From 43e2f36f6afc09727404224de27cdf741313b365 Mon Sep 17 00:00:00 2001 From: David Kirov Date: Fri, 22 Nov 2024 16:21:36 +0100 Subject: [PATCH] Only test on Linux --- .../tests/base/checks/test_fips_mode.py | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/datadog_checks_base/tests/base/checks/test_fips_mode.py b/datadog_checks_base/tests/base/checks/test_fips_mode.py index 83d30a3eb9699..09b7b14c59e9e 100644 --- a/datadog_checks_base/tests/base/checks/test_fips_mode.py +++ b/datadog_checks_base/tests/base/checks/test_fips_mode.py @@ -5,11 +5,12 @@ # Licensed under a 3-clause BSD style license (see LICENSE) import json import logging -import os +import sys from typing import Any # noqa: F401 import mock import pytest +import subprocess from datadog_checks.base import AgentCheck from pathlib import Path @@ -17,27 +18,46 @@ PATH_TO_EMBEDDED = str(Path(__file__).resolve().parent.parent.parent / "fixtures" / "fips" / "embedded") +@pytest.fixture(scope="function", autouse=True) +def create_conf(): + command = [ + "openssl", + "fipsinstall", + "-module", f'{PATH_TO_EMBEDDED}/lib/ossl-modules/fips.so', + "-out", f'{PATH_TO_EMBEDDED}/ssl/fipsmodule.cnf', + "-provider_name", "fips" + ] + + try: + result = subprocess.run(command, check=True, capture_output=True, text=True) + except subprocess.CalledProