saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

More fips test fixes

Browse source
This commit is contained in:
Daniel A. Wozniak 2024-05-30 17:11:44 -07:00 committed by Daniel Wozniak
parent a5787031b0
commit 389aac9663
9 changed files with 124 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
tests/pytests/functional/transport/zeromq/conftest.py
View file

@ -1,6 +1,8 @@
import pytest
from saltfactories.utils import random_string
from tests.conftest import FIPS_TESTRUN
@pytest.fixture
def salt_master(salt_factories):
@ -10,7 +12,14 @@ def salt_master(salt_factories):
"sign_pub_messages": False,
}
factory = salt_factories.salt_master_daemon(
random_string("zeromq-master-"), defaults=config_defaults
random_string("zeromq-master-"),
defaults=config_defaults,
overrides={
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
},
)
return factory
@ -26,6 +35,12 @@ def salt_minion(salt_master):
"master_uri": "tcp://127.0.0.1:{}".format(salt_master.config["ret_port"]),
}
factory = salt_master.salt_minion_daemon(
random_string("zeromq-minion-"), defaults=config_defaults
random_string("zeromq-minion-"),
defaults=config_defaults,
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
)
return factory

6
tests/pytests/integration/cli/test_salt.py
View file

@ -16,6 +16,7 @@ from pytestshellutils.utils.processes import ProcessResult, terminate_process
import salt.defaults.exitcodes
import salt.utils.path
from tests.conftest import FIPS_TESTRUN
log = logging.getLogger(__name__)
@ -32,6 +33,11 @@ def salt_minion_2(salt_master):
"""
factory = salt_master.salt_minion_daemon(
"minion-2",
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
)
with factory.started(start_timeout=120):

27
tests/pytests/integration/cli/test_salt_minion.py
View file

@ -6,6 +6,7 @@ from pytestshellutils.exceptions import FactoryNotStarted
from saltfactories.utils import random_string
import salt.defaults.exitcodes
from tests.conftest import FIPS_TESTRUN
from tests.support.helpers import PRE_PYTEST_SKIP_REASON
pytestmark = [
@ -39,7 +40,15 @@ def test_exit_status_unknown_user(salt_master, minion_id):
"""
with pytest.raises(FactoryNotStarted) as exc:
factory = salt_master.salt_minion_daemon(
minion_id, overrides={"user": "unknown-user"}
minion_id,
overrides={
"user": "unknown-user",
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
},
)
factory.start(start_timeout=10, max_start_attempts=1)
@ -52,7 +61,16 @@ def test_exit_status_unknown_argument(salt_master, minion_id):
Ensure correct exit status when an unknown argument is passed to salt-minion.
"""
with pytest.raises(FactoryNotStarted) as exc:
factory = salt_master.salt_minion_daemon(minion_id)
factory = salt_master.salt_minion_daemon(
minion_id,
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
},
)
factory.start("--unknown-argument", start_timeout=10, max_start_attempts=1)
assert exc.value.process_result.returncode == salt.defaults.exitcodes.EX_USAGE
@ -66,6 +84,11 @@ def test_exit_status_correct_usage(salt_master, minion_id, salt_cli):
minion_id,
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
defaults={"transport": salt_master.config["transport"]},
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
)
factory.start()
assert factory.is_running()

37
tests/pytests/integration/cli/test_salt_proxy.py
View file

@ -9,6 +9,7 @@ from pytestshellutils.exceptions import FactoryNotStarted
from saltfactories.utils import random_string
import salt.defaults.exitcodes
from tests.conftest import FIPS_TESTRUN
from tests.support.helpers import PRE_PYTEST_SKIP_REASON
log = logging.getLogger(__name__)
@ -32,7 +33,15 @@ def test_exit_status_no_proxyid(salt_master, proxy_minion_id):
"""
with pytest.raises(FactoryNotStarted) as exc:
factory = salt_master.salt_proxy_minion_daemon(
proxy_minion_id, include_proxyid_cli_flag=False
proxy_minion_id,
include_proxyid_cli_flag=False,
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
},
)
factory.start(start_timeout=10, max_start_attempts=1)
@ -50,7 +59,15 @@ def test_exit_status_unknown_user(salt_master, proxy_minion_id):
"""
with pytest.raises(FactoryNotStarted) as exc:
factory = salt_master.salt_proxy_minion_daemon(
proxy_minion_id, overrides={"user": "unknown-user"}
proxy_minion_id,
overrides={
"user": "unknown-user",
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
},
)
factory.start(start_timeout=10, max_start_attempts=1)
@ -65,7 +82,16 @@ def test_exit_status_unknown_argument(salt_master, proxy_minion_id):
salt-proxy.
"""
with pytest.raises(FactoryNotStarted) as exc:
factory = salt_master.salt_proxy_minion_daemon(proxy_minion_id)
factory = salt_master.salt_proxy_minion_daemon(
proxy_minion_id,
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
},
)
factory.start("--unknown-argument", start_timeout=10, max_start_attempts=1)
assert exc.value.process_result.returncode == salt.defaults.exitcodes.EX_USAGE
@ -86,6 +112,11 @@ def test_exit_status_correct_usage(salt_master, proxy_minion_id, salt_cli):
proxy_minion_id,
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
defaults={"transport": salt_master.config["transport"]},
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
)
factory.start()
assert factory.is_running()

