/status/status_nix_test.go | 2 +-
test/new-e2e/tests/fips-compliance/fips_nix_test.go | 5 +++--
11 files changed, 16 insertions(+), 41 deletions(-)
diff --git a/comp/core/status/statusimpl/common_header_provider.go b/comp/core/status/statusimpl/common_header_provider.go
index 4c6a0643f0be3b..0a7d725e75a073 100644
--- a/comp/core/status/statusimpl/common_header_provider.go
+++ b/comp/core/status/statusimpl/common_header_provider.go
@@ -74,8 +74,8 @@ func (h *headerProvider) HTML(_ bool, buffer io.Writer) error {
func (h *headerProvider) data() map[string]interface{} {
data := maps.Clone(h.constdata)
data["time_nano"] = nowFunc().UnixNano()
+ data["fips_status"] = fips.Status()
data["config"] = populateConfig(h.config)
- data["fips_status"] = populateFIPSStatus(h.config)
return data
}
@@ -115,11 +115,3 @@ func populateConfig(config config.Component) map[string]string {
return conf
}
-
-func populateFIPSStatus(config config.Component) string {
- fipsStatus := fips.Status()
- if fipsStatus == "not available" && config.GetString("fips.enabled") == "true" {
- return "proxy"
- }
- return fipsStatus
-}
diff --git a/comp/core/status/statusimpl/common_header_provider_test.go b/comp/core/status/statusimpl/common_header_provider_test.go
index 6cd7f471cd4d1e..ebbce0eb17ac33 100644
--- a/comp/core/status/statusimpl/common_header_provider_test.go
+++ b/comp/core/status/statusimpl/common_header_provider_test.go
@@ -89,7 +89,6 @@ func TestCommonHeaderProviderText(t *testing.T) {
Python Version: n/a
Build arch: %s
Agent flavor: %s
- FIPS Mode: not available
Log Level: info
Paths
@@ -189,7 +188,6 @@ func TestCommonHeaderProviderTextWithFipsInformation(t *testing.T) {
Python Version: n/a
Build arch: %s
Agent flavor: %s
- FIPS Mode: proxy
Log Level: info
Paths
@@ -243,7 +241,6 @@ func TestCommonHeaderProviderHTML(t *testing.T) {
Flavor: %s
PID: %d
Agent start: 2018-01-05 11:25:15 UTC (1515151515000)
- FIPS Mode: not available
Log Level: info
Config File: There is no config file
Conf.d Path: %s
@@ -307,7 +304,6 @@ func TestCommonHeaderProviderHTMLWithFipsInformation(t *testing.T) {
Flavor: %s
PID: %d
Agent start: 2018-01-05 11:25:15 UTC (1515151515000)
- FIPS Mode: proxy
Log Level: info
Config File: There is no config file
Conf.d Path: %s
diff --git a/comp/core/status/statusimpl/status_test.go b/comp/core/status/statusimpl/status_test.go
index ac1009220e498a..319dc52a35e5fe 100644
--- a/comp/core/status/statusimpl/status_test.go
+++ b/comp/core/status/statusimpl/status_test.go
@@ -272,7 +272,6 @@ func TestGetStatus(t *testing.T) {
Python Version: n/a
Build arch: %s
Agent flavor: %s
- FIPS Mode: not available
Log Level: info
Paths
@@ -325,7 +324,6 @@ X Section
Python Version: n/a
Build arch: %s
Agent flavor: %s
- FIPS Mode: not available
Log Level: info
Paths
@@ -376,7 +374,6 @@ X Section
Flavor: %s
PID: %d
Agent start: 2018-01-05 11:25:15 UTC (1515151515000)
- FIPS Mode: not available
Log Level: info
Config File: There is no config file
Conf.d Path: %s
@@ -431,7 +428,6 @@ X Section
Flavor: %s
PID: %d
Agent start: 2018-01-05 11:25:15 UTC (1515151515000)
- FIPS Mode: not available
Log Level: info
Config File: There is no config file
Conf.d Path: %s
@@ -519,7 +515,6 @@ func TestGetStatusDoNotRenderHeaderIfNoProviders(t *testing.T) {
Python Version: n/a
Build arch: %s
Agent flavor: %s
- FIPS Mode: not available
Log Level: info
Paths
