Fix

Signed-off-by: Pavol Loffay <[email protected]>

Author: pavolloffay

apis/v1beta1/collector_webhook.go

@@ -292,9 +292,11 @@ func (c CollectorWebhook) Validate(ctx context.Context, r *OpenTelemetryCollecto
 		return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'deploymentUpdateStrategy'", r.Spec.Mode)
 	}
 
-	components := r.Spec.Config.GetEnabledComponents()
-	if notAllowedComponents := c.fips.DisabledComponents(components[KindReceiver], components[KindExporter], components[KindProcessor], components[KindExtension]); notAllowedComponents != nil {
-		return nil, fmt.Errorf("the collector configuration contains not FIPS compliant components: %s. Please remove it from the config", notAllowedComponents)
+	if c.fips != nil {
+		components := r.Spec.Config.GetEnabledComponents()
+		if notAllowedComponents := c.fips.DisabledComponents(components[KindReceiver], components[KindExporter], components[KindProcessor], components[KindExtension]); notAllowedComponents != nil {
+			return nil, fmt.Errorf("the collector configuration contains not FIPS compliant components: %s. Please remove it from the config", notAllowedComponents)
+		}
 	}
 
 	return warnings, nil

apis/v1beta1/collector_webhook_test.go

@@ -39,7 +39,6 @@ import (
 
 	"github.com/open-telemetry/opentelemetry-operator/apis/v1beta1"
 	"github.com/open-telemetry/opentelemetry-operator/internal/config"
-	"github.com/open-telemetry/opentelemetry-operator/internal/fips"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
 	collectorManifests "github.com/open-telemetry/opentelemetry-operator/internal/manifests/collector"
 	"github.com/open-telemetry/opentelemetry-operator/internal/rbac"
@@ -114,7 +113,7 @@ func TestValidate(t *testing.T) {
 			getReviewer(test.shouldFailSar),
 			nil,
 			bv,
-			fips.NewFipsCheck(false, nil, nil, nil, nil),
+			nil,
 		)
 		t.Run(tt.name, func(t *testing.T) {
 			tt := tt
@@ -496,7 +495,7 @@ func TestCollectorDefaultingWebhook(t *testing.T) {
 				getReviewer(test.shouldFailSar),
 				nil,
 				bv,
-				fips.NewFipsCheck(false, nil, nil, nil, nil),
+				nil,
 			)
 			ctx := context.Background()
 			err := cvw.Default(ctx, &test.otelcol)
@@ -1288,7 +1287,7 @@ func TestOTELColValidatingWebhook(t *testing.T) {
 				getReviewer(test.shouldFailSar),
 				nil,
 				bv,
-				fips.NewFipsCheck(false, nil, nil, nil, nil),
+				nil,
 			)
 			ctx := context.Background()
 			warnings, err := cvw.ValidateCreate(ctx, &test.otelcol)
@@ -1356,7 +1355,7 @@ func TestOTELColValidateUpdateWebhook(t *testing.T) {
 				getReviewer(test.shouldFailSar),
 				nil,
 				bv,
-				fips.NewFipsCheck(false, nil, nil, nil, nil),
+				nil,
 			)
 			ctx := context.Background()
 			warnings, err := cvw.ValidateUpdate(ctx, &test.otelcolOld, &test.otelcolNew)

controllers/suite_test.go

@@ -59,7 +59,6 @@ import (
 	"github.com/open-telemetry/opentelemetry-operator/internal/autodetect/prometheus"
 	autoRBAC "github.com/open-telemetry/opentelemetry-operator/internal/autodetect/rbac"
 	"github.com/open-telemetry/opentelemetry-operator/internal/config"
-	"github.com/open-telemetry/opentelemetry-operator/internal/fips"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests/collector/testdata"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests/manifestutils"
@@ -183,7 +182,7 @@ func TestMain(m *testing.M) {
 	}
 	reviewer := rbac.NewReviewer(clientset)
 
