From 63bab25e1cdcb987c74cca903598a939a604850c Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Wed, 29 May 2024 14:42:42 -0700 Subject: [PATCH] Fix more FIPS tests --- .../integration/cli/test_salt_deltaproxy.py | 37 +++++++++++++++++++ tests/pytests/integration/conftest.py | 3 ++ .../integration/minion/test_job_return.py | 12 ++++++ .../pytests/integration/minion/test_reauth.py | 17 ++++++++- .../integration/minion/test_return_retries.py | 12 ++++++ tests/pytests/pkg/conftest.py | 7 +++- 6 files changed, 85 insertions(+), 3 deletions(-) diff --git a/tests/pytests/integration/cli/test_salt_deltaproxy.py b/tests/pytests/integration/cli/test_salt_deltaproxy.py index 1d8eea0e997..8c04fc2f61a 100644 --- a/tests/pytests/integration/cli/test_salt_deltaproxy.py +++ b/tests/pytests/integration/cli/test_salt_deltaproxy.py @@ -10,6 +10,7 @@ from pytestshellutils.exceptions import FactoryNotStarted from saltfactories.utils import random_string import salt.defaults.exitcodes +from tests.conftest import FIPS_TESTRUN from tests.support.helpers import PRE_PYTEST_SKIP_REASON log = logging.getLogger(__name__) @@ -129,6 +130,11 @@ def test_exit_status_correct_usage( config_defaults = { "metaproxy": "deltaproxy", } + config_overrides = { + "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", + } proxy_one = "dummy_proxy_one" proxy_two = "dummy_proxy_two" @@ -184,6 +190,7 @@ def test_exit_status_correct_usage( factory = salt_master.salt_proxy_minion_daemon( proxy_minion_id, defaults=config_defaults, + overrides=config_overrides, extra_cli_arguments_after_first_start_failure=["--log-level=info"], start_timeout=320, ) @@ -246,6 +253,11 @@ def test_missing_pillar_file( config_defaults = { "metaproxy": "deltaproxy", } + config_overrides = { + "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", + } proxy_one = "dummy_proxy_one" proxy_two = "dummy_proxy_two" @@ -287,6 +299,7 @@ def test_missing_pillar_file( factory = salt_master.salt_proxy_minion_daemon( proxy_minion_id, defaults=config_defaults, + overrides=config_overrides, extra_cli_arguments_after_first_start_failure=["--log-level=info"], start_timeout=320, ) @@ -344,6 +357,11 @@ def test_invalid_connection( config_defaults = { "metaproxy": "deltaproxy", } + config_overrides = { + "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", + } proxy_one = "dummy_proxy_one" broken_proxy_one = "broken_proxy_one" broken_proxy_two = "broken_proxy_two" @@ -415,6 +433,7 @@ def test_invalid_connection( factory = salt_master.salt_proxy_minion_daemon( proxy_minion_id, defaults=config_defaults, + overrides=config_overrides, extra_cli_arguments_after_first_start_failure=["--log-level=info"], start_timeout=320, ) @@ -474,6 +493,11 @@ def test_custom_proxy_module( config_defaults = { "metaproxy": "deltaproxy", } + config_overrides = { + "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", + } proxy_one = "custom_dummy_proxy_one" proxy_two = "custom_dummy_proxy_two" @@ -548,6 +572,7 @@ def ping(): factory = salt_master.salt_proxy_minion_daemon( proxy_minion_id, defaults=config_defaults, + overrides=config_overrides, extra_cli_arguments_after_first_start_failure=["--log-level=info"], start_timeout=320, ) @@ -611,6 +636,11 @@ def test_custom_proxy_module_raise_exception( config_defaults = { "metaproxy": "deltaproxy", } + config_overrides = { + "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", + } proxy_one = "custom_dummy_proxy_one" proxy_two = "custom_dummy_proxy_two" @@ -685,6 +715,7 @@ def ping(): factory = salt_master.salt_proxy_minion_daemon( proxy_minion_id, defaults=config_defaults, + overrides=config_overrides, extra_cli_arguments_after_first_start_failure=["--log-level=info"], start_timeout=320, ) @@ -750,6 +781,11 @@ def test_exit_status_correct_usage_large_number_of_minions( config_defaults = { "metaproxy": "deltaproxy", } + config_overrides = { + "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", + } sub_proxies = [ "proxy_one", "proxy_two", @@ -826,6 +862,7 @@ def test_exit_status_correct_usage_large_number_of_minions( factory = salt_master.salt_proxy_minion_daemon( proxy_minion_id, defaults=config_defaults, + overrides=config_overrides, extra_cli_arguments_after_first_start_failure=["--log-level=info"], start_timeout=320, ) diff --git a/tests/pytests/integration/conftest.py b/tests/pytests/integration/conftest.py index e505e55a20a..096bc28e0f2 100644 --- a/tests/pytests/integration/conftest.py +++ b/tests/pytests/integration/conftest.py @@ -17,6 +17,9 @@ def salt_master(salt_master_factory): """ A running salt-master fixture """ + print("*" * 80) + print(repr(salt_master_factory)) + print("*" * 80) with salt_master_factory.started(): yield salt_master_factory diff --git a/tests/pytests/integration/minion/test_job_return.py