Skip to content

Commit

Permalink
Fix
Browse files Browse the repository at this point in the history
Signed-off-by: Pavol Loffay <[email protected]>
  • Loading branch information
pavolloffay committed Oct 2, 2024
1 parent 6db0df9 commit e85b902
Show file tree
Hide file tree
Showing 6 changed files with 17 additions and 26 deletions.
8 changes: 5 additions & 3 deletions apis/v1beta1/collector_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -292,9 +292,11 @@ func (c CollectorWebhook) Validate(ctx context.Context, r *OpenTelemetryCollecto
return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'deploymentUpdateStrategy'", r.Spec.Mode)
}

components := r.Spec.Config.GetEnabledComponents()
if notAllowedComponents := c.fips.DisabledComponents(components[KindReceiver], components[KindExporter], components[KindProcessor], components[KindExtension]); notAllowedComponents != nil {
return nil, fmt.Errorf("the collector configuration contains not FIPS compliant components: %s. Please remove it from the config", notAllowedComponents)
if c.fips != nil {
components := r.Spec.Config.GetEnabledComponents()
if notAllowedComponents := c.fips.DisabledComponents(components[KindReceiver], components[KindExporter], components[KindProcessor], components[KindExtension]); notAllowedComponents != nil {
return nil, fmt.Errorf("the collector configuration contains not FIPS compliant components: %s. Please remove it from the config", notAllowedComponents)
}
}

return warnings, nil
Expand Down
9 changes: 4 additions & 5 deletions apis/v1beta1/collector_webhook_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ import (

"github.com/open-telemetry/opentelemetry-operator/apis/v1beta1"
"github.com/open-telemetry/opentelemetry-operator/internal/config"
"github.com/open-telemetry/opentelemetry-operator/internal/fips"
"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
collectorManifests "github.com/open-telemetry/opentelemetry-operator/internal/manifests/collector"
"github.com/open-telemetry/opentelemetry-operator/internal/rbac"
Expand Down Expand Up @@ -114,7 +113,7 @@ func TestValidate(t *testing.T) {
getReviewer(test.shouldFailSar),
nil,
bv,
fips.NewFipsCheck(false, nil, nil, nil, nil),
nil,
)
t.Run(tt.name, func(t *testing.T) {
tt := tt
Expand Down Expand Up @@ -496,7 +495,7 @@ func TestCollectorDefaultingWebhook(t *testing.T) {
getReviewer(test.shouldFailSar),
nil,
bv,
fips.NewFipsCheck(false, nil, nil, nil, nil),
nil,
)
ctx := context.Background()
err := cvw.Default(ctx, &test.otelcol)
Expand Down Expand Up @@ -1288,7 +1287,7 @@ func TestOTELColValidatingWebhook(t *testing.T) {
getReviewer(test.shouldFailSar),
nil,
bv,
fips.NewFipsCheck(false, nil, nil, nil, nil),
nil,
)
ctx := context.Background()
warnings, err := cvw.ValidateCreate(ctx, &test.otelcol)
Expand Down Expand Up @@ -1356,7 +1355,7 @@ func TestOTELColValidateUpdateWebhook(t *testing.T) {
getReviewer(test.shouldFailSar),
nil,
bv,
fips.NewFipsCheck(false, nil, nil, nil, nil),
nil,
)
ctx := context.Background()
warnings, err := cvw.ValidateUpdate(ctx, &test.otelcolOld, &test.otelcolNew)
Expand Down
3 changes: 1 addition & 2 deletions controllers/suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,6 @@ import (
"github.com/open-telemetry/opentelemetry-operator/internal/autodetect/prometheus"
autoRBAC "github.com/open-telemetry/opentelemetry-operator/internal/autodetect/rbac"
"github.com/open-telemetry/opentelemetry-operator/internal/config"
"github.com/open-telemetry/opentelemetry-operator/internal/fips"
"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
"github.com/open-telemetry/opentelemetry-operator/internal/manifests/collector/testdata"
"github.com/open-telemetry/opentelemetry-operator/internal/manifests/manifestutils"
Expand Down Expand Up @@ -183,7 +182,7 @@ func TestMain(m *testing.M) {
}
reviewer := rbac.NewReviewer(clientset)