-	if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, fips.NewFipsCheck(false, nil, nil, nil, nil)); err != nil {
+	if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, nil); err != nil {
 		fmt.Printf("failed to SetupWebhookWithManager: %v", err)
 		os.Exit(1)
 	}

internal/fips/fipscheck.go

@@ -19,28 +19,22 @@ import (
 )
 
 type FIPSCheck interface {
+	// DisabledComponents checks if a submitted components are denied or not.
 	DisabledComponents(receivers map[string]interface{}, exporters map[string]interface{}, processors map[string]interface{}, extensions map[string]interface{}) []string
 }
 
-// FipsCheck holds configuration for FIPS black list.
+// FipsCheck holds configuration for FIPS deny list.
 type fipsCheck struct {
 	receivers  map[string]bool
 	exporters  map[string]bool
 	processors map[string]bool
 	extensions map[string]bool
 }
 
-type noopFIPSCheck struct{}
-
-func (noopFIPSCheck) DisabledComponents(receivers map[string]interface{}, exporters map[string]interface{}, processors map[string]interface{}, extensions map[string]interface{}) []string {
-	return nil
-}
-
 // NewFipsCheck creates new FipsCheck.
-// It checks if FIPS is enabled on the platform in /proc/sys/crypto/fips_enabled.
 func NewFipsCheck(FIPSEnabled bool, receivers, exporters, processors, extensions []string) FIPSCheck {
 	if !FIPSEnabled {
-		return &noopFIPSCheck{}
+		return nil
 	}
 
 	return &fipsCheck{
@@ -59,7 +53,6 @@ func listToMap(list []string) map[string]bool {
 	return m
 }
 
-// Check checks if a submitted components are back lister or not.
 func (fips fipsCheck) DisabledComponents(receivers map[string]interface{}, exporters map[string]interface{}, processors map[string]interface{}, extensions map[string]interface{}) []string {
 	var disabled []string
 	if comp := isDisabled(fips.receivers, receivers); comp != "" {
@@ -77,10 +70,10 @@ func (fips fipsCheck) DisabledComponents(receivers map[string]interface{}, expor
 	return disabled
 }
 
-func isDisabled(blackListed map[string]bool, cfg map[string]interface{}) string {
+func isDisabled(denyList map[string]bool, cfg map[string]interface{}) string {
 	for id := range cfg {
 		component := strings.Split(id, "/")[0]
-		if blackListed[component] {
+		if denyList[component] {
 			return component
 		}
 	}

internal/webhook/podmutation/webhookhandler_suite_test.go

@@ -41,7 +41,6 @@ import (
 	"github.com/open-telemetry/opentelemetry-operator/apis/v1alpha1"
 	"github.com/open-telemetry/opentelemetry-operator/apis/v1beta1"
 	"github.com/open-telemetry/opentelemetry-operator/internal/config"
-	"github.com/open-telemetry/opentelemetry-operator/internal/fips"
 	"github.com/open-telemetry/opentelemetry-operator/internal/rbac"
 )
 
@@ -106,7 +105,7 @@ func TestMain(m *testing.M) {
 	}
 	reviewer := rbac.NewReviewer(clientset)
 
-	if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, fips.NewFipsCheck(false, nil, nil, nil, nil)); err != nil {
+	if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, nil); err != nil {
 		fmt.Printf("failed to SetupWebhookWithManager: %v", err)
 		os.Exit(1)
 	}

pkg/collector/upgrade/suite_test.go

@@ -41,7 +41,6 @@ import (
 	"github.com/open-telemetry/opentelemetry-operator/apis/v1alpha1"
 	"github.com/open-telemetry/opentelemetry-operator/apis/v1beta1"
 	"github.com/open-telemetry/opentelemetry-operator/internal/config"
-	"github.com/open-telemetry/opentelemetry-operator/internal/fips"
 	"github.com/open-telemetry/opentelemetry-operator/internal/rbac"
 )
 
@@ -106,7 +105,7 @@ func TestMain(m *testing.M) {
 	}
 	reviewer := rbac.NewReviewer(clientset)
 
-	if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, fips.NewFipsCheck(false, nil, nil, nil, nil)); err != nil {
+	if err = v1beta1.SetupCollectorWebhook(mgr, config.New(), reviewer, nil, nil, nil); err != nil {
 		fmt.Printf("failed to SetupWebhookWithManager: %v", err)
 		os.Exit(1)
 	}