saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix more FIPS tests

Browse source
This commit is contained in:
Daniel A. Wozniak 2024-05-29 14:42:42 -07:00 committed by Daniel Wozniak
parent 96395966da
commit 63bab25e1c
6 changed files with 85 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
tests/pytests/integration/cli/test_salt_deltaproxy.py
View file

@ -10,6 +10,7 @@ from pytestshellutils.exceptions import FactoryNotStarted
from saltfactories.utils import random_string
import salt.defaults.exitcodes
from tests.conftest import FIPS_TESTRUN
from tests.support.helpers import PRE_PYTEST_SKIP_REASON
log = logging.getLogger(__name__)
@ -129,6 +130,11 @@ def test_exit_status_correct_usage(
config_defaults = {
"metaproxy": "deltaproxy",
}
config_overrides = {
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
proxy_one = "dummy_proxy_one"
proxy_two = "dummy_proxy_two"
@ -184,6 +190,7 @@ def test_exit_status_correct_usage(
factory = salt_master.salt_proxy_minion_daemon(
proxy_minion_id,
defaults=config_defaults,
overrides=config_overrides,
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
start_timeout=320,
)
@ -246,6 +253,11 @@ def test_missing_pillar_file(
config_defaults = {
"metaproxy": "deltaproxy",
}
config_overrides = {
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
proxy_one = "dummy_proxy_one"
proxy_two = "dummy_proxy_two"
@ -287,6 +299,7 @@ def test_missing_pillar_file(
factory = salt_master.salt_proxy_minion_daemon(
proxy_minion_id,
defaults=config_defaults,
overrides=config_overrides,
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
start_timeout=320,
)
@ -344,6 +357,11 @@ def test_invalid_connection(
config_defaults = {
"metaproxy": "deltaproxy",
}
config_overrides = {
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
proxy_one = "dummy_proxy_one"
broken_proxy_one = "broken_proxy_one"
broken_proxy_two = "broken_proxy_two"
@ -415,6 +433,7 @@ def test_invalid_connection(
factory = salt_master.salt_proxy_minion_daemon(
proxy_minion_id,
defaults=config_defaults,
overrides=config_overrides,
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
start_timeout=320,
)
@ -474,6 +493,11 @@ def test_custom_proxy_module(
config_defaults = {
"metaproxy": "deltaproxy",
}
config_overrides = {
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
proxy_one = "custom_dummy_proxy_one"
proxy_two = "custom_dummy_proxy_two"
@ -548,6 +572,7 @@ def ping():
factory = salt_master.salt_proxy_minion_daemon(
proxy_minion_id,
defaults=config_defaults,
overrides=config_overrides,
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
start_timeout=320,
)
@ -611,6 +636,11 @@ def test_custom_proxy_module_raise_exception(
config_defaults = {
"metaproxy": "deltaproxy",
}
config_overrides = {
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
proxy_one = "custom_dummy_proxy_one"
proxy_two = "custom_dummy_proxy_two"
@ -685,6 +715,7 @@ def ping():
factory = salt_master.salt_proxy_minion_daemon(
proxy_minion_id,
defaults=config_defaults,
overrides=config_overrides,
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
start_timeout=320,
)
@ -750,6 +781,11 @@ def test_exit_status_correct_usage_large_number_of_minions(
config_defaults = {
"metaproxy": "deltaproxy",
}
config_overrides = {
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
sub_proxies = [
"proxy_one",
"proxy_two",
@ -826,6 +862,7 @@ def test_exit_status_correct_usage_large_number_of_minions(
factory = salt_master.salt_proxy_minion_daemon(
proxy_minion_id,
defaults=config_defaults,
overrides=config_overrides,
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
start_timeout=320,
)

3
tests/pytests/integration/conftest.py
View file

@ -17,6 +17,9 @@ def salt_master(salt_master_factory):
"""
A running salt-master fixture
"""
print("*" * 80)
print(repr(salt_master_factory))
print("*" * 80)
with salt_master_factory.started():
yield salt_master_factory

12
tests/pytests/integration/minion/test_job_return.py
View file

@ -5,6 +5,7 @@ import subprocess
import pytest
import salt.utils.platform
from tests.conftest import FIPS_TESTRUN
@pytest.fixture
@ -15,6 +16,10 @@ def salt_master_1(request, salt_factories):
}
config_overrides = {
"interface": "127.0.0.1",
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
factory = salt_factories.salt_master_daemon(
@ -38,6 +43,10 @@ def salt_master_2(salt_factories, salt_master_1):
}
config_overrides = {
"interface": "127.0.0.2",
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
# Use the same ports for both masters, they are binding to different interfaces
@ -80,6 +89,9 @@ def salt_minion_1(salt_master_1, salt_master_2):
f"{master_2_addr}:{master_2_port}",
],
"test.foo": "baz",
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_master_1.salt_minion_daemon(
"minion-1",

17
tests/pytests/integration/minion/test_reauth.py
View file

@ -1,5 +1,7 @@
import time
from tests.conftest import FIPS_TESTRUN
def test_reauth(salt_master_factory, event_listener):
"""
@ -23,12 +25,23 @@ def test_reauth(salt_master_factory, event_listener):
event_listener.register_auth_event_handler("test_reauth-master", handler)
master = salt_master_factory.salt_master_daemon(
"test_reauth-master",
overrides={"log_level": "info"},
overrides={
"log_level": "info",
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
},
)
sls_tempfile = master.state_tree.base.temp_file(f"{sls_name}.sls", sls_contents)
minion = master.salt_minion_daemon(
"test_reauth-minion",
overrides={"log_level": "info"},
overrides={
"log_level": "info",
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
)
cli = master.salt_cli()
start_time = time.time()

12
tests/pytests/integration/minion/test_return_retries.py
View file

@ -4,6 +4,7 @@ import pytest
from saltfactories.utils import random_string
import salt.utils.files
from tests.conftest import FIPS_TESTRUN
@pytest.fixture(scope="function")
@ -13,6 +14,10 @@ def salt_minion_retry(salt_master, salt_minion_id):
"return_retry_timer_max": 0,
"return_retry_timer": 5,
"return_retry_tries": 30,
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
factory = salt_master.salt_minion_daemon(
random_string("retry-minion-"),
@ -71,11 +76,18 @@ def test_pillar_timeout(salt_master_factory, tmp_path):
"worker_threads": 2,
"peer": True,
"minion_data_cache": False,
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
minion_overrides = {
"auth_timeout": 20,
"request_channel_timeout": 5,
"request_channel_tries": 1,
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
sls_name = "issue-50221"
sls_contents = """

7
tests/pytests/pkg/conftest.py
View file

@ -12,7 +12,7 @@ from saltfactories.utils import random_string
import salt.config
import salt.utils.files
from tests.conftest import CODE_DIR
from tests.conftest import CODE_DIR, FIPS_TESTRUN
from tests.support.pkg import ApiRequest, SaltMaster, SaltMasterWindows, SaltPkgInstall
log = logging.getLogger(__name__)
@ -298,6 +298,9 @@ def salt_master(salt_factories, install_salt, pkg_tests_account):
},
},
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
"open_mode": True,
}
salt_user_in_config_file = False
@ -449,6 +452,8 @@ def salt_minion(salt_factories, salt_master, install_salt):
"file_roots": salt_master.config["file_roots"].copy(),
"pillar_roots": salt_master.config["pillar_roots"].copy(),
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
"open_mode": True,
}
if platform.is_windows():