if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, fips.NewFipsCheck(false, nil, nil, nil, nil)); err != nil {
if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, nil); err != nil {
fmt.Printf("failed to SetupWebhookWithManager: %v", err)
os.Exit(1)
}
Expand Down
17 changes: 5 additions & 12 deletions internal/fips/fipscheck.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,28 +19,22 @@ import (
)

type FIPSCheck interface {
// DisabledComponents checks if a submitted components are denied or not.
DisabledComponents(receivers map[string]interface{}, exporters map[string]interface{}, processors map[string]interface{}, extensions map[string]interface{}) []string
}

// FipsCheck holds configuration for FIPS black list.
// FipsCheck holds configuration for FIPS deny list.
type fipsCheck struct {
receivers map[string]bool
exporters map[string]bool
processors map[string]bool
extensions map[string]bool
}

type noopFIPSCheck struct{}

func (noopFIPSCheck) DisabledComponents(receivers map[string]interface{}, exporters map[string]interface{}, processors map[string]interface{}, extensions map[string]interface{}) []string {
return nil
}

// NewFipsCheck creates new FipsCheck.
// It checks if FIPS is enabled on the platform in /proc/sys/crypto/fips_enabled.
func NewFipsCheck(FIPSEnabled bool, receivers, exporters, processors, extensions []string) FIPSCheck {
if !FIPSEnabled {
return &noopFIPSCheck{}
return nil
}

return &fipsCheck{
Expand All @@ -59,7 +53,6 @@ func listToMap(list []string) map[string]bool {
return m
}

// Check checks if a submitted components are back lister or not.
func (fips fipsCheck) DisabledComponents(receivers map[string]interface{}, exporters map[string]interface{}, processors map[string]interface{}, extensions map[string]interface{}) []string {
var disabled []string
if comp := isDisabled(fips.receivers, receivers); comp != "" {
Expand All @@ -77,10 +70,10 @@ func (fips fipsCheck) DisabledComponents(receivers map[string]interface{}, expor
return disabled
}

func isDisabled(blackListed map[string]bool, cfg map[string]interface{}) string {
func isDisabled(denyList map[string]bool, cfg map[string]interface{}) string {
for id := range cfg {
component := strings.Split(id, "/")[0]
if blackListed[component] {
if denyList[component] {
return component
}
}
Expand Down
3 changes: 1 addition & 2 deletions internal/webhook/podmutation/webhookhandler_suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ import (
"github.com/open-telemetry/opentelemetry-operator/apis/v1alpha1"
"github.com/open-telemetry/opentelemetry-operator/apis/v1beta1"
"github.com/open-telemetry/opentelemetry-operator/internal/config"
"github.com/open-telemetry/opentelemetry-operator/internal/fips"
"github.com/open-telemetry/opentelemetry-operator/internal/rbac"
)

Expand Down Expand Up @@ -106,7 +105,7 @@ func TestMain(m *testing.M) {
}
reviewer := rbac.NewReviewer(clientset)

if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, fips.NewFipsCheck(false, nil, nil, nil, nil)); err != nil {
if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, nil); err != nil {
fmt.Printf("failed to SetupWebhookWithManager: %v", err)
os.Exit(1)
}
Expand Down
3 changes: 1 addition & 2 deletions pkg/collector/upgrade/suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ import (
"github.com/open-telemetry/opentelemetry-operator/apis/v1alpha1"
"github.com/open-telemetry/opentelemetry-operator/apis/v1beta1"
"github.com/open-telemetry/opentelemetry-operator/internal/config"
"github.com/open-telemetry/opentelemetry-operator/internal/fips"
"github.com/open-telemetry/opentelemetry-operator/internal/rbac"
)

Expand Down Expand Up @@ -106,7 +105,7 @@ func TestMain(m *testing.M) {
}
reviewer := rbac.NewReviewer(clientset)

if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, fips.NewFipsCheck(false, nil, nil, nil, nil)); err != nil {
if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, nil); err != nil {
fmt.Printf("failed to SetupWebhookWithManager: %v", err)
os.Exit(1)
}
Expand Down

0 comments on commit e85b902

Please sign in to comment.