@@ -607,7 +602,6 @@ func TestGetStatusWithErrors(t *testing.T) {
Python Version: n/a
Build arch: %s
Agent flavor: agent
- FIPS Mode: not available
Log Level: info
Paths
@@ -921,7 +915,6 @@ Status render errors
Python Version: n/a
Build arch: %s
Agent flavor: agent
- FIPS Mode: not available
Log Level: info
Paths
diff --git a/comp/core/status/statusimpl/templates/html.tmpl b/comp/core/status/statusimpl/templates/html.tmpl
index 0087ff9ebbc774..dc3efef7b9f233 100644
--- a/comp/core/status/statusimpl/templates/html.tmpl
+++ b/comp/core/status/statusimpl/templates/html.tmpl
@@ -3,11 +3,11 @@
Version: {{.version}}
Flavor: {{.flavor}}
- PID: {{.pid}}
- Agent start: {{ formatUnixTime .agent_start_nano }}
{{- if .fips_status}}
- FIPS Mode: {{.fips_status}}
+ FIPS compliant: {{.fips_status}}
{{- end }}
+ PID: {{.pid}}
+ Agent start: {{ formatUnixTime .agent_start_nano }}
{{- if .config.log_file}}
Log File: {{.config.log_file}}
{{end}}
diff --git a/comp/core/status/statusimpl/templates/text.tmpl b/comp/core/status/statusimpl/templates/text.tmpl
index 9210d4148f9138..a86ad4069da38b 100644
--- a/comp/core/status/statusimpl/templates/text.tmpl
+++ b/comp/core/status/statusimpl/templates/text.tmpl
@@ -8,7 +8,7 @@
Build arch: {{.build_arch}}
Agent flavor: {{.flavor}}
{{- if .fips_status}}
- FIPS Mode: {{.fips_status}}
+ FIPS compliant: {{.fips_status}}
{{- end }}
{{- if .config.log_file}}
Log File: {{.config.log_file}}
diff --git a/pkg/fips/fips_disabled.go b/pkg/fips/fips_disabled.go
index 7042a3cf3c8e13..0f4fdf6f79868e 100644
--- a/pkg/fips/fips_disabled.go
+++ b/pkg/fips/fips_disabled.go
@@ -10,7 +10,7 @@ package fips
// Status returns an empty string when not the datadog-fips-agent flavor
func Status() string {
- return "not available"
+ return ""
}
// Enabled returns false when not the datadog-fips-agent flavor
diff --git a/pkg/fips/fips_nix.go b/pkg/fips/fips_nix.go
index 5eda87b83cf1eb..d0a41c1626c7e6 100644
--- a/pkg/fips/fips_nix.go
+++ b/pkg/fips/fips_nix.go
@@ -10,16 +10,13 @@ package fips
import (
"os"
+ "strconv"
)
-// Status returns a displayable string or error of FIPS Mode of the agent build and runtime
+// Status returns a displayable string or error of FIPS compliance state of the agent build and runtime
func Status() string {
enabled, _ := Enabled()
- if enabled {
- return "enabled"
- } else {
- return "disabled"
- }
+ return strconv.FormatBool(enabled)
}
// Enabled checks to see if the agent runtime environment is as expected relating to its build to be FIPS compliant. For Linux this is that the binary is run with the GOFIPS=1 environment variable.
diff --git a/pkg/fips/fips_windows.go b/pkg/fips/fips_windows.go
index a5a0e7cb96b298..b13e2c4878e7d3 100644
--- a/pkg/fips/fips_windows.go
+++ b/pkg/fips/fips_windows.go
@@ -10,18 +10,15 @@ package fips
import (
"fmt"
+ "strconv"
"golang.org/x/sys/windows/registry"
)
-// Status returns a displayable string or error of FIPS Mode of the agent build and runtime
+// Status returns a displayable string or error of FIPS compliance state of the agent build and runtime
func Status() string {
enabled, _ := Enabled()
- if enabled {
- return "enabled"
- } else {
- return "disabled"
- }
+ return strconv.FormatBool(enabled)
}
// Enabled checks to see if the agent runtime environment is as expected relating to its build to be FIPS compliant. For Windows this means that FIPS mode is enabled via the Windows registry.
