Only test on Linux

DataDog · Nov 22, 2024 · 43e2f36 · 43e2f36
1 parent d2ef8e5
commit 43e2f36
Showing 1 changed file with 31 additions and 3 deletions.
diff --git a/datadog_checks_base/tests/base/checks/test_fips_mode.py b/datadog_checks_base/tests/base/checks/test_fips_mode.py
@@ -5,39 +5,59 @@
 # Licensed under a 3-clause BSD style license (see LICENSE)
 import json
 import logging
-import os
+import sys
 from typing import Any  # noqa: F401
 
 import mock
 import pytest
+import subprocess
 
 from datadog_checks.base import AgentCheck
 from pathlib import Path
 import _hashlib
 
 PATH_TO_EMBEDDED = str(Path(__file__).resolve().parent.parent.parent / "fixtures" / "fips" / "embedded")
 
+@pytest.fixture(scope="function", autouse=True)
+def create_conf():
+    command = [
+        "openssl",
+        "fipsinstall",
+        "-module", f'{PATH_TO_EMBEDDED}/lib/ossl-modules/fips.so',
+        "-out", f'{PATH_TO_EMBEDDED}/ssl/fipsmodule.cnf',
+        "-provider_name", "fips"
+    ]
+
+    try:
+        result = subprocess.run(command, check=True, capture_output=True, text=True)
+    except subprocess.CalledProcessError as e:
+        pytest.exit("Failed to set up FIPS mode. Exiting tests.", returncode=1)
+    yield
+    subprocess.run(["rm", f'{PATH_TO_EMBEDDED}/ssl/fipsmodule.cnf'], check=True)
 
 @pytest.fixture(scope="function")
 def clean_environment():
     AgentCheck().disable_openssl_fips()
     yield
 
-
+@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux")
 def test_openssl_default_non_fips():
     assert not _hashlib.get_fips_mode()
 
 
+@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux")
 def test_openssl_fips_enable():
     AgentCheck().enable_openssl_fips(path_to_embedded=PATH_TO_EMBEDDED)
     assert _hashlib.get_fips_mode()
 
 
+@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux")
 def test_openssl_fips_disable():
     AgentCheck().disable_openssl_fips()
     assert not _hashlib.get_fips_mode()
 
 
+@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux")
 def test_md5_before_fips():
     import ssl
 
@@ -46,6 +66,7 @@ def test_md5_before_fips():
     assert True
 
 
+@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux")
 def test_md5_after_fips(clean_environment):
     import ssl
 
@@ -55,7 +76,14 @@ def test_md5_after_fips(clean_environment):
         ctx.set_ciphers("MD5")
 
 
-def test_cryptography_fips_enable():
+@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux")
+def test_cryptography_md5_cryptography():
+    from cryptography.hazmat.primitives import hashes
+    hashes.Hash(hashes.MD5())
+
+
+@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux")
+def test_cryptography_md5_fips():
     from cryptography.exceptions import InternalError
     from cryptography.hazmat.primitives import hashes