Skip to content

Do not allow ssh authentication for functions in FIPS mode #2302

New issue
New issue
Open
Task
Open
Do not allow ssh authentication for functions in FIPS mode#2302
Task
Labels
priority/critical-urgentHighest priority. Must be actively worked on as someone's top priority right now.
Milestone
1.11.0
@kwiatekus

Description

@kwiatekus
kwiatekus
opened on Feb 19, 2026

Description

Source of git functions cannot be fetched when controller is running in FIPS mode as the ssh handshake fails between the go-git client and git server. Such Functions wont run in FIPS mode, therefore should not be allowed in FIPS mode.

Reasons

#1984 (comment)

Acceptance Criteria

  • when controller is running in fips mode and receives a git function with ssh authentication, it should leave it with ConfigurationReady=false condition and Reason="InvalidFunctionSpec" and a message explaining that the ssh authentication is not supported in FIPS mode

Testing Strategy (DoD)

  • introduce a test for function reconciler verifying that Function CR (with ssh git auth) has proper status once reconciled by controller running in fips mode

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority/critical-urgentHighest priority. Must be actively worked on as someone's top priority right now.

    Type

    Task

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions