Merge pull request #7540 from zaneb/fips

openshift-ci[bot] · web-flow · commit 732271da7341 · 2023-10-04T14:58:23.000Z
OCPBUGS-15844: Enable FIPS in agent ISO
diff --git a/pkg/asset/agent/image/kargs.go b/pkg/asset/agent/image/kargs.go
@@ -12,25 +12,29 @@ import (
 // Kargs is an Asset that generates the additional kernel args.
 type Kargs struct {
 	consoleArgs string
+	fips        bool
 }
 
 // Dependencies returns the assets on which the Kargs asset depends.
 func (a *Kargs) Dependencies() []asset.Asset {
 	return []asset.Asset{
-		&manifests.AgentManifests{},
+		&manifests.AgentClusterInstall{},
 	}
 }
 
 // Generate generates the kernel args configurations for the agent ISO image and PXE assets.
 func (a *Kargs) Generate(dependencies asset.Parents) error {
-	agentManifests := &manifests.AgentManifests{}
-	dependencies.Get(agentManifests)
+	agentClusterInstall := &manifests.AgentClusterInstall{}
+	dependencies.Get(agentClusterInstall)
 
 	// Add kernel args for external oci platform
-	if agentManifests.GetExternalPlatformName() == string(models.PlatformTypeOci) {
+	if agentClusterInstall.GetExternalPlatformName() == string(models.PlatformTypeOci) {
 		logrus.Debugf("Added kernel args to enable serial console for %s %s platform", hiveext.ExternalPlatformType, string(models.PlatformTypeOci))
 		a.consoleArgs = " console=ttyS0"
 	}
+
+	a.fips = agentClusterInstall.FIPSEnabled()
+
 	return nil
 }
 
@@ -41,5 +45,9 @@ func (a *Kargs) Name() string {
 
 // KernelCmdLine returns the data to be appended to the kernel arguments.
 func (a *Kargs) KernelCmdLine() []byte {
-	return []byte(a.consoleArgs)
+	cmdLine := a.consoleArgs
+	if a.fips {
+		cmdLine += " fips=1"
+	}
+	return []byte(cmdLine)
 }
diff --git a/pkg/asset/agent/manifests/agent.go b/pkg/asset/agent/manifests/agent.go
@@ -111,15 +111,6 @@ func (m *AgentManifests) GetPullSecretData() string {
 	return m.PullSecret.StringData[".dockerconfigjson"]
 }
 
-// GetExternalPlatformName returns the platform name for the external platform.
-func (m *AgentManifests) GetExternalPlatformName() string {
-	var platformName string
-	if m.AgentClusterInstall.Spec.ExternalPlatformSpec != nil {
-		platformName = m.AgentClusterInstall.Spec.ExternalPlatformSpec.PlatformName
-	}
-	return platformName
-}
-
 func (m *AgentManifests) finish() error {
 	if err := m.validateAgentManifests().ToAggregate(); err != nil {
 		return errors.Wrapf(err, "invalid agent configuration")
diff --git a/pkg/asset/agent/manifests/agentclusterinstall.go b/pkg/asset/agent/manifests/agentclusterinstall.go
@@ -433,3 +433,20 @@ func (a *AgentClusterInstall) validateSupportedPlatforms() field.ErrorList {
 	}
 	return allErrs
 }
+
+// FIPSEnabled returns whether FIPS is enabled in the cluster configuration.
+func (a *AgentClusterInstall) FIPSEnabled() bool {
+	icOverrides := agentClusterInstallInstallConfigOverrides{}
+	if err := json.Unmarshal([]byte(a.Config.Annotations[installConfigOverrides]), &icOverrides); err == nil {
+		return icOverrides.FIPS
+	}
+	return false
+}
+
+// GetExternalPlatformName returns the platform name for the external platform.
+func (a *AgentClusterInstall) GetExternalPlatformName() string {
+	if a.Config != nil && a.Config.Spec.ExternalPlatformSpec != nil {
+		return a.Config.Spec.ExternalPlatformSpec.PlatformName
+	}
+	return ""
+}
