saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Also run package tests under FIPS

Browse source 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
This commit is contained in:
Pedro Algarvio 2023-11-09 17:52:47 +00:00 committed by Pedro Algarvio
parent 02b147ae59
commit 3c76698d54
8 changed files with 157 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.github/workflows/ci.yml vendored
View file

@ -1665,7 +1665,7 @@ jobs:
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
photonos-5-arm64-pkg-tests:
name: Photon OS 5 Arm64 Package Test
name: Photon OS 4 Arm64 Package Test
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
@ -1686,6 +1686,29 @@ jobs:
skip-junit-reports: ${{ github.event_name == 'pull_request' }}
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
photonos-4-pkg-tests-fips:
name: Photon OS 4 Package Test(FIPS)
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-rpm-pkgs-onedir
- photonos-4-ci-deps
uses: ./.github/workflows/test-packages-action.yml
with:
distro-slug: photonos-4
nox-session: ci-test-onedir
platform: linux
arch: x86_64
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
pkg-type: rpm
nox-version: 2022.8.7
python-version: "3.10"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
skip-junit-reports: ${{ github.event_name == 'pull_request' }}
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
fips: true
ubuntu-2004-pkg-tests:
name: Ubuntu 20.04 Package Test
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -2948,6 +2971,7 @@ jobs:
- photonos-4-arm64-pkg-tests
- photonos-5-pkg-tests
- photonos-5-arm64-pkg-tests
- photonos-4-pkg-tests-fips
- ubuntu-2004-pkg-tests
- ubuntu-2004-arm64-pkg-tests
- ubuntu-2204-pkg-tests

26
.github/workflows/nightly.yml vendored
View file

@ -1726,7 +1726,7 @@ jobs:
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
photonos-5-arm64-pkg-tests:
name: Photon OS 5 Arm64 Package Test
name: Photon OS 4 Arm64 Package Test
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
@ -1747,6 +1747,29 @@ jobs:
skip-junit-reports: false
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
photonos-4-pkg-tests-fips:
name: Photon OS 4 Package Test(FIPS)
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-rpm-pkgs-onedir
- photonos-4-ci-deps
uses: ./.github/workflows/test-packages-action.yml
with:
distro-slug: photonos-4
nox-session: ci-test-onedir
platform: linux
arch: x86_64
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
pkg-type: rpm
nox-version: 2022.8.7
python-version: "3.10"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
skip-code-coverage: false
skip-junit-reports: false
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
fips: true
ubuntu-2004-pkg-tests:
name: Ubuntu 20.04 Package Test
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -3769,6 +3792,7 @@ jobs:
- photonos-4-arm64-pkg-tests
- photonos-5-pkg-tests
- photonos-5-arm64-pkg-tests
- photonos-4-pkg-tests-fips
- ubuntu-2004-pkg-tests
- ubuntu-2004-arm64-pkg-tests
- ubuntu-2204-pkg-tests

26
.github/workflows/scheduled.yml vendored
View file

@ -1699,7 +1699,7 @@ jobs:
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
photonos-5-arm64-pkg-tests:
name: Photon OS 5 Arm64 Package Test
name: Photon OS 4 Arm64 Package Test
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
@ -1720,6 +1720,29 @@ jobs:
skip-junit-reports: false
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
photonos-4-pkg-tests-fips:
name: Photon OS 4 Package Test(FIPS)
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-rpm-pkgs-onedir
- photonos-4-ci-deps
uses: ./.github/workflows/test-packages-action.yml
with:
distro-slug: photonos-4
nox-session: ci-test-onedir
platform: linux
arch: x86_64
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
pkg-type: rpm
nox-version: 2022.8.7
python-version: "3.10"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
skip-code-coverage: false
skip-junit-reports: false
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
fips: true
ubuntu-2004-pkg-tests:
name: Ubuntu 20.04 Package Test
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -2984,6 +3007,7 @@ jobs:
- photonos-4-arm64-pkg-tests
- photonos-5-pkg-tests
- photonos-5-arm64-pkg-tests
- photonos-4-pkg-tests-fips
- ubuntu-2004-pkg-tests
- ubuntu-2004-arm64-pkg-tests
- ubuntu-2204-pkg-tests

