From 15821e90f24291d1fe7a09824f432274411fcf11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Paj=C4=85k?= Date: Thu, 7 Nov 2024 15:38:42 +0100 Subject: [PATCH 1/4] example: FIPS mode --- example/README.md | 38 ++++++++++++++++++++++++++++++++++++++ example/fipsonly.go | 22 ++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 example/fipsonly.go diff --git a/example/README.md b/example/README.md index 0e1def33c..6f8ee7823 100644 --- a/example/README.md +++ b/example/README.md @@ -77,3 +77,41 @@ Cleanup: ```sh docker compose -f docker-compose-splunk.yaml down ``` + +### Direct to Splunk Observability Cloud + +Run the instrumented application: + +```sh +export OTEL_SERVICE_NAME="splunk-otel-go-example" +export OTEL_RESOURCE_ATTRIBUTES="deployment.environment=$(whoami)" +SPLUNK_REALM= SPLUNK_ACCESS_TOKEN= go run . +``` + +You can find the collected telemetry in: + +- Splunk Observability Cloud: + > Note: Processing might take some time. + +### FIPS mode - Linux + +Run the instrumented applications using [`boringcrypto`](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md#go-fips-compliance): + +```sh +CGO_ENABLED=1 GOEXPERIMENT=boringcrypto go run . +``` + +### FIPS mode - Windows + +Install the [Microsoft Go fork](https://github.com/microsoft/go). + +Enable [FIPS mode](https://learn.microsoft.com/en-us/windows/security/security-foundations/certification/fips-140-validation#use-windows-in-a-fips-approved-mode-of-operation) +on Windows. + +Run the instrumented applications using: + +```sh +CGO_ENABLED=1 GOEXPERIMENT=cngcrypto go run -tags=requirefips . +``` + +Reference: [Microsoft Go fork FIPS compliance](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md#microsoft-go-fork-fips-compliance). diff --git a/example/fipsonly.go b/example/fipsonly.go new file mode 100644 index 000000000..b9bf3d1b3 --- /dev/null +++ b/example/fipsonly.go @@ -0,0 +1,22 @@ +// Copyright Splunk, Inc. +// Copyright The OpenTelemetry Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//go:build boringcrypto + +package main + +import ( + _ "crypto/tls/fipsonly" +) From 4c4a032c9ec771012bd37504c79cf47ffdd73d2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Paj=C4=85k?= Date: Thu, 7 Nov 2024 15:46:13 +0100 Subject: [PATCH 2/4] Remove Windows part --- example/README.md | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/example/README.md b/example/README.md index 6f8ee7823..474d94652 100644 --- a/example/README.md +++ b/example/README.md @@ -100,18 +100,3 @@ Run the instrumented applications using [`boringcrypto`](https://github.com/micr ```sh CGO_ENABLED=1 GOEXPERIMENT=boringcrypto go run . ``` - -### FIPS mode - Windows - -Install the [Microsoft Go fork](https://github.com/microsoft/go). - -Enable [FIPS mode](https://learn.microsoft.com/en-us/windows/security/security-foundations/certification/fips-140-validation#use-windows-in-a-fips-approved-mode-of-operation) -on Windows. - -Run the instrumented applications using: - -```sh -CGO_ENABLED=1 GOEXPERIMENT=cngcrypto go run -tags=requirefips . -``` - -Reference: [Microsoft Go fork FIPS compliance](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md#microsoft-go-fork-fips-compliance). From e57df509a7471cead5f5304ae5cc17c8ac62e95c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Paj=C4=85k?= Date: Thu, 7 Nov 2024 15:46:38 +0100 Subject: [PATCH 3/4] Format --- example/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/example/README.md b/example/README.md index 474d94652..fc266b6c8 100644 --- a/example/README.md +++ b/example/README.md @@ -95,7 +95,8 @@ You can find the collected telemetry in: ### FIPS mode - Linux -Run the instrumented applications using [`boringcrypto`](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md#go-fips-compliance): +Run the instrumented applications using +[`boringcrypto`](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md#go-fips-compliance): ```sh CGO_ENABLED=1 GOEXPERIMENT=boringcrypto go run . From d9b0fec6b9754e378690a0f2014ceaba13a190ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Paj=C4=85k?= Date: Thu, 7 Nov 2024 16:08:48 +0100 Subject: [PATCH 4/4] Refine docs --- example/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/example/README.md b/example/README.md index fc266b6c8..08fed5c71 100644 --- a/example/README.md +++ b/example/README.md @@ -96,7 +96,8 @@ You can find the collected telemetry in: ### FIPS mode - Linux Run the instrumented applications using -[`boringcrypto`](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md#go-fips-compliance): +[`boringcrypto`](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md#go-fips-compliance). +For example: ```sh CGO_ENABLED=1 GOEXPERIMENT=boringcrypto go run .