djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1119 from enj/enj/i/fips_log_errs

Browse Source 
Only emit FIPS startup log when running a server component
This commit is contained in:
Mo Khan 2022-04-14 09:19:40 -04:00 committed by GitHub
commit 79fd8e2901
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/crypto/ptls/fips_strict.go
View File

@ -12,6 +12,8 @@ package ptls
import ( import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"os"
"path/filepath"
"runtime" "runtime"
"C" // explicitly import cgo so that runtime/cgo gets linked into the kube-cert-agent "C" // explicitly import cgo so that runtime/cgo gets linked into the kube-cert-agent
@ -26,6 +28,12 @@ const secureServingOptionsMinTLSVersion = "VersionTLS12"
const SecureTLSConfigMinTLSVersion = tls.VersionTLS12 const SecureTLSConfigMinTLSVersion = tls.VersionTLS12
func init() { func init() {
switch filepath.Base(os.Args[0]) {
case "pinniped-server", "pinniped-supervisor", "pinniped-concierge", "pinniped-concierge-kube-cert-agent":
default:
return // do not print FIPS logs if we cannot confirm that we are running a server binary
}
// this init runs before we have parsed our config to determine our log level // this init runs before we have parsed our config to determine our log level
// thus we must use a log statement that will always print instead of conditionally print // thus we must use a log statement that will always print instead of conditionally print
// for plog, that is only error and warning logs, neither of which seem appropriate here // for plog, that is only error and warning logs, neither of which seem appropriate here