[8.17] Adding telemetry for the fips config (#201282) (#202453)

# Backport

This will backport the following commits from `main` to `8.17`:
- [Adding telemetry for the fips config
(#201282)](https://github.com/elastic/kibana/pull/201282)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"Kurt","email":"kc13greiner@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-12-02T12:50:40Z","message":"Adding
telemetry for the fips config (#201282)\n\n## Summary\r\n\r\nAdding
telemetry for the `fipsMode.enabled`
config","sha":"8f12d521385f6b61f1782685acaca89c9910809d","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:version","v8.17.0","v8.18.0"],"title":"Adding
telemetry for the fips
config","number":201282,"url":"https://github.com/elastic/kibana/pull/201282","mergeCommit":{"message":"Adding
telemetry for the fips config (#201282)\n\n## Summary\r\n\r\nAdding
telemetry for the `fipsMode.enabled`
config","sha":"8f12d521385f6b61f1782685acaca89c9910809d"}},"sourceBranch":"main","suggestedTargetBranches":["8.17","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201282","number":201282,"mergeCommit":{"message":"Adding
telemetry for the fips config (#201282)\n\n## Summary\r\n\r\nAdding
telemetry for the `fipsMode.enabled`
config","sha":"8f12d521385f6b61f1782685acaca89c9910809d"}},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Kurt <kc13greiner@users.noreply.github.com>

x-pack/plugins/security/server/usage_collector/security_usage_collector.test.ts

@@ -26,6 +26,7 @@ describe('Security UsageCollector', () => {
     allowAccessAgreement = true,
     allowAuditLogging = true,
     allowRbac = true,
+    allowFips = true,
     isLicenseAvailable,
   }: Partial<SecurityLicenseFeatures> & { isLicenseAvailable: boolean }) => {
     const license = licenseMock.create();
@@ -34,6 +35,7 @@ describe('Security UsageCollector', () => {
       allowAccessAgreement,
       allowAuditLogging,
       allowRbac,
+      allowFips,
     } as SecurityLicenseFeatures);
     return license;
   };
@@ -44,6 +46,7 @@ describe('Security UsageCollector', () => {
     accessAgreementEnabled: false,
     authProviderCount: 1,
     enabledAuthProviders: ['basic'],
+    fipsModeEnabled: false,
     loginSelectorEnabled: false,
     httpAuthSchemes: ['apikey', 'bearer'],
     sessionIdleTimeoutInMinutes: 4320,
@@ -106,6 +109,7 @@ describe('Security UsageCollector', () => {
       accessAgreementEnabled: false,
       authProviderCount: 0,
       enabledAuthProviders: [],
+      fipsModeEnabled: false,
       loginSelectorEnabled: false,
       httpAuthSchemes: [],
       sessionIdleTimeoutInMinutes: 0,
@@ -426,6 +430,55 @@ describe('Security UsageCollector', () => {
     });
   });
 
+  describe('fipsMode enabled', () => {
+    it('reports when fipsMode is enabled', async () => {
+      const config = createSecurityConfig(
+        ConfigSchema.validate({
+          fipsMode: {
+            enabled: true,
+          },
+        })
+      );
+      const usageCollection = usageCollectionPluginMock.createSetupContract();
+      const license = createSecurityLicense({
+        isLicenseAvailable: true,
+        allowFips: true,
+      });
+      registerSecurityUsageCollector({ usageCollection, config, license });
+
+      const usage = await usageCollection
+        .getCollectorByType('security')
+        ?.fetch(collectorFetchContext);
+
+      expect(usage).toEqual({
+        ...DEFAULT_USAGE,
+        fipsModeEnabled: true,
+      });
+    });
+
+    it('does not report fipsMode when the license does not permit it', async () => {
+      const config = createSecurityConfig(
+        ConfigSchema.validate({
+          fipsMode: {
+            enabled: true,
+          },
+        })
+      );
+      const usageCollection = usageCollectionPluginMock.createSetupContract();
+      const license = createSecurityLicense({ isLicenseAvailable: true, allowFips: false });
+      registerSecurityUsageCollector({ usageCollection, config, license });
+
+      const usage = await usageCollection
+        .getCollectorByType('security')
+        ?.fetch(collectorFetchContext);
+
+      expect(usage).toEqual({
+        ...DEFAULT_USAGE,
+        fipsModeEnabled: false,
+      });
+    });
+  });
+
   describe('http auth schemes', () => {
     it('reports customized http auth schemes', async () => {
       const config = createSecurityConfig(

x-pack/plugins/security/server/usage_collector/security_usage_collector.ts

@@ -16,6 +16,7 @@ interface Usage {
   accessAgreementEnabled: boolean;
   authProviderCount: number;
   enabledAuthProviders: string[];
+  fipsModeEnabled: boolean;
   httpAuthSchemes: string[];
   sessionIdleTimeoutInMinutes: number;
   sessionLifespanInMinutes: number;
@@ -93,6 +94,12 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
           },
         },
       },
+      fipsModeEnabled: {
+        type: 'boolean',
+        _meta: {
+          description: 'Indicates if Kibana is being run in FIPS mode.',
+        },
+      },
       httpAuthSchemes: {
         type: 'array',
         items: {
@@ -139,7 +146,8 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
       },
     },
     fetch: () => {
-      const { allowRbac, allowAccessAgreement, allowAuditLogging } = license.getFeatures();
+      const { allowRbac, allowAccessAgreement, allowAuditLogging, allowFips } =
+        license.getFeatures();
       if (!allowRbac) {
         return {
           auditLoggingEnabled: false,
@@ -147,6 +155,7 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
           accessAgreementEnabled: false,
           authProviderCount: 0,
           enabledAuthProviders: [],
+          fipsModeEnabled: false,
           httpAuthSchemes: [],
           sessionIdleTimeoutInMinutes: 0,
           sessionLifespanInMinutes: 0,
@@ -171,6 +180,8 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
         WELL_KNOWN_AUTH_SCHEMES.includes(scheme.toLowerCase())
       );
 
+      const fipsModeEnabled = allowFips && config.fipsMode.enabled;
+
       const sessionExpirations = config.session.getExpirationTimeouts(undefined); // use `undefined` to get global expiration values
       const sessionIdleTimeoutInMinutes = sessionExpirations.idleTimeout?.asMinutes() ?? 0;
       const sessionLifespanInMinutes = sessionExpirations.lifespan?.asMinutes() ?? 0;
@@ -202,6 +213,7 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
         accessAgreementEnabled,
         authProviderCount,
         enabledAuthProviders,
+        fipsModeEnabled,
         httpAuthSchemes,
         sessionIdleTimeoutInMinutes,
         sessionLifespanInMinutes,

x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json

@@ -15224,6 +15224,12 @@
             }
           }
         },
+        "fipsModeEnabled": {
+          "type": "boolean",
+          "_meta": {
+            "description": "Indicates if Kibana is being run in FIPS mode."
+          }
+        },
         "httpAuthSchemes": {
           "type": "array",
           "items": {