-
Epic
-
Resolution: Done
-
Critical
-
None
Goals
Modify Vector and/or its dependencies to fully rely upon OpenSSL in lieu of the alternatives (e.g. ring)
Non-Goals
Motivation
Product requirements dictate we deliver a product that is both export and FIPS compliant. OpenSSL meets these requirements
Alternatives
Acceptance Criteria
- Vector functions on a FIPS enabled cluster
- Vector is export compliant
- Vector with default feature sets supports architectures: x86_64, s390x, ppc64, arm
- PR are submitted (or accepted) with the proposed changes to any upstream communities
- Able to build vector on x86_64, s390x, ppc64, and arm with default feature set
Risk and Assumptions
We assume the upstream community ultimately has these same goal of being FIPS compliant. The biggest risk is it is not a priority for the community and they may not accept contributions for the changes required. We may need to carry patches of Vector and/or its dependencies
Documentation Considerations
- Update documentation to state the collector runs on FIPS enabled clusters. There should be no need to additional document export compliance given this is an implied legal requirement for any product delivered by RH
- Qualify our FIPS and export compliance until we can satisfy the requirement
Open Questions
- How extensive are the changes required to Vector?
- How extensive are the change required to Vector dependencies?
- Can we design a ring to OpenSSL adapter library to make the runtime swappable?
- Are we blocked from going GA without these changes or can we qualify with documentation.
Additional Notes
- blocks
-
OBSDA-111 Provide GA Support for Vector Collector with OpenShift Logging
- Closed
- links to
There are no Sub-Tasks for this issue.