diff --git a/test/new-e2e/tests/agent-subcommands/status/status_common_test.go b/test/new-e2e/tests/agent-subcommands/status/status_common_test.go
index 92bb937f69d2a1..669e0ff7ec1636 100644
--- a/test/new-e2e/tests/agent-subcommands/status/status_common_test.go
+++ b/test/new-e2e/tests/agent-subcommands/status/status_common_test.go
@@ -102,7 +102,6 @@ func (v *baseStatusSuite) TestDefaultInstallStatus() {
{
name: `Agent \(.*\)`, // TODO: verify that the right version is output
shouldBePresent: true,
- shouldContain: []string{"FIPS Mode: not available"},
shouldNotContain: []string{"FIPS proxy"},
},
{
diff --git a/test/new-e2e/tests/agent-subcommands/status/status_nix_test.go b/test/new-e2e/tests/agent-subcommands/status/status_nix_test.go
index eaace3299438d1..35841716f6463f 100644
--- a/test/new-e2e/tests/agent-subcommands/status/status_nix_test.go
+++ b/test/new-e2e/tests/agent-subcommands/status/status_nix_test.go
@@ -47,7 +47,7 @@ func (v *linuxStatusSuite) TestFIPSProxyStatus() {
{
name: `Agent \(.*\)`,
shouldBePresent: true,
- shouldContain: []string{"FIPS Mode: proxy", "FIPS proxy"},
+ shouldContain: []string{"FIPS proxy"},
},
}
diff --git a/test/new-e2e/tests/fips-compliance/fips_nix_test.go b/test/new-e2e/tests/fips-compliance/fips_nix_test.go
index 569a5eb591b34f..c70221dbc6dcf5 100644
--- a/test/new-e2e/tests/fips-compliance/fips_nix_test.go
+++ b/test/new-e2e/tests/fips-compliance/fips_nix_test.go
@@ -35,6 +35,7 @@ func TestLinuxFIPSComplianceSuite(t *testing.T) {
awshost.WithEC2InstanceOptions(ec2.WithOS(os.UbuntuDefault)),
awshost.WithAgentOptions(agentparams.WithFlavor("datadog-fips-agent")),
)),
+ e2e.WithSkipDeleteOnFailure(),
)
}
@@ -42,7 +43,7 @@ func (v *LinuxFIPSComplianceSuite) TestFIPSDefaultConfig() {
status := v.Env().RemoteHost.MustExecute("sudo GOFIPS=0 datadog-agent status")
assert.NotContains(v.T(), status, "can't enable FIPS mode for OpenSSL")
assert.Contains(v.T(), status, "Status date")
- assert.Contains(v.T(), status, "FIPS Mode: disabled")
+ assert.Contains(v.T(), status, "FIPS compliant: false")
v.Env().RemoteHost.MustExecute("sudo systemctl set-environment GOFIPS=1")
v.Env().RemoteHost.MustExecute("sudo systemctl restart datadog-agent")
@@ -51,7 +52,7 @@ func (v *LinuxFIPSComplianceSuite) TestFIPSDefaultConfig() {
status = v.Env().RemoteHost.MustExecute("sudo GOFIPS=1 datadog-agent status")
assert.NotContains(t, status, "can't enable FIPS mode for OpenSSL")
assert.Contains(t, status, "Status date")
- assert.Contains(t, status, "FIPS Mode: enabled")
+ assert.Contains(t, status, "FIPS compliant: true")
}, 60*time.Second, 5*time.Second)
v.Env().RemoteHost.MustExecute("sudo systemctl unset-environment GOFIPS")