Use FIPS verification script in FIPS pipeline (!72) · Merge requests · GitLab.org / Distribution / reference-architecture-tester

Andy Hohenner requested to merge Use_FIPS_Verification_script into master Aug 09, 2023

This MR is in support of https://gitlab.com/gitlab-org/gitlab/-/issues/386087+

It adds the FIPS Verification script to the FIPS pipeline and runs it against thee Rails servers.

The script will add to the log of the pipeline the following message:

TASK [gitlab_rails : Check FIPS Status] *********************************************************************************************************************************
changed: [fips-rat-gcp-gitlab-rails-1]

TASK [gitlab_rails : debug] *********************************************************************************************************************************************
ok: [fips-rat-gcp-gitlab-rails-1] =>
  fips_status.stdout_lines:
  - 'Kernel in FIPS mode:  false ; Embedded GitLab Ruby in FIPS mode:  false ; Go in FIPS mode:  Go not installed'

If the Kernel, Ruby, and Go are in FIPS mode the status will be true otherwise it will show as above.

Edited Aug 09, 2023 by Andy Hohenner

Use FIPS verification script in FIPS pipeline

Merge request reports