From 6b4fbb6e0e408a891c1da1302fb23848452eaa32 Mon Sep 17 00:00:00 2001
From: Monis Khan <i@monis.app>
Date: Tue, 12 Apr 2022 14:27:07 -0400
Subject: [PATCH] Use klog to make sure FIPS init log is emitted

We cannot use plog until the log level config has been setup, but
that occurs after this init function has run.

Signed-off-by: Monis Khan <mok@vmware.com>
---
 internal/crypto/ptls/fips_strict.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/internal/crypto/ptls/fips_strict.go b/internal/crypto/ptls/fips_strict.go
index a6a3c65d..a48a0dfe 100644
--- a/internal/crypto/ptls/fips_strict.go
+++ b/internal/crypto/ptls/fips_strict.go
@@ -18,8 +18,7 @@ import (
 	_ "crypto/tls/fipsonly" // restricts all TLS configuration to FIPS-approved settings.
 
 	"k8s.io/apiserver/pkg/server/options"
-
-	"go.pinniped.dev/internal/plog"
+	"k8s.io/klog/v2"
 )
 
 // Always use TLS 1.2 for FIPs
@@ -27,7 +26,11 @@ const secureServingOptionsMinTLSVersion = "VersionTLS12"
 const SecureTLSConfigMinTLSVersion = tls.VersionTLS12
 
 func init() {
-	plog.Debug("using boring crypto in fips only mode", "go version", runtime.Version())
+	// this init runs before we have parsed our config to determine our log level
+	// thus we must use a log statement that will always print instead of conditionally print
+	// for plog, that is only error and warning logs, neither of which seem appropriate here
+	// therefore, just use klog directly with no V level requirement
+	klog.InfoS("using boring crypto in fips only mode", "go version", runtime.Version())
 }
 
 func Default(rootCAs *x509.CertPool) *tls.Config {