Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Major
Fix Version/s: COO 0.4.0
Affects Version/s: None
Component/s: None
Labels:
None

Story Points:
5
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Docs QE Status:
NEW
QE Status:
NEW
Intelligence Requested:
Market:

Sprint:
Sprint 258

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Context

In order to address security requirements images for our products should comply with FIPS as described here: https://docs.google.com/presentation/d/1o3IowxHX6BsnxGkIInaQ0lBgnn_K5Ex8jxwCYCeNsqs/edit#slide=id.g2679cb578c3_0_10

Outcomes

all dynamic plugins owned by our team are FIPS compliant
- all dynamic plugins do not include Not compliant build options for Go
Dynamic plugins list to be checked
- Troubleshooting panel
- Logging
- Monitoring
- Dashboards
- Distributed tracing

Steps

Remove not compliant build options for Go
Sync with QE to test in a FIPS compliant OS using the FIPS or Die feature, check if this tests can be automated
Update COO midstream with the fix commit

Acceptance Criteria

All golang-based containers use the ENV GOEXPERIMENT=strictfipsruntime.
All golang-based containers use the ENV CGO_ENABLED=1.
All golang-based containers use the build tag strictfipsruntime.
All golang-based containers omit using static linking.
All golang-based container omit using the build tag no_openssl.
All containers use a runner base RHEL ELS image: e.g. registry.redhat.io/rhel9-4-els/rhel:9.4
All images pass the check-payload checks successfully.

links to

openshift/console-dashboards-plugin#45: OU-446: Support FIPS

openshift/distributed-tracing-console-plugin#36: OU-446: Support FIPS

openshift/logging-view-plugin#210: OU-446: Support FIPS

openshift/logging-view-plugin#213: [release-6.0] OU-446: Support FIPS

openshift/monitoring-plugin#169: OU-446: Add comment reminding to add FIPS CI checks

openshift/release#55983: OU-446: Add troubleshooting-panel-console-plugin FIPS check

openshift/release#55995: OU-446: Add fips checks and new branches to tracing plugin

openshift/release#56003: OU-446: Add new troubleshooting panel releases

openshift/release#56007: OU-446: Add console-dashboards-plugin fips check

openshift/release#56011: OU-446: Add fips check to logging-view-plugin

openshift/troubleshooting-panel-console-plugin#49: OU-446: Support FIPS

(6 links to)

Assignee:: Peter Yurkovich

Reporter:: Gabriel Bernal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/06/05 11:50 AM

Updated:: 2024/08/28 3:19 PM

Resolved:: 2024/08/28 3:19 PM