Class: Simp::Cli::Config::Item::UseFips

Inherits:
YesNoItem show all
Includes:
SafeApplying
Defined in:
lib/simp/cli/config/item/use_fips.rb

Instance Attribute Summary

Attributes inherited from Simp::Cli::Config::Item

#allow_user_apply, #config_items, #description, #die_on_apply_fail, #fact, #fail_on_missing_answer, #key, #next_items_tree, #silent, #skip_apply, #skip_query, #skip_yaml, #value

Instance Method Summary collapse

Methods included from SafeApplying

#safe_apply

Methods inherited from YesNoItem

#highline_question_type, #next_items, #not_valid_message, #to_yaml_s, #validate

Methods inherited from Simp::Cli::Config::Item

#default_value, #highline_question_type, #next_items, #not_valid_message, #print_banner, #print_summary, #puppet_value, #query, #query_ask, #query_extras, #query_status, #safe_apply, #say_blue, #say_green, #say_red, #say_yellow, #to_yaml_s, #validate

Constructor Details

#initializeUseFips

Returns a new instance of UseFips.



11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/simp/cli/config/item/use_fips.rb', line 11

def initialize
  super
  @key         = 'use_fips'
  @description = %q{Enable FIPS mode on this system.

FIPS mode enforces strict compliance with FIPS-140-2.  All core SIMP modules
can support this configuration.

IMPORTANT: Be sure you know the security tradeoffs of FIPS-140-2 compliance.
FIPS mode disables the use of MD5 and may require weaker ciphers or key lengths
than your security policies allow.
}
 @allow_user_apply = true
end

Instance Method Details

#applyObject 



34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/simp/cli/config/item/use_fips.rb', line 34

def apply
  if @value
    # This is a one-off prep item needed to handle Puppet certs w/FIPS mode
    cmd = %q(puppet config set digest_algorithm sha256)
    puts cmd unless @silent
    %x{#{cmd}}
  else
    puts 'not using FIPS mode: noop'
    true # we applied nothing, successfully!
  end
end

#os_valueObject 



26
27
28
 
# File 'lib/simp/cli/config/item/use_fips.rb', line 26

def os_value
  Facter.value('fips_enabled') ? 'yes' : 'no'
end

#recommended_valueObject 



30
31
32
 
# File 'lib/simp/cli/config/item/use_fips.rb', line 30

def recommended_value
  os_value || 'yes'
end