From 1a3f7688137e2b624a355483aed286916aa42953 Mon Sep 17 00:00:00 2001
From: Ignasi Barrera <ignasi@tetrate.io>
Date: Tue, 5 Mar 2024 22:34:48 +0100
Subject: [PATCH 1/3] FIPS enabled message using hte logger

---
 cmd/main.go                             |  2 ++
 internal/fips_disabled.go               | 22 ++++++++++++++++++++++
 cmd/fips.go => internal/fips_enabled.go | 13 +++++--------
 3 files changed, 29 insertions(+), 8 deletions(-)
 create mode 100644 internal/fips_disabled.go
 rename cmd/fips.go => internal/fips_enabled.go (75%)

diff --git a/cmd/main.go b/cmd/main.go
index c9e66fa..8e1dcfb 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -66,6 +66,8 @@ func main() {
 		&signal.Handler{}, // handle graceful termination
 	)
 
+	internal.LogFIPS() // Print the FIPS status
+
 	if err := g.Run(); err != nil {
 		fmt.Printf("Unexpected exit: %v\n", err)
 		os.Exit(-1)
diff --git a/internal/fips_disabled.go b/internal/fips_disabled.go
new file mode 100644
index 0000000..1e00d60
--- /dev/null
+++ b/internal/fips_disabled.go
@@ -0,0 +1,22 @@
+// Copyright 2024 Tetrate
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !boringcrypto
+
+package internal
+
+// LogFIPS logs whether FIPS is enabled or not.
+func LogFIPS() {
+	Logger(Default).Info("FIPS: boringcrypto", "enabled", false)
+}
diff --git a/cmd/fips.go b/internal/fips_enabled.go
similarity index 75%
rename from cmd/fips.go
rename to internal/fips_enabled.go
index dcaf35c..53b11d8 100644
--- a/cmd/fips.go
+++ b/internal/fips_enabled.go
@@ -14,14 +14,11 @@
 
 //go:build boringcrypto
 
-package main
+package internal
 
-import (
-	"crypto/boring"
-	"fmt"
-)
+import "crypto/boring"
 
-// This line will only be printed in the output if boringcrypto is enabled.
-func init() {
-	fmt.Println("FIPS: boringcrypto enabled:", boring.Enabled())
+// LogFIPS logs whether FIPS is enabled or not.
+func LogFIPS() {
+	Logger(Default).Info("FIPS: boringcrypto", "enabled", boring.Enabled())
 }

From ad9536b5727fdb79f9dcd578a26b2866d3df0dd6 Mon Sep 17 00:00:00 2001
From: Ignasi Barrera <ignasi@tetrate.io>
Date: Tue, 5 Mar 2024 22:48:08 +0100
Subject: [PATCH 2/3] regenerate protos

---
 config/gen/go/v1/config.pb.go      | 2 +-
 config/gen/go/v1/mock/config.pb.go | 2 +-
 config/gen/go/v1/oidc/config.pb.go | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/gen/go/v1/config.pb.go b/config/gen/go/v1/config.pb.go
index 2417fee..e43a029 100644
--- a/config/gen/go/v1/config.pb.go
+++ b/config/gen/go/v1/config.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: v1/config.proto
 
diff --git a/config/gen/go/v1/mock/config.pb.go b/config/gen/go/v1/mock/config.pb.go
index c8b9a8b..66b25b5 100644
--- a/config/gen/go/v1/mock/config.pb.go
+++ b/config/gen/go/v1/mock/config.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: v1/mock/config.proto
 
diff --git a/config/gen/go/v1/oidc/config.pb.go b/config/gen/go/v1/oidc/config.pb.go
index 41163d3..21ba7f2 100644
--- a/config/gen/go/v1/oidc/config.pb.go
+++ b/config/gen/go/v1/oidc/config.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: v1/oidc/config.proto
 

From 5ca9e3d0da47c5a06b02b6c8ffbc3e8706900a08 Mon Sep 17 00:00:00 2001
From: Ignasi Barrera <ignasi@tetrate.io>
Date: Wed, 6 Mar 2024 18:47:02 +0100
Subject: [PATCH 3/3] review comments

---
 cmd/main.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/cmd/main.go b/cmd/main.go
index 8e1dcfb..baa3c70 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -50,6 +50,10 @@ func main() {
 		}
 		return nil
 	})
+	fipsLog := run.NewPreRunner("fips", func() error {
+		internal.LogFIPS()
+		return nil
+	})
 
 	g := run.Group{Logger: internal.Logger(internal.Default)}
 
@@ -59,6 +63,7 @@ func main() {
 		logging,           // Set up the logging system
 		secretCtrl,        // watch for secret updates and update the configuration
 		configLog,         // log the configuration
+		fipsLog,           // log whether FIPS is enabled
 		jwks,              // start the JWKS provider
 		sessions,          // start the session store
 		authzServer,       // start the server
@@ -66,8 +71,6 @@ func main() {
 		&signal.Handler{}, // handle graceful termination
 	)
 
-	internal.LogFIPS() // Print the FIPS status
-
 	if err := g.Run(); err != nil {
 		fmt.Printf("Unexpected exit: %v\n", err)
 		os.Exit(-1)