[ASCII-2691] Change wording on FIPS Mode status indication

comp/core/status/statusimpl/common_header_provider.go

@@ -74,8 +74,8 @@ func (h *headerProvider) HTML(_ bool, buffer io.Writer) error {
 func (h *headerProvider) data() map[string]interface{} {
 	data := maps.Clone(h.constdata)
 	data["time_nano"] = nowFunc().UnixNano()
-	data["fips_status"] = fips.Status()
 	data["config"] = populateConfig(h.config)
+	data["fips_status"] = populateFIPSStatus(h.config)
 	return data
 }
 
@@ -115,3 +115,11 @@ func populateConfig(config config.Component) map[string]string {
 
 	return conf
 }
+
+func populateFIPSStatus(config config.Component) string {
+	fipsStatus := fips.Status()
+	if fipsStatus == "not available" && config.GetString("fips.enabled") == "true" {
+		return "proxy"
+	}
+	return fipsStatus
+}

comp/core/status/statusimpl/common_header_provider_test.go

@@ -89,6 +89,7 @@ func TestCommonHeaderProviderText(t *testing.T) {
   Python Version: n/a
   Build arch: %s
   Agent flavor: %s
+  FIPS Mode: not available
   Log Level: info
 
   Paths
@@ -188,6 +189,7 @@ func TestCommonHeaderProviderTextWithFipsInformation(t *testing.T) {
   Python Version: n/a
   Build arch: %s
   Agent flavor: %s
+  FIPS Mode: proxy
   Log Level: info
 
   Paths
@@ -241,6 +243,7 @@ func TestCommonHeaderProviderHTML(t *testing.T) {
     Flavor: %s<br>
     PID: %d<br>
     Agent start: 2018-01-05 11:25:15 UTC (1515151515000)<br>
+    FIPS Mode: not available<br>
     Log Level: info<br>
     Config File: There is no config file<br>
     Conf.d Path: %s<br>
@@ -304,6 +307,7 @@ func TestCommonHeaderProviderHTMLWithFipsInformation(t *testing.T) {
     Flavor: %s<br>
     PID: %d<br>
     Agent start: 2018-01-05 11:25:15 UTC (1515151515000)<br>
+    FIPS Mode: proxy<br>
     Log Level: info<br>
     Config File: There is no config file<br>
     Conf.d Path: %s<br>

comp/core/status/statusimpl/status_test.go

@@ -272,6 +272,7 @@ func TestGetStatus(t *testing.T) {
   Python Version: n/a
   Build arch: %s
   Agent flavor: %s
+  FIPS Mode: not available
   Log Level: info
 
   Paths
@@ -324,6 +325,7 @@ X Section
   Python Version: n/a
   Build arch: %s
   Agent flavor: %s
+  FIPS Mode: not available
   Log Level: info
 
   Paths
@@ -374,6 +376,7 @@ X Section
     Flavor: %s<br>
     PID: %d<br>
     Agent start: 2018-01-05 11:25:15 UTC (1515151515000)<br>
+    FIPS Mode: not available<br>
     Log Level: info<br>
     Config File: There is no config file<br>
     Conf.d Path: %s<br>
@@ -428,6 +431,7 @@ X Section
     Flavor: %s<br>
     PID: %d<br>
     Agent start: 2018-01-05 11:25:15 UTC (1515151515000)<br>
+    FIPS Mode: not available<br>
     Log Level: info<br>
     Config File: There is no config file<br>
     Conf.d Path: %s<br>
@@ -515,6 +519,7 @@ func TestGetStatusDoNotRenderHeaderIfNoProviders(t *testing.T) {
   Python Version: n/a
   Build arch: %s
   Agent flavor: %s
+  FIPS Mode: not available
   Log Level: info
 
   Paths
@@ -602,6 +607,7 @@ func TestGetStatusWithErrors(t *testing.T) {
   Python Version: n/a
   Build arch: %s
   Agent flavor: agent
+  FIPS Mode: not available
   Log Level: info
 
   Paths
@@ -915,6 +921,7 @@ Status render errors
   Python Version: n/a
   Build arch: %s
   Agent flavor: agent
+  FIPS Mode: not available
   Log Level: info
 
   Paths

comp/core/status/statusimpl/templates/html.tmpl

@@ -3,11 +3,11 @@
   <span class="stat_data">
     Version: {{.version}}<br>
     Flavor: {{.flavor}}<br>
-    {{- if .fips_status}}
-    FIPS compliant: {{.fips_status}}<br>
-    {{- end }}
     PID: {{.pid}}<br>
     Agent start: {{ formatUnixTime .agent_start_nano }}<br>
+    {{- if .fips_status}}
+    FIPS Mode: {{.fips_status}}<br>
+    {{- end }}
     {{- if .config.log_file}}
       Log File: {{.config.log_file}}<br>
     {{end}}

comp/core/status/statusimpl/templates/text.tmpl

@@ -8,7 +8,7 @@
   Build arch: {{.build_arch}}
   Agent flavor: {{.flavor}}
   {{- if .fips_status}}
-  FIPS compliant: {{.fips_status}}
+  FIPS Mode: {{.fips_status}}
   {{- end }}
   {{- if .config.log_file}}
   Log File: {{.config.log_file}}

pkg/fips/fips_disabled.go

@@ -10,7 +10,7 @@ package fips
 
 // Status returns an empty string when not the datadog-fips-agent flavor
 func Status() string {
-	return ""
+	return "not available"
 }
 
 // Enabled  returns false when not the datadog-fips-agent flavor

pkg/fips/fips_nix.go

@@ -10,13 +10,16 @@ package fips
 
 import (
 	"os"
-	"strconv"
 )
 
-// Status returns a displayable string or error of FIPS compliance state of the agent build and runtime
+// Status returns a displayable string or error of FIPS Mode of the agent build and runtime
 func Status() string {
 	enabled, _ := Enabled()
-	return strconv.FormatBool(enabled)
+	if enabled {
+		return "enabled"
+	} else {
+		return "disabled"
+	}
 }
 
 // Enabled checks to see if the agent runtime environment is as expected relating to its build to be FIPS compliant. For Linux this is that the binary is run with the GOFIPS=1 environment variable.

pkg/fips/fips_windows.go

@@ -10,15 +10,18 @@ package fips
 
 import (
 	"fmt"
-	"strconv"
 
 	"golang.org/x/sys/windows/registry"
 )
 
-// Status returns a displayable string or error of FIPS compliance state of the agent build and runtime
+// Status returns a displayable string or error of FIPS Mode of the agent build and runtime
 func Status() string {
 	enabled, _ := Enabled()
-	return strconv.FormatBool(enabled)
+	if enabled {
+		return "enabled"
+	} else {
+		return "disabled"
+	}
 }
 
 // Enabled checks to see if the agent runtime environment is as expected relating to its build to be FIPS compliant. For Windows this means that FIPS mode is enabled via the Windows registry.

test/new-e2e/tests/agent-subcommands/status/status_common_test.go

@@ -102,6 +102,7 @@ func (v *baseStatusSuite) TestDefaultInstallStatus() {
 		{
 			name:             `Agent \(.*\)`, // TODO: verify that the right version is output
 			shouldBePresent:  true,
+			shouldContain:    []string{"FIPS Mode: not available"},
 			shouldNotContain: []string{"FIPS proxy"},
 		},
 		{

test/new-e2e/tests/agent-subcommands/status/status_nix_test.go

@@ -47,7 +47,7 @@ func (v *linuxStatusSuite) TestFIPSProxyStatus() {
 		{
 			name:            `Agent \(.*\)`,
 			shouldBePresent: true,
-			shouldContain:   []string{"FIPS proxy"},
+			shouldContain:   []string{"FIPS Mode: proxy", "FIPS proxy"},
 		},
 	}
 

test/new-e2e/tests/fips-compliance/fips_nix_test.go

@@ -35,15 +35,14 @@ func TestLinuxFIPSComplianceSuite(t *testing.T) {
 			awshost.WithEC2InstanceOptions(ec2.WithOS(os.UbuntuDefault)),
 			awshost.WithAgentOptions(agentparams.WithFlavor("datadog-fips-agent")),
 		)),
-		e2e.WithSkipDeleteOnFailure(),
 	)
 }
 
 func (v *LinuxFIPSComplianceSuite) TestFIPSDefaultConfig() {
 	status := v.Env().RemoteHost.MustExecute("sudo GOFIPS=0 datadog-agent status")
 	assert.NotContains(v.T(), status, "can't enable FIPS mode for OpenSSL")
 	assert.Contains(v.T(), status, "Status date")
-	assert.Contains(v.T(), status, "FIPS compliant: false")
+	assert.Contains(v.T(), status, "FIPS Mode: disabled")
 
 	v.Env().RemoteHost.MustExecute("sudo systemctl set-environment GOFIPS=1")
 	v.Env().RemoteHost.MustExecute("sudo systemctl restart datadog-agent")
@@ -52,7 +51,7 @@ func (v *LinuxFIPSComplianceSuite) TestFIPSDefaultConfig() {
 		status = v.Env().RemoteHost.MustExecute("sudo GOFIPS=1 datadog-agent status")
 		assert.NotContains(t, status, "can't enable FIPS mode for OpenSSL")
 		assert.Contains(t, status, "Status date")
-		assert.Contains(t, status, "FIPS compliant: true")
+		assert.Contains(t, status, "FIPS Mode: enabled")
 	}, 60*time.Second, 5*time.Second)
 
 	v.Env().RemoteHost.MustExecute("sudo systemctl unset-environment GOFIPS")