From 9c8214263303b260cfffa503b813e15b839fb6f5 Mon Sep 17 00:00:00 2001 From: Dileep Garimella Date: Wed, 16 Nov 2022 22:33:44 +0000 Subject: [PATCH 1/2] Adding Fips Endpoint to the Envoy from K8s controller --- .../templates/deployment.yaml | 1 + config/helm/appmesh-controller/test.yaml | 1 + config/helm/appmesh-controller/values.yaml | 1 + pkg/inject/config.go | 3 + pkg/inject/envoy.go | 11 ++ pkg/inject/envoy_test.go | 126 ++++++++++++++++++ pkg/inject/inject.go | 2 + pkg/inject/sidecar_builder.go | 2 + pkg/inject/virtualgateway_envoy.go | 11 ++ pkg/inject/virtualgateway_envoy_test.go | 56 ++++++++ 10 files changed, 214 insertions(+) diff --git a/config/helm/appmesh-controller/templates/deployment.yaml b/config/helm/appmesh-controller/templates/deployment.yaml index 8b4628d1..d942486b 100644 --- a/config/helm/appmesh-controller/templates/deployment.yaml +++ b/config/helm/appmesh-controller/templates/deployment.yaml @@ -73,6 +73,7 @@ spec: - --envoy-admin-access-log-file={{ .Values.sidecar.envoyAdminAccessLogFile }} - --envoy-admin-access-enable-ipv6={{ .Values.sidecar.envoyAdminAccessEnableIPv6 }} - --dual-stack-endpoint={{ .Values.sidecar.useDualStackEndpoint }} + - --fips-endpoint={{ .Values.sidecar.useFipsEndpoint }} - --preview={{ .Values.preview }} - --enable-sds={{ .Values.sds.enabled }} - --sds-uds-path={{ .Values.sds.udsPath }} diff --git a/config/helm/appmesh-controller/test.yaml b/config/helm/appmesh-controller/test.yaml index ad03c282..de9acdca 100644 --- a/config/helm/appmesh-controller/test.yaml +++ b/config/helm/appmesh-controller/test.yaml @@ -23,6 +23,7 @@ sidecar: envoyAdminAccessLogFile: /tmp/envoy_admin_access.log envoyAdminAccessEnableIPv6: false useDualStackEndpoint: false + useFipsEndpoint: false resources: # sidecar.resources.requests: Envoy CPU and memory requests requests: diff --git a/config/helm/appmesh-controller/values.yaml b/config/helm/appmesh-controller/values.yaml index b4b6df21..028f4e75 100644 --- a/config/helm/appmesh-controller/values.yaml +++ b/config/helm/appmesh-controller/values.yaml @@ -24,6 +24,7 @@ sidecar: envoyAdminAccessLogFile: /tmp/envoy_admin_access.log envoyAdminAccessEnableIPv6: false useDualStackEndpoint: false + useFipsEndpoint: false resources: # sidecar.resources.requests: Envoy CPU and memory requests requests: diff --git a/pkg/inject/config.go b/pkg/inject/config.go index aef0bd02..5486dc4e 100644 --- a/pkg/inject/config.go +++ b/pkg/inject/config.go @@ -31,6 +31,7 @@ const ( flagEnvoyAdminAccessEnableIpv6 = "envoy-admin-access-enable-ipv6" flagDualStackEndpoint = "dual-stack-endpoint" flagWaitUntilProxyReady = "wait-until-proxy-ready" + flagFipsEndpoint = "fips-endpoint" flagInitImage = "init-image" flagIgnoredIPs = "ignored-ips" @@ -88,6 +89,7 @@ type Config struct { DualStackEndpoint bool EnvoyAdminAccessEnableIPv6 bool WaitUntilProxyReady bool + FipsEndpoint bool // Init container settings InitImage string @@ -207,6 +209,7 @@ func (cfg *Config) BindFlags(fs *pflag.FlagSet) { fs.StringVar(&cfg.ClusterName, flagClusterName, "", "ClusterName in context") fs.BoolVar(&cfg.WaitUntilProxyReady, flagWaitUntilProxyReady, false, "Enable pod postStart hook to delay application startup until proxy is ready to accept traffic") + fs.BoolVar(&cfg.FipsEndpoint, flagFipsEndpoint, false, "Use Fips Endpoint") } func (cfg *Config) BindEnv() error { diff --git a/pkg/inject/envoy.go b/pkg/inject/envoy.go index dc1fea2c..c1cbc4dc 100644 --- a/pkg/inject/envoy.go +++ b/pkg/inject/envoy.go @@ -52,6 +52,7 @@ type envoyMutatorConfig struct { k8sVersion string useDualStackEndpoint bool enableAdminAccessIPv6 bool + useFipsEndpoint bool } func newEnvoyMutator(mutatorConfig envoyMutatorConfig, ms *appmesh.Mesh, vn *appmesh.VirtualNode) *envoyMutator { @@ -127,6 +128,7 @@ func (m *envoyMutator) buildTemplateVariables(pod *corev1.Pod) EnvoyTemplateVari virtualNodeName := aws.StringValue(m.vn.Spec.AWSName) preview := m.getPreview(pod) useDualStackEndpoint := m.getUseDualStackEndpoint(m.mutatorConfig.useDualStackEndpoint) + useFipsEndpoint := m.getUseFipsEndpoint(m.mutatorConfig.useFipsEndpoint) sdsEnabled := m.mutatorConfig.enableSDS if m.mutatorConfig.enableSDS && isSDSDisabled(pod) { sdsEnabled = false @@ -166,6 +168,7 @@ func (m *envoyMutator) buildTemplateVariables(pod *corev1.Pod) EnvoyTemplateVari UseDualStackEndpoint: useDualStackEndpoint, EnableAdminAccessForIpv6: m.mutatorConfig.enableAdminAccessIPv6, WaitUntilProxyReady: m.mutatorConfig.waitUntilProxyReady, + UseFipsEndpoint: useFipsEndpoint, } } @@ -274,3 +277,11 @@ func (m *envoyMutator) getUseDualStackEndpoint(useDualStackEndpoint bool) string return "0" } } + +func (m *envoyMutator) getUseFipsEndpoint(useFipsEndpoint bool) string { + if useFipsEndpoint { + return "1" + } else { + return "0" + } +} diff --git a/pkg/inject/envoy_test.go b/pkg/inject/envoy_test.go index 732be590..734f8f0a 100644 --- a/pkg/inject/envoy_test.go +++ b/pkg/inject/envoy_test.go @@ -294,6 +294,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -433,6 +437,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -583,6 +591,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -761,6 +773,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -910,6 +926,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -1050,6 +1070,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -1205,6 +1229,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -1343,6 +1371,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -1526,6 +1558,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -1683,6 +1719,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -1834,6 +1874,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -1988,6 +2032,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -2149,6 +2197,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -2349,6 +2401,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -2504,6 +2560,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -2674,6 +2734,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -2818,6 +2882,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -2965,6 +3033,10 @@ func Test_envoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPNET_AGENT_ADMIN_MODE", Value: "uds", @@ -3487,3 +3559,57 @@ func Test_envoyMutator_getUseDualStackEndpoints(t *testing.T) { }) } } + +func Test_envoyMutator_getUseFipsEndpoints(t *testing.T) { + type fields struct { + ms *appmesh.Mesh + mutatorConfig envoyMutatorConfig + } + tests := []struct { + name string + fields fields + want string + }{ + { + name: "enable using fips endpoint", + fields: fields{ + ms: &appmesh.Mesh{ + Spec: appmesh.MeshSpec{ + AWSName: aws.String("my-mesh"), + }, + }, + mutatorConfig: envoyMutatorConfig{ + accountID: "000000000000", + useFipsEndpoint: false, + }, + }, + want: "0", + }, + { + name: "disable using fips endpoint", + fields: fields{ + ms: &appmesh.Mesh{ + Spec: appmesh.MeshSpec{ + AWSName: aws.String("my-mesh"), + MeshOwner: aws.String("000000000000"), + }, + }, + mutatorConfig: envoyMutatorConfig{ + accountID: "000000000000", + useFipsEndpoint: true, + }, + }, + want: "1", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &envoyMutator{ + ms: tt.fields.ms, + mutatorConfig: tt.fields.mutatorConfig, + } + got := m.getUseFipsEndpoint(m.mutatorConfig.useFipsEndpoint) + assert.Equal(t, tt.want, got) + }) + } +} diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index c642e01d..38c97ab7 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -152,6 +152,7 @@ func (m *SidecarInjector) injectAppMeshPatches(ms *appmesh.Mesh, vn *appmesh.Vir enableAdminAccessIPv6: m.config.EnvoyAdminAccessEnableIPv6, postStartTimeout: m.config.PostStartTimeout, postStartInterval: m.config.PostStartInterval, + useFipsEndpoint: m.config.FipsEndpoint, }, ms, vn), newXrayMutator(xrayMutatorConfig{ awsRegion: m.awsRegion, @@ -204,6 +205,7 @@ func (m *SidecarInjector) injectAppMeshPatches(ms *appmesh.Mesh, vn *appmesh.Vir k8sVersion: m.k8sVersion, useDualStackEndpoint: m.config.DualStackEndpoint, enableAdminAccessIPv6: m.config.EnvoyAdminAccessEnableIPv6, + useFipsEndpoint: m.config.FipsEndpoint, }, ms, vg), newXrayMutator(xrayMutatorConfig{ awsRegion: m.awsRegion, diff --git a/pkg/inject/sidecar_builder.go b/pkg/inject/sidecar_builder.go index b0f39650..2ec399b2 100644 --- a/pkg/inject/sidecar_builder.go +++ b/pkg/inject/sidecar_builder.go @@ -50,6 +50,7 @@ type EnvoyTemplateVariables struct { EnableAdminAccessForIpv6 bool UseDualStackEndpoint string WaitUntilProxyReady bool + UseFipsEndpoint string } func updateEnvMapForEnvoy(vars EnvoyTemplateVariables, env map[string]string, vname string) error { @@ -63,6 +64,7 @@ func updateEnvMapForEnvoy(vars EnvoyTemplateVariables, env map[string]string, vn env["APPMESH_DUALSTACK_ENDPOINT"] = vars.UseDualStackEndpoint + env["APPMESH_FIPS_ENDPOINT"] = vars.UseFipsEndpoint // Set the value to 1 to connect to the App Mesh Preview Channel endpoint. // See https://docs.aws.amazon.com/app-mesh/latest/userguide/preview.html env["APPMESH_PREVIEW"] = vars.Preview diff --git a/pkg/inject/virtualgateway_envoy.go b/pkg/inject/virtualgateway_envoy.go index 7f7a1053..dc8b86d5 100644 --- a/pkg/inject/virtualgateway_envoy.go +++ b/pkg/inject/virtualgateway_envoy.go @@ -41,6 +41,7 @@ type virtualGatwayEnvoyConfig struct { k8sVersion string useDualStackEndpoint bool enableAdminAccessIPv6 bool + useFipsEndpoint bool } // newVirtualGatewayEnvoyConfig constructs new newVirtualGatewayEnvoyConfig @@ -114,6 +115,7 @@ func (m *virtualGatewayEnvoyConfig) buildTemplateVariables(pod *corev1.Pod) Envo preview := m.getPreview(pod) useDualStackEndpoint := m.getUseDualStackEndpoint(m.mutatorConfig.useDualStackEndpoint) sdsEnabled := m.mutatorConfig.enableSDS + useFipsEndpoint := m.getUseFipsEndpoint(m.mutatorConfig.useFipsEndpoint) if m.mutatorConfig.enableSDS && isSDSDisabled(pod) { sdsEnabled = false } @@ -146,6 +148,7 @@ func (m *virtualGatewayEnvoyConfig) buildTemplateVariables(pod *corev1.Pod) Envo K8sVersion: m.mutatorConfig.k8sVersion, UseDualStackEndpoint: useDualStackEndpoint, EnableAdminAccessForIpv6: m.mutatorConfig.enableAdminAccessIPv6, + UseFipsEndpoint: useFipsEndpoint, } } @@ -199,3 +202,11 @@ func (m *virtualGatewayEnvoyConfig) getUseDualStackEndpoint(useDualStackEndpoint return "0" } } + +func (m *virtualGatewayEnvoyConfig) getUseFipsEndpoint(useFipsEndpoint bool) string { + if useFipsEndpoint { + return "1" + } else { + return "0" + } +} diff --git a/pkg/inject/virtualgateway_envoy_test.go b/pkg/inject/virtualgateway_envoy_test.go index 9640d721..dc0b6a27 100644 --- a/pkg/inject/virtualgateway_envoy_test.go +++ b/pkg/inject/virtualgateway_envoy_test.go @@ -349,6 +349,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -461,6 +465,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -578,6 +586,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -691,6 +703,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -804,6 +820,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -917,6 +937,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -1041,6 +1065,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -1196,6 +1224,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -1331,6 +1363,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -1461,6 +1497,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -1570,6 +1610,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -1685,6 +1729,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -1815,6 +1863,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", @@ -1930,6 +1982,10 @@ func Test_virtualGatewayEnvoyMutator_mutate(t *testing.T) { Name: "ENVOY_ADMIN_ACCESS_ENABLE_IPV6", Value: "false", }, + { + Name: "APPMESH_FIPS_ENDPOINT", + Value: "0", + }, { Name: "APPMESH_PLATFORM_K8S_POD_UID", Value: "", From 23619d91035ddd5c0d148d0159e8c6c266b9f4a9 Mon Sep 17 00:00:00 2001 From: Dileep Garimella Date: Wed, 16 Nov 2022 23:38:10 +0000 Subject: [PATCH 2/2] test case name correction --- pkg/inject/envoy_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/inject/envoy_test.go b/pkg/inject/envoy_test.go index 734f8f0a..c6322195 100644 --- a/pkg/inject/envoy_test.go +++ b/pkg/inject/envoy_test.go @@ -3571,7 +3571,7 @@ func Test_envoyMutator_getUseFipsEndpoints(t *testing.T) { want string }{ { - name: "enable using fips endpoint", + name: "disable using fips endpoint", fields: fields{ ms: &appmesh.Mesh{ Spec: appmesh.MeshSpec{ @@ -3586,7 +3586,7 @@ func Test_envoyMutator_getUseFipsEndpoints(t *testing.T) { want: "0", }, { - name: "disable using fips endpoint", + name: "enable using fips endpoint", fields: fields{ ms: &appmesh.Mesh{ Spec: appmesh.MeshSpec{