Skip to content

[v17] feat: Allow non-FIPS endpoints on FIPS binaries#52069

Merged
codingllama merged 5 commits intobranch/v17from
codingllama/backport/51924-v17
Feb 12, 2025
Merged

[v17] feat: Allow non-FIPS endpoints on FIPS binaries#52069
codingllama merged 5 commits intobranch/v17from
codingllama/backport/51924-v17

Conversation

@codingllama
Copy link
Copy Markdown
Contributor

@codingllama codingllama commented Feb 12, 2025

Backport #51924 to branch/v17.

Changelog: Added an escape hatch to allow non-FIPS AWS endpoints on FIPS binaries (TELEPORT_UNSTABLE_DISABLE_AWS_FIPS=yes).

@github-actions github-actions Bot added application-access audit-log Issues related to Teleports Audit Log backport size/md labels Feb 12, 2025
@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented Feb 12, 2025

Backported with various conflicts, as expected.

  • Adding new code: clean cherry-pick (e61255b)
  • forbidigo rules: conflicts on .golangci.yml (c9e1774)
  • Use stsutils functions: re-written using the same original gofmt rules (see below)
  • Use dynamodbutils: cherry-pick with conflicts: no FIPS options on the stream client (dynamodbbk.go), no FIPS field on lib/srv/db/dynamodb/engine.go (d385de5)

gofmt rules:

gofmt -r 'sts.NewFromConfig -> stsutils.NewFromConfig' -w **/*.go
gofmt -r 'sts.New -> stsutils.NewV1' -w **/*.go

# plus some cleanups, fixing imports, etc

Expect a similar procedure for v16 (only I'll likely cherry-pick from v17, as it has a better chance of working).

@codingllama codingllama mentioned this pull request Feb 12, 2025
Merged
@codingllama codingllama added this pull request to the merge queue Feb 12, 2025
@public-teleport-github-review-bot public-teleport-github-review-bot Bot removed the request for review from nklaassen February 12, 2025 21:58
Merged via the queue into branch/v17 with commit 66c0a49 Feb 12, 2025
@codingllama codingllama deleted the codingllama/backport/51924-v17 branch February 12, 2025 22:16
@camscale camscale mentioned this pull request Feb 13, 2025
Merged
@BrewTestBot BrewTestBot mentioned this pull request Feb 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GavinFrazar GavinFrazar GavinFrazar approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees

No one assigned

Labels

application-access audit-log Issues related to Teleports Audit Log backport size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codingllama @GavinFrazar @rosstimothy