26
.github/workflows/staging.yml vendored
View file

@ -1721,7 +1721,7 @@ jobs:
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
photonos-5-arm64-pkg-tests:
name: Photon OS 5 Arm64 Package Test
name: Photon OS 4 Arm64 Package Test
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
@ -1742,6 +1742,29 @@ jobs:
skip-junit-reports: true
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
photonos-4-pkg-tests-fips:
name: Photon OS 4 Package Test(FIPS)
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-rpm-pkgs-onedir
- photonos-4-ci-deps
uses: ./.github/workflows/test-packages-action.yml
with:
distro-slug: photonos-4
nox-session: ci-test-onedir
platform: linux
arch: x86_64
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
pkg-type: rpm
nox-version: 2022.8.7
python-version: "3.10"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
skip-code-coverage: true
skip-junit-reports: true
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
fips: true
ubuntu-2004-pkg-tests:
name: Ubuntu 20.04 Package Test
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -3686,6 +3709,7 @@ jobs:
- photonos-4-arm64-pkg-tests
- photonos-5-pkg-tests
- photonos-5-arm64-pkg-tests
- photonos-4-pkg-tests-fips
- ubuntu-2004-pkg-tests
- ubuntu-2004-arm64-pkg-tests
- ubuntu-2204-pkg-tests

14
.github/workflows/templates/test-salt-pkg.yml.jinja vendored
View file

@ -1,10 +1,13 @@
<%- for slug, display_name, arch, pkg_type in test_salt_pkg_listing["linux"] %>
<%- set job_name = "{}-pkg-tests".format(slug.replace(".", "")) %>
<%- for slug, display_name, arch, pkg_type, fips in test_salt_pkg_listing["linux"] %>
<%- if fips == "fips" %>
<%- set job_name = "{}-pkg-tests-fips".format(slug.replace(".", "")) %>
<%- else %>
<%- set job_name = "{}-pkg-tests".format(slug.replace(".", "")) %>
<%- endif %>
<{ job_name }>:
<%- do test_salt_pkg_needs.append(job_name) %>
name: <{ display_name }> Package Test
name: <{ display_name }> Package Test<% if fips == "fips" %>(FIPS)<% endif %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
@ -24,6 +27,9 @@
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
<%- if fips == "fips" %>
fips: true
<%- endif %>
<%- endfor %>

8
.github/workflows/test-packages-action.yml vendored
View file

@ -40,6 +40,11 @@ on:
type: string
description: The python version to run tests with
default: "3.10"
fips:
required: false
type: boolean
default: false
description: Test run with FIPS enabled
package-name:
required: false
type: string
@ -190,12 +195,11 @@ jobs:
run: |
tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \
--nox-session=${{ inputs.nox-session }}-pkgs ${{ inputs.distro-slug }} -- ${{ matrix.test-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Run Package Tests
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ inputs.distro-slug }} -- ${{ matrix.test-chunk }} \
--nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} -- ${{ matrix.test-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Download Test Run Artifacts

5
pkg/tests/conftest.py
View file

@ -25,6 +25,9 @@ from tests.support.sminion import create_sminion
log = logging.getLogger(__name__)
# Variable defining a FIPS test run or not
FIPS_TESTRUN = os.environ.get("FIPS_TESTRUN", "0") == "1"
@pytest.fixture(scope="session")
def version(install_salt):
@ -336,6 +339,7 @@ def salt_master(salt_factories, install_salt, state_tree, pillar_tree):
"rest_cherrypy": {"port": 8000, "disable_ssl": True},
"netapi_enable_clients": ["local"],
"external_auth": {"auto": {"saltdev": [".*"]}},
"fips_mode": FIPS_TESTRUN,
}
test_user = False
master_config = install_salt.config_path / "master"
@ -469,6 +473,7 @@ def salt_minion(salt_factories, salt_master, install_salt):
"id": minion_id,
"file_roots": salt_master.config["file_roots"].copy(),
"pillar_roots": salt_master.config["pillar_roots"].copy(),
"fips_mode": FIPS_TESTRUN,
}
if platform.is_windows():
config_overrides[

