More fips test fixes

2025-04-17 10:10:20 +00:00 · 2024-06-25 01:08:16 -07:00 · 2024-06-25 01:08:16 -07:00 · a359f9188f
commit a359f9188f
parent 43565e2210
4 changed files with 41 additions and 10 deletions
--- a/tests/integration/loader/test_ext_grains.py
+++ b/tests/integration/loader/test_ext_grains.py
@ -16,6 +16,7 @@ from tests.support.case import ModuleCase
 from tests.support.runtests import RUNTIME_VARS


+@pytest.mark.timeout(120)
@pytest.mark.windows_whitelisted
 class LoaderGrainsTest(ModuleCase):
    """
--- a/tests/pytests/functional/cli/test_salt_deltaproxy.py
+++ b/tests/pytests/functional/cli/test_salt_deltaproxy.py
@ -9,6 +9,7 @@ import pytest
 from saltfactories.utils import random_string

 import salt.defaults.exitcodes
+from tests.conftest import FIPS_TESTRUN
 from tests.support.helpers import PRE_PYTEST_SKIP_REASON

 log = logging.getLogger(__name__)
@ -29,7 +30,14 @@ def salt_master(salt_factories):
        "open_mode": True,
    }
    salt_master = salt_factories.salt_master_daemon(
-        "deltaproxy-functional-master", defaults=config_defaults
+        "deltaproxy-functional-master",
+        defaults=config_defaults,
+        overrides={
+            "fips_mode": FIPS_TESTRUN,
+            "publish_signing_algorithm": (
+                "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
+            ),
+        },
    )
    with salt_master.started():
        yield salt_master
@ -172,6 +180,15 @@ def test_exit_status_correct_usage_large_number_of_minions(
            factory = salt_master.salt_proxy_minion_daemon(
                proxy_minion_id,
                defaults=config_defaults,
+                overrides={
+                    "fips_mode": FIPS_TESTRUN,
+                    "encryption_algorithm": (
+                        "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1"
+                    ),
+                    "signing_algorithm": (
+                        "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
+                    ),
+                },
                extra_cli_arguments_after_first_start_failure=["--log-level=info"],
                start_timeout=240,
            )
--- a/tests/pytests/integration/cluster/conftest.py
+++ b/tests/pytests/integration/cluster/conftest.py
@ -4,6 +4,7 @@ import subprocess
 import pytest

 import salt.utils.platform
+from tests.conftest import FIPS_TESTRUN

 log = logging.getLogger(__name__)

@ -51,6 +52,10 @@ def cluster_master_1(request, salt_factories, cluster_pki_path, cluster_cache_pa
            "salt.channel": "debug",
            "salt.utils.event": "debug",
        },
+        "fips_mode": FIPS_TESTRUN,
+        "publish_signing_algorithm": (
+            "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
+        ),
    }
    factory = salt_factories.salt_master_daemon(
        "127.0.0.1",
@ -86,6 +91,10 @@ def cluster_master_2(salt_factories, cluster_master_1):
            "salt.channel": "debug",
            "salt.utils.event": "debug",
        },
+        "fips_mode": FIPS_TESTRUN,
+        "publish_signing_algorithm": (
+            "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
+        ),
    }

    # Use the same ports for both masters, they are binding to different interfaces
@ -128,6 +137,10 @@ def cluster_master_3(salt_factories, cluster_master_1):
            "salt.channel": "debug",
            "salt.utils.event": "debug",
        },
+        "fips_mode": FIPS_TESTRUN,
+        "publish_signing_algorithm": (
+            "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
+        ),
    }

    # Use the same ports for both masters, they are binding to different interfaces
@ -163,6 +176,9 @@ def cluster_minion_1(cluster_master_1):
            "salt.channel": "debug",
            "salt.utils.event": "debug",
        },
+        "fips_mode": FIPS_TESTRUN,
+        "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
+        "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
    }
    factory = cluster_master_1.salt_minion_daemon(
        "cluster-minion-1",
--- a/tests/pytests/integration/runners/test_match.py
+++ b/tests/pytests/integration/runners/test_match.py
@ -93,9 +93,8 @@ def match_salt_minion_alice(match_salt_master):
        defaults={"open_mode": True, "grains": {"role": "alice"}},
        overrides={
            "fips_mode": FIPS_TESTRUN,
-            "publish_signing_algorithm": (
-                "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
-            ),
+            "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
+            "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
        },
    )
    with factory.started():
@ -114,9 +113,8 @@ def match_salt_minion_eve(match_salt_master):
        defaults={"open_mode": True, "grains": {"role": "eve"}},
        overrides={
            "fips_mode": FIPS_TESTRUN,
-            "publish_signing_algorithm": (
-                "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
-            ),
+            "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
+            "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
        },
    )
    with factory.started():
@ -135,9 +133,8 @@ def match_salt_minion_bob(match_salt_master):
        defaults={"open_mode": True},
        overrides={
            "fips_mode": FIPS_TESTRUN,
-            "publish_signing_algorithm": (
-                "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1"
-            ),
+            "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1",
+            "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1",
        },
    )
    with factory.started():