Wizard: Add FIPS mode support for OpenSCAP and compliance profiles (HMS-8919)

Automatically enable FIPS mode when:

User selects OpenSCAP profile with FIPS enabled (e.g., DISA STIG)
User selects compliance profile with FIPS enabled and not customized off

- Add FIPS checkbox in openscap step
- Display FIPS status in review step
- Add unit tests to FIPS checkbox feature
This ensures security compliance for profiles that require FIPS mode
without manual user intervention.

src/Components/CreateImageWizard/steps/Oscap/components/OscapProfileInformation.tsx

@@ -17,6 +17,7 @@ import {
   selectCompliancePolicyID,
   selectComplianceProfileID,
   selectDistribution,
+  selectFips,
 } from '../../../../../store/wizardSlice';
 
 type OscapProfileInformationOptionPropType = {
@@ -30,6 +31,7 @@ export const OscapProfileInformation = ({
   const release = useAppSelector(selectDistribution);
   const compliancePolicyID = useAppSelector(selectCompliancePolicyID);
   const complianceProfileID = useAppSelector(selectComplianceProfileID);
+  const fips = useAppSelector(selectFips);
 
   const {
     data: oscapProfileInfo,
@@ -159,6 +161,19 @@ export const OscapProfileInformation = ({
                 </CodeBlockCode>
               </CodeBlock>
             </Content>
+            <Content
+              component={ContentVariants.dt}
+              className='pf-v5-u-min-width'
+            >
+              FIPS mode
+            </Content>
+            <Content component={ContentVariants.dd}>
+              <CodeBlock>
+                <CodeBlockCode>
+                  {fips.enabled ? 'Enabled' : 'Disabled'}
+                </CodeBlockCode>
+              </CodeBlock>
+            </Content>
           </Content>
         </>
       )}

src/Components/CreateImageWizard/steps/Oscap/components/PolicySelector.tsx

@@ -22,6 +22,7 @@ import {
 import {
   changeCompliance,
   changeFileSystemConfigurationType,
+  changeFips,
   clearKernelAppend,
   selectCompliancePolicyID,
   selectCompliancePolicyTitle,
@@ -143,6 +144,7 @@ const PolicySelector = () => {
     dispatch(changeFileSystemConfigurationType('automatic'));
     handleServices(undefined);
     dispatch(clearKernelAppend());
+    dispatch(changeFips(false));
   };
 
   const applyChanges = (selection: ComplianceSelectOptionValueType) => {
@@ -177,6 +179,7 @@ const PolicySelector = () => {
               policyTitle: selection.title,
             }),
           );
+          dispatch(changeFips(response?.fips?.enabled || false));
         });
     }
   };

src/Components/CreateImageWizard/steps/Oscap/components/ProfileSelector.tsx

@@ -33,6 +33,7 @@ import {
 import {
   changeCompliance,
   changeFileSystemConfigurationType,
+  changeFips,
   clearKernelAppend,
   selectComplianceProfileID,
   selectComplianceType,
@@ -181,6 +182,7 @@ const ProfileSelector = () => {
     dispatch(changeFileSystemConfigurationType('automatic'));
     handleServices(undefined);
     dispatch(clearKernelAppend());
+    dispatch(changeFips(false));
     setInputValue('');
     setFilterValue('');
   };
@@ -261,6 +263,7 @@ const ProfileSelector = () => {
               policyTitle: undefined,
             }),
           );
+          dispatch(changeFips(response?.fips?.enabled || false));
         });
     }
   };

src/Components/CreateImageWizard/steps/Oscap/index.tsx

@@ -3,8 +3,10 @@ import React, { useEffect } from 'react';
 import {
   Alert,
   AlertActionLink,
+  Checkbox,
   Content,
   Form,
+  FormGroup,
   Title,
   ToggleGroup,
   ToggleGroupItem,
@@ -29,6 +31,7 @@ import {
   changeDisabledServices,
   changeEnabledServices,
   changeFileSystemConfigurationType,
+  changeFips,
   changeMaskedServices,
   clearKernelAppend,
   ComplianceType,
@@ -36,6 +39,7 @@ import {
   selectComplianceProfileID,
   selectComplianceType,
   selectDistribution,
+  selectFips,
 } from '../../../../store/wizardSlice';
 import { useFlag } from '../../../../Utilities/useGetEnvironment';
 import { useOnPremOpenSCAPAvailable } from '../../../../Utilities/useOnPremOpenSCAP';
@@ -46,6 +50,7 @@ const OscapContent = () => {
   const complianceEnabled = useFlag('image-builder.compliance.enabled');
   const complianceType = useAppSelector(selectComplianceType);
   const profileID = useAppSelector(selectComplianceProfileID);
+  const fips = useAppSelector(selectFips);
   const prefetchOscapProfile = useBackendPrefetch('getOscapProfiles', {});
   const release = removeBetaFromRelease(useAppSelector(selectDistribution));
   const majorVersion = release.split('-')[1];
@@ -66,6 +71,10 @@ const OscapContent = () => {
     // eslint-disable-next-line react-hooks/exhaustive-deps
   }, []);
 
+  const handleFipsToggle = (checked: boolean) => {
+    dispatch(changeFips(checked));
+  };
+
   const handleTypeChange = (complianceType: string) => {
     dispatch(changeComplianceType(complianceType as ComplianceType));
 
@@ -87,6 +96,7 @@ const OscapContent = () => {
     dispatch(changeMaskedServices([]));
     dispatch(changeDisabledServices([]));
     dispatch(clearKernelAppend());
+    dispatch(changeFips(false));
   };
 
   if (!process.env.IS_ON_PREMISE) {
@@ -117,6 +127,15 @@ const OscapContent = () => {
         versions. This will automatically help monitor the adherence of your
         registered RHEL systems to a selected policy or profile.
       </Content>
+      <FormGroup>
+        <Checkbox
+          id='fips-enabled-checkbox'
+          label='Enable FIPS mode'
+          isChecked={fips.enabled}
+          onChange={(_event, checked) => handleFipsToggle(checked)}
+          description='Enable FIPS 140-2 compliant cryptographic algorithms. This setting will be applied at build time and will persist on boot.'
+        />
+      </FormGroup>
       {complianceEnabled && (
         <ToggleGroup aria-label='Default with single selectable'>
           <ToggleGroupItem