From 20af934c05204e93cd276e2308c9edf6d1d6b813 Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragsta@redhat.com>
Date: Tue, 24 Oct 2023 10:36:35 -0500
Subject: [PATCH] Add a the ability to build the operator for FIPS-only
 clusters

This commit includes a file that allows strict usage of algorithms for
FIPS.

This was copied for openshift/boilerplate, which includes some scripts
for enabling FIPS-compliant container image builds. Since we're not
using boilerplate, this just copies the file over, but
ultimately does the same thing as what boilerplate is doing.

To build with strict FIPS runtimes, enable CGO and use the
`strictfipsruntime` Go experimenal variable with a compiler that
supports it.
---
 cmd/manager/fips.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 cmd/manager/fips.go

diff --git a/cmd/manager/fips.go b/cmd/manager/fips.go
new file mode 100644
index 000000000..db42a9878
--- /dev/null
+++ b/cmd/manager/fips.go
@@ -0,0 +1,18 @@
+//go:build fips_enabled
+// +build fips_enabled
+
+// FIXME(rhmdnd): This was copied from openshift/boilerplate. We should
+// consider migrating our `make` targets to using boilerplate, which include
+// handy approaches and tools to enabling things consistently across
+// operators.
+
+package manager
+
+import (
+	_ "crypto/tls/fipsonly"
+	"fmt"
+)
+
+func init() {
+	fmt.Println("***** Starting with FIPS crypto enabled *****")
+}