b/tests/pytests/integration/minion/test_job_return.py index dc345eb2771..5200af8c20c 100644 --- a/tests/pytests/integration/minion/test_job_return.py +++ b/tests/pytests/integration/minion/test_job_return.py @@ -5,6 +5,7 @@ import subprocess import pytest import salt.utils.platform +from tests.conftest import FIPS_TESTRUN @pytest.fixture @@ -15,6 +16,10 @@ def salt_master_1(request, salt_factories): } config_overrides = { "interface": "127.0.0.1", + "fips_mode": FIPS_TESTRUN, + "publish_signing_algorithm": ( + "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224" + ), } factory = salt_factories.salt_master_daemon( @@ -38,6 +43,10 @@ def salt_master_2(salt_factories, salt_master_1): } config_overrides = { "interface": "127.0.0.2", + "fips_mode": FIPS_TESTRUN, + "publish_signing_algorithm": ( + "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224" + ), } # Use the same ports for both masters, they are binding to different interfaces @@ -80,6 +89,9 @@ def salt_minion_1(salt_master_1, salt_master_2): f"{master_2_addr}:{master_2_port}", ], "test.foo": "baz", + "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", } factory = salt_master_1.salt_minion_daemon( "minion-1", diff --git a/tests/pytests/integration/minion/test_reauth.py b/tests/pytests/integration/minion/test_reauth.py index 24b256502e8..177f5ed21f7 100644 --- a/tests/pytests/integration/minion/test_reauth.py +++ b/tests/pytests/integration/minion/test_reauth.py @@ -1,5 +1,7 @@ import time +from tests.conftest import FIPS_TESTRUN + def test_reauth(salt_master_factory, event_listener): """ @@ -23,12 +25,23 @@ def test_reauth(salt_master_factory, event_listener): event_listener.register_auth_event_handler("test_reauth-master", handler) master = salt_master_factory.salt_master_daemon( "test_reauth-master", - overrides={"log_level": "info"}, + overrides={ + "log_level": "info", + "fips_mode": FIPS_TESTRUN, + "publish_signing_algorithm": ( + "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224" + ), + }, ) sls_tempfile = master.state_tree.base.temp_file(f"{sls_name}.sls", sls_contents) minion = master.salt_minion_daemon( "test_reauth-minion", - overrides={"log_level": "info"}, + overrides={ + "log_level": "info", + "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", + }, ) cli = master.salt_cli() start_time = time.time() diff --git a/tests/pytests/integration/minion/test_return_retries.py b/tests/pytests/integration/minion/test_return_retries.py index e6f4efe96b0..321387f5692 100644 --- a/tests/pytests/integration/minion/test_return_retries.py +++ b/tests/pytests/integration/minion/test_return_retries.py @@ -4,6 +4,7 @@ import pytest from saltfactories.utils import random_string import salt.utils.files +from tests.conftest import FIPS_TESTRUN @pytest.fixture(scope="function") @@ -13,6 +14,10 @@ def salt_minion_retry(salt_master, salt_minion_id): "return_retry_timer_max": 0, "return_retry_timer": 5, "return_retry_tries": 30, + "fips_mode": FIPS_TESTRUN, + "publish_signing_algorithm": ( + "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224" + ), } factory = salt_master.salt_minion_daemon( random_string("retry-minion-"), @@ -71,11 +76,18 @@ def test_pillar_timeout(salt_master_factory, tmp_path): "worker_threads": 2, "peer": True, "minion_data_cache": False, + "fips_mode": FIPS_TESTRUN, + "publish_signing_algorithm": ( + "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224" + ), } minion_overrides = { "auth_timeout": 20, "request_channel_timeout": 5, "request_channel_tries": 1, + "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", } sls_name = "issue-50221" sls_contents = """ diff --git a/tests/pytests/pkg/conftest.py b/tests/pytests/pkg/conftest.py index 5bcd544c119..8d2555e73d8 100644 --- a/tests/pytests/pkg/conftest.py +++ b/tests/pytests/pkg/conftest.py @@ -12,7 +12,7 @@ from saltfactories.utils import random_string import salt.config import salt.utils.files -from tests.conftest import CODE_DIR +from tests.conftest import CODE_DIR, FIPS_TESTRUN from tests.support.pkg import ApiRequest, SaltMaster, SaltMasterWindows, SaltPkgInstall log = logging.getLogger(__name__) @@ -298,6 +298,9 @@ def salt_master(salt_factories, install_salt, pkg_tests_account): }, }, "fips_mode": FIPS_TESTRUN, + "publish_signing_algorithm": ( + "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224" + ), "open_mode": True, } salt_user_in_config_file = False @@ -449,6 +452,8 @@ def salt_minion(salt_factories, salt_master, install_salt): "file_roots": salt_master.config["file_roots"].copy(), "pillar_roots": salt_master.config["pillar_roots"].copy(), "fips_mode": FIPS_TESTRUN, + "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", + "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", "open_mode": True, } if platform.is_windows():