3
tests/pytests/integration/conftest.py
View file

@ -17,9 +17,6 @@ def salt_master(salt_master_factory):
"""
A running salt-master fixture
"""
print("*" * 80)
print(repr(salt_master_factory))
print("*" * 80)
with salt_master_factory.started():
yield salt_master_factory

5
tests/pytests/integration/minion/test_return_retries.py
View file

@ -15,9 +15,8 @@ def salt_minion_retry(salt_master, salt_minion_id):
"return_retry_timer": 5,
"return_retry_tries": 30,
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_master.salt_minion_daemon(
random_string("retry-minion-"),

15
tests/pytests/integration/modules/test_virt.py
View file

@ -8,6 +8,7 @@ from xml.etree import ElementTree
import pytest
from tests.conftest import FIPS_TESTRUN
from tests.support.virt import SaltVirtMinionContainerFactory
docker = pytest.importorskip("docker")
@ -42,7 +43,12 @@ def virt_minion_0(
"open_mode": True,
"transport": salt_master.config["transport"],
}
config_overrides = {"user": "root"}
config_overrides = {
"user": "root",
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_master.salt_minion_daemon(
virt_minion_0_id,
name=virt_minion_0_id,
@ -79,7 +85,12 @@ def virt_minion_1(
"open_mode": True,
"transport": salt_master.config["transport"],
}
config_overrides = {"user": "root"}
config_overrides = {
"user": "root",
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_master.salt_minion_daemon(
virt_minion_1_id,
name=virt_minion_1_id,

20
tests/pytests/integration/modules/test_x509_v2.py
View file

@ -12,6 +12,7 @@ import pytest
from saltfactories.utils import random_string
import salt.utils.x509 as x509util
from tests.conftest import FIPS_TESTRUN
try:
import cryptography
@ -60,7 +61,14 @@ def x509_data(
@pytest.fixture(scope="module")
def x509_salt_master(salt_factories, ca_minion_id, x509_master_config):
factory = salt_factories.salt_master_daemon(
"x509-master", defaults=x509_master_config
"x509-master",
defaults=x509_master_config,
overrides={
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
},
)
with factory.started():
yield factory
@ -172,6 +180,11 @@ def x509ca_salt_minion(x509_salt_master, ca_minion_id, ca_minion_config):
factory = x509_salt_master.salt_minion_daemon(
ca_minion_id,
defaults=ca_minion_config,
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
)
with factory.started():
# Sync All
@ -191,6 +204,11 @@ def x509_salt_minion(x509_salt_master, x509_minion_id):
"features": {"x509_v2": True},
"grains": {"testgrain": "foo"},
},
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
)
with factory.started():
# Sync All

8
tests/pytests/integration/states/test_file.py
View file

@ -17,6 +17,7 @@ import salt.utils.files
import salt.utils.path
import salt.utils.platform
from salt.utils.versions import Version
from tests.conftest import FIPS_TESTRUN
log = logging.getLogger(__name__)
@ -236,6 +237,10 @@ def salt_secondary_master(request, salt_factories):
"fileserver_followsymlinks": False,
"publish_port": publish_port,
"ret_port": ret_port,
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
}
factory = salt_factories.salt_master_daemon(
@ -258,6 +263,9 @@ def salt_secondary_minion(salt_secondary_master):
config_overrides = {
"master": salt_secondary_master.config["interface"],
"master_port": salt_secondary_master.config["ret_port"],
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_secondary_master.salt_minion_daemon(