saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix scenarios tests under FIPS

Browse source
This commit is contained in:
Daniel A. Wozniak 2024-05-29 01:40:10 -07:00 committed by Daniel Wozniak
parent 1d0fcee9c1
commit 96395966da
11 changed files with 107 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
tests/pytests/scenarios/blackout/conftest.py
View file

@ -5,6 +5,8 @@ import time
import attr
import pytest
from tests.conftest import FIPS_TESTRUN
@attr.s
class BlackoutPillar:
@ -126,9 +128,17 @@ def salt_master(salt_factories, pillar_state_tree):
"pillar_roots": {"base": [str(pillar_state_tree)]},
"open_mode": True,
}
config_overrides = {
"interface": "127.0.0.1",
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
factory = salt_factories.salt_master_daemon(
"blackout-master",
defaults=config_defaults,
overrides=config_overrides,
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
)
with factory.started():
@ -138,7 +148,13 @@ def salt_master(salt_factories, pillar_state_tree):
@pytest.fixture(scope="package")
def salt_minion_1(salt_master):
factory = salt_master.salt_minion_daemon(
"blackout-minion-1", defaults={"open_mode": True}
"blackout-minion-1",
defaults={"open_mode": True},
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
)
with factory.started():
yield factory
@ -147,7 +163,13 @@ def salt_minion_1(salt_master):
@pytest.fixture(scope="package")
def salt_minion_2(salt_master):
factory = salt_master.salt_minion_daemon(
"blackout-minion-2", defaults={"open_mode": True}
"blackout-minion-2",
defaults={"open_mode": True},
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
)
with factory.started():
yield factory

5
tests/pytests/scenarios/compat/conftest.py
View file

@ -14,6 +14,7 @@ from saltfactories.daemons.container import Container
from saltfactories.utils import random_string
import salt.utils.path
from tests.conftest import FIPS_TESTRUN
from tests.support.runtests import RUNTIME_VARS
from tests.support.sminion import create_sminion
@ -135,6 +136,10 @@ def salt_master(
"log_level_logfile": "quiet",
# We also want to scrutinize the key acceptance
"open_mode": False,
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
# We need to copy the extension modules into the new master root_dir or

8
tests/pytests/scenarios/compat/test_with_versions.py
View file

@ -13,6 +13,7 @@ from saltfactories.daemons.container import SaltMinion
from saltfactories.utils import random_string
import salt.utils.platform
from tests.conftest import FIPS_TESTRUN
from tests.support.runtests import RUNTIME_VARS
docker = pytest.importorskip("docker")
@ -77,6 +78,9 @@ def salt_minion(
},
# We also want to scrutinize the key acceptance
"open_mode": False,
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_master.salt_minion_daemon(
minion_id,
@ -148,12 +152,14 @@ def populated_state_tree(minion_id, package_name, state_tree):
yield
@pytest.mark.skip_on_fips_enabled_platform
def test_ping(salt_cli, salt_minion):
ret = salt_cli.run("test.ping", minion_tgt=salt_minion.id)
assert ret.returncode == 0, ret
assert ret.data is True
@pytest.mark.skip_on_fips_enabled_platform
@pytest.mark.usefixtures("populated_state_tree")
def test_highstate(salt_cli, salt_minion, package_name):
"""
@ -167,6 +173,7 @@ def test_highstate(salt_cli, salt_minion, package_name):
assert package_name in state_return["changes"], state_return
@pytest.mark.skip_on_fips_enabled_platform
@pytest.fixture
def cp_file_source():
source = pathlib.Path(RUNTIME_VARS.BASE_FILES) / "cheese"
@ -175,6 +182,7 @@ def cp_file_source():
yield pathlib.Path(temp_file)
@pytest.mark.skip_on_fips_enabled_platform
def test_cp(salt_cp_cli, salt_minion, artifacts_path, cp_file_source):
"""
Assert proper behaviour for salt-cp with a newer master and older minions.

6
tests/pytests/scenarios/daemons/conftest.py
View file

@ -1,6 +1,8 @@
import pytest
from saltfactories.utils import random_string
from tests.conftest import FIPS_TESTRUN
@pytest.fixture(scope="package")
def salt_master_factory(request, salt_factories):
@ -10,6 +12,10 @@ def salt_master_factory(request, salt_factories):
}
config_overrides = {
"interface": "127.0.0.1",
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
return salt_factories.salt_master_daemon(

9
tests/pytests/scenarios/dns/conftest.py
View file

@ -4,6 +4,8 @@ import subprocess
import pytest
from tests.conftest import FIPS_TESTRUN
log = logging.getLogger(__name__)
@ -53,6 +55,10 @@ def master(request, salt_factories):
}
config_overrides = {
"interface": "0.0.0.0",
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
factory = salt_factories.salt_master_daemon(
"master",
@ -84,6 +90,9 @@ def minion(master, master_alive_interval):
"master": f"master.local:{port}",
"publish_port": master.config["publish_port"],
"master_alive_interval": master_alive_interval,
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = master.salt_minion_daemon(
"minion",

13
tests/pytests/scenarios/dns/multimaster/conftest.py
View file

@ -5,6 +5,8 @@ import subprocess
import pytest
from tests.conftest import FIPS_TESTRUN
log = logging.getLogger(__name__)
@ -20,6 +22,10 @@ def salt_mm_master_1(request, salt_factories):
config_overrides = {
"interface": "0.0.0.0",
"master_sign_pubkey": True,
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
factory = salt_factories.salt_master_daemon(
"mm-master-1",
@ -55,6 +61,10 @@ def salt_mm_master_2(salt_factories, salt_mm_master_1):
config_overrides = {
"interface": "0.0.0.0",
"master_sign_pubkey": True,
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
# Use the same ports for both masters, they are binding to different interfaces
@ -103,6 +113,9 @@ def salt_mm_minion_1(salt_mm_master_1, salt_mm_master_2, master_alive_interval):
"master_tries": -1,
"verify_master_pubkey_sign": True,
"retry_dns": True,
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_mm_master_1.salt_minion_daemon(
"mm-minion-1",

15
tests/pytests/scenarios/failover/multimaster/conftest.py
View file

@ -8,6 +8,7 @@ import pytest
from pytestshellutils.exceptions import FactoryNotStarted, FactoryTimeout
import salt.utils.platform
from tests.conftest import FIPS_TESTRUN
log = logging.getLogger(__name__)
@ -21,6 +22,10 @@ def salt_mm_failover_master_1(request, salt_factories):
config_overrides = {
"interface": "127.0.0.1",
"master_sign_pubkey": True,
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
factory = salt_factories.salt_master_daemon(
"mm-failover-master-1",
@ -49,6 +54,10 @@ def salt_mm_failover_master_2(salt_factories, salt_mm_failover_master_1):
config_overrides = {
"interface": "127.0.0.2",
"master_sign_pubkey": True,
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
# Use the same ports for both masters, they are binding to different interfaces
@ -100,6 +109,9 @@ def salt_mm_failover_minion_1(salt_mm_failover_master_1, salt_mm_failover_master
"master_tries": -1,
"verify_master_pubkey_sign": True,
"retry_dns": 1,
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_mm_failover_master_1.salt_minion_daemon(
"mm-failover-minion-1",
@ -138,6 +150,9 @@ def salt_mm_failover_minion_2(salt_mm_failover_master_1, salt_mm_failover_master
"master_tries": -1,
"verify_master_pubkey_sign": True,
"retry_dns": 1,
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_mm_failover_master_2.salt_minion_daemon(
"mm-failover-minion-2",

5
tests/pytests/scenarios/failover/multimaster/test_failover_master.py
View file

@ -5,6 +5,8 @@ import time
import pytest
from tests.conftest import FIPS_TESTRUN
pytestmark = [
pytest.mark.core_test,
pytest.mark.skip_on_freebsd(reason="Processes are not properly killed on FreeBSD"),
@ -36,6 +38,9 @@ def test_pki(salt_mm_failover_master_1, salt_mm_failover_master_2, caplog):
"master_alive_interval": 5,
"master_tries": -1,
"verify_master_pubkey_sign": True,
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
}
factory = salt_mm_failover_master_1.salt_minion_daemon(
"mm-failover-pki-minion-1",

1
tests/pytests/scenarios/multimaster/conftest.py
View file

@ -26,7 +26,6 @@ def salt_mm_master_1(request, salt_factories):
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
}
factory = salt_factories.salt_master_daemon(
"mm-master-1",
defaults=config_defaults,

13
tests/pytests/scenarios/reauth/conftest.py
View file

@ -1,12 +1,20 @@
import pytest
from saltfactories.utils import random_string
from tests.conftest import FIPS_TESTRUN
@pytest.fixture(scope="package")
def salt_master_factory(salt_factories):
factory = salt_factories.salt_master_daemon(
random_string("reauth-master-"),
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
overrides={
"fips_mode": FIPS_TESTRUN,
"publish_signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA224"
),
},
)
return factory
@ -22,6 +30,11 @@ def salt_minion_factory(salt_master):
factory = salt_master.salt_minion_daemon(
random_string("reauth-minion-"),
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
"signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
},
)
return factory

9
tests/pytests/scenarios/swarm/conftest.py
View file

@ -64,6 +64,15 @@ def minion_swarm(salt_master, minion_count):
minion_factory = salt_master.salt_minion_daemon(
random_string(f"swarm-minion-{idx}-"),
extra_cli_arguments_after_first_start_failure=["--log-level=info"],
overrides={
"fips_mode": FIPS_TESTRUN,
"encryption_algorithm": (
"OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1"
),
"signing_algorithm": (
"PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
),
},
)
stack.enter_context(minion_factory.started())
minions.append(minion_factory)