diff --git a/.pipelines/ci.yml b/.pipelines/ci.yml index 84d495c85fa..81ee5f034ea 100644 --- a/.pipelines/ci.yml +++ b/.pipelines/ci.yml @@ -70,6 +70,11 @@ jobs: make unit-test-go displayName: ๐Ÿงช Run Golang unit tests + - script: | + set -xe + make validate-fips + displayName: ๐Ÿ•ต๏ธ Validate FIPS + - task: PublishTestResults@2 displayName: ๐Ÿ“Š Publish tests results inputs: diff --git a/Makefile b/Makefile index 0ace6417034..eca40f6df8e 100644 --- a/Makefile +++ b/Makefile @@ -161,6 +161,9 @@ validate-go: go vet ./... go test -tags e2e -run ^$$ ./test/e2e/... +validate-fips: + hack/fips/validate-fips.sh + unit-test-go: go run ./vendor/gotest.tools/gotestsum/main.go --format pkgname --junitfile report.xml -- -tags=aro -coverprofile=cover.out ./... @@ -180,4 +183,4 @@ vendor: # See comments in the script for background on why we need it hack/update-go-module-dependencies.sh -.PHONY: admin.kubeconfig aro az clean client deploy dev-config.yaml discoverycache generate image-aro image-aro-multistage image-fluentbit image-proxy lint-go runlocal-rp proxy publish-image-aro publish-image-aro-multistage publish-image-fluentbit publish-image-proxy secrets secrets-update e2e.test tunnel test-e2e test-go test-python vendor build-all validate-go unit-test-go coverage-go +.PHONY: admin.kubeconfig aro az clean client deploy dev-config.yaml discoverycache generate image-aro image-aro-multistage image-fluentbit image-proxy lint-go runlocal-rp proxy publish-image-aro publish-image-aro-multistage publish-image-fluentbit publish-image-proxy secrets secrets-update e2e.test tunnel test-e2e test-go test-python vendor build-all validate-go unit-test-go coverage-go validate-fips diff --git a/hack/fips/validate-fips.sh b/hack/fips/validate-fips.sh new file mode 100755 index 00000000000..63b00b35174 --- /dev/null +++ b/hack/fips/validate-fips.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# The small go program below will validate that a +# FIPS validated crypto lib +cat > ./hack/fips/main.go << 'EOF' +package main + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +import ( + _ "crypto/tls/fipsonly" + + utillog "github.com/Azure/ARO-RP/pkg/util/log" +) + +func main() { + log := utillog.GetLogger() + log.Println("FIPS mode enabled") +} +EOF +trap "rm ./hack/fips/main.go" EXIT +echo "Attempting to run program that requires FIPS crypto" +go run ./hack/fips/main.go