58
tools/pre_commit.py
View file

@ -133,28 +133,41 @@ def generate_workflows(ctx: Context):
test_salt_pkg_listing = {
"linux": (
("amazonlinux-2", "Amazon Linux 2", "x86_64", "rpm"),
("amazonlinux-2-arm64", "Amazon Linux 2 Arm64", "aarch64", "rpm"),
("amazonlinux-2023", "Amazon Linux 2023", "x86_64", "rpm"),
("amazonlinux-2023-arm64", "Amazon Linux 2023 Arm64", "aarch64", "rpm"),
("centos-7", "CentOS 7", "x86_64", "rpm"),
("centosstream-8", "CentOS Stream 8", "x86_64", "rpm"),
("centosstream-9", "CentOS Stream 9", "x86_64", "rpm"),
("debian-10", "Debian 10", "x86_64", "deb"),
("debian-11", "Debian 11", "x86_64", "deb"),
("debian-11-arm64", "Debian 11 Arm64", "aarch64", "deb"),
("debian-12", "Debian 12", "x86_64", "deb"),
("debian-12-arm64", "Debian 12 Arm64", "aarch64", "deb"),
("photonos-3", "Photon OS 3", "x86_64", "rpm"),
("photonos-3-arm64", "Photon OS 3 Arm64", "aarch64", "rpm"),
("photonos-4", "Photon OS 4", "x86_64", "rpm"),
("photonos-4-arm64", "Photon OS 4 Arm64", "aarch64", "rpm"),
("photonos-5", "Photon OS 5", "x86_64", "rpm"),
("photonos-5-arm64", "Photon OS 5 Arm64", "aarch64", "rpm"),
("ubuntu-20.04", "Ubuntu 20.04", "x86_64", "deb"),
("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64", "deb"),
("ubuntu-22.04", "Ubuntu 22.04", "x86_64", "deb"),
("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64", "deb"),
("amazonlinux-2", "Amazon Linux 2", "x86_64", "rpm", "no-fips"),
(
"amazonlinux-2-arm64",
"Amazon Linux 2 Arm64",
"aarch64",
"rpm",
"no-fips",
),
("amazonlinux-2023", "Amazon Linux 2023", "x86_64", "rpm", "no-fips"),
(
"amazonlinux-2023-arm64",
"Amazon Linux 2023 Arm64",
"aarch64",
"rpm",
"no-fips",
),
("centos-7", "CentOS 7", "x86_64", "rpm", "no-fips"),
("centosstream-8", "CentOS Stream 8", "x86_64", "rpm", "no-fips"),
("centosstream-9", "CentOS Stream 9", "x86_64", "rpm", "no-fips"),
("debian-10", "Debian 10", "x86_64", "deb", "no-fips"),
("debian-11", "Debian 11", "x86_64", "deb", "no-fips"),
("debian-11-arm64", "Debian 11 Arm64", "aarch64", "deb", "no-fips"),
("debian-12", "Debian 12", "x86_64", "deb", "no-fips"),
("debian-12-arm64", "Debian 12 Arm64", "aarch64", "deb", "no-fips"),
("photonos-3", "Photon OS 3", "x86_64", "rpm", "no-fips"),
("photonos-3-arm64", "Photon OS 3 Arm64", "aarch64", "rpm", "no-fips"),
("photonos-4", "Photon OS 4", "x86_64", "rpm", "no-fips"),
("photonos-4-arm64", "Photon OS 4 Arm64", "aarch64", "rpm", "no-fips"),
("photonos-5", "Photon OS 5", "x86_64", "rpm", "no-fips"),
("photonos-5-arm64", "Photon OS 4 Arm64", "aarch64", "rpm", "no-fips"),
("photonos-4", "Photon OS 4", "x86_64", "rpm", "fips"),
("ubuntu-20.04", "Ubuntu 20.04", "x86_64", "deb", "no-fips"),
("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64", "deb", "no-fips"),
("ubuntu-22.04", "Ubuntu 22.04", "x86_64", "deb", "no-fips"),
("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64", "deb", "no-fips"),
),
"macos": (("macos-12", "macOS 12", "x86_64"),),
"windows": (
@ -163,6 +176,7 @@ def generate_workflows(ctx: Context):
("windows-2022", "Windows 2022", "amd64"),
),
}
build_ci_deps_listing = {
"linux": [
("almalinux-8", "Alma Linux 8", "x86_64"),