diff --git a/filebeat/beater/crawler.go b/filebeat/beater/crawler.go index a551cd27afa6..525ab544141f 100644 --- a/filebeat/beater/crawler.go +++ b/filebeat/beater/crawler.go @@ -140,10 +140,6 @@ func (c *crawler) startInput( inputRunner.Once = c.once } - if err := checkFIPSCapability(runner); err != nil { - return err - } - c.inputs[id] = runner c.log.Infof("Starting input (ID: %d)", id) diff --git a/filebeat/beater/crawler_fips.go b/filebeat/beater/crawler_fips.go deleted file mode 100644 index f43fe9f13781..000000000000 --- a/filebeat/beater/crawler_fips.go +++ /dev/null @@ -1,43 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -//go:build requirefips - -package beater - -import ( - "fmt" - - v2 "github.com/elastic/beats/v7/filebeat/input/v2" - "github.com/elastic/beats/v7/libbeat/cfgfile" -) - -func checkFIPSCapability(runner cfgfile.Runner) error { - fipsAwareInput, ok := runner.(v2.FIPSAwareInput) - if !ok { - // Input is not FIPS-aware; assume it's FIPS capable and proceed - // without error - return nil - } - - if fipsAwareInput.IsFIPSCapable() { - // Input is FIPS-capable, proceed without error - return nil - } - - return fmt.Errorf("running a FIPS-capable distribution but input [%s] is not FIPS capable", runner.String()) -} diff --git a/filebeat/beater/crawler_fips_test.go b/filebeat/beater/crawler_fips_test.go deleted file mode 100644 index b8e4dccc3af6..000000000000 --- a/filebeat/beater/crawler_fips_test.go +++ /dev/null @@ -1,76 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -//go:build requirefips - -package beater - -import ( - "testing" - - "github.com/stretchr/testify/require" - - "github.com/elastic/beats/v7/libbeat/cfgfile" -) - -type fipsUnawareInput struct{} - -func newFIPSUnawareInput() *fipsUnawareInput { return &fipsUnawareInput{} } -func (f *fipsUnawareInput) String() string { return "fips_unaware_input" } -func (f *fipsUnawareInput) Start() {} -func (f *fipsUnawareInput) Stop() {} - -type fipsAwareInput struct{ isFIPSCapable bool } - -func newFIPSAwareInput(isFIPSCapable bool) *fipsAwareInput { - return &fipsAwareInput{isFIPSCapable: isFIPSCapable} -} -func (f *fipsAwareInput) String() string { return "fips_aware_input" } -func (f *fipsAwareInput) Start() {} -func (f *fipsAwareInput) Stop() {} -func (f *fipsAwareInput) IsFIPSCapable() bool { return f.isFIPSCapable } - -func TestCheckFIPSCapability(t *testing.T) { - tests := map[string]struct { - runner cfgfile.Runner - expectedErr string - }{ - "input_is_not_fips_aware": { - runner: newFIPSUnawareInput(), - expectedErr: "", - }, - "input_is_fips_aware_but_not_fips_capable": { - runner: newFIPSAwareInput(false), - expectedErr: "running a FIPS-capable distribution but input [fips_aware_input] is not FIPS capable", - }, - "input_is_fips_aware_and_fips_capable": { - runner: newFIPSAwareInput(true), - expectedErr: "", - }, - } - - for name, test := range tests { - t.Run(name, func(t *testing.T) { - err := checkFIPSCapability(test.runner) - if test.expectedErr == "" { - require.NoError(t, err) - } else { - require.EqualError(t, err, test.expectedErr) - } - }) - } -} diff --git a/filebeat/beater/crawler_nofips.go b/filebeat/beater/crawler_nofips.go deleted file mode 100644 index 3309df43f008..000000000000 --- a/filebeat/beater/crawler_nofips.go +++ /dev/null @@ -1,28 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -//go:build !requirefips - -package beater - -import "github.com/elastic/beats/v7/libbeat/cfgfile" - -func checkFIPSCapability(_ cfgfile.Runner) error { - // In non-FIPS builds, we assume all inputs are FIPS capable - // and proceed without error - return nil -} diff --git a/filebeat/input/v2/compat/compat.go b/filebeat/input/v2/compat/compat.go index 5d29727613da..7a73def43ed3 100644 --- a/filebeat/input/v2/compat/compat.go +++ b/filebeat/input/v2/compat/compat.go @@ -229,14 +229,3 @@ func (f *factory) generateCheckConfig(config *conf.C) (*conf.C, error) { return testCfg, nil } - -// IsFIPSCapable returns true if the input is capable of running with -// FIPS-compliant algorithms; false, otherwise. -func (r *runner) IsFIPSCapable() bool { - if fipsAwareInput, ok := r.input.(v2.FIPSAwareInput); ok { - return fipsAwareInput.IsFIPSCapable() - } - - // Input does not implement FIPSAwareInput, assume it is FIPS-capable - return true -} diff --git a/filebeat/input/v2/input-cursor/input.go b/filebeat/input/v2/input-cursor/input.go index 5b1c5fcd8773..57f0a7d40f06 100644 --- a/filebeat/input/v2/input-cursor/input.go +++ b/filebeat/input/v2/input-cursor/input.go @@ -87,15 +87,6 @@ func (inp *managedInput) Test(ctx input.TestContext) error { return nil } -// IsFIPSCapable returns true if the input is capable of running with -// FIPS-compliant algorithms; false, otherwise. -func (inp *managedInput) IsFIPSCapable() bool { - if fipsAware, ok := inp.input.(input.FIPSAwareInput); ok { - return fipsAware.IsFIPSCapable() - } - return true -} - func (inp *managedInput) testSource(ctx input.TestContext, source Source) (err error) { defer func() { if v := recover(); v != nil { diff --git a/filebeat/input/v2/input.go b/filebeat/input/v2/input.go index 2585dd259107..cf7d2fff2dbb 100644 --- a/filebeat/input/v2/input.go +++ b/filebeat/input/v2/input.go @@ -78,14 +78,6 @@ type Input interface { Run(Context, beat.PipelineConnector) error } -// FIPSAwareInput is able to report if it is FIPS capable or not. If a type does -// not implement this interface, that type will be considered to be FIPS capable. -type FIPSAwareInput interface { - // IsFIPSCapable returns true if the input is capable of running with - // FIPS-compliant algorithms; false, otherwise. - IsFIPSCapable() bool -} - // Context provides the Input Run function with common environmental // information and services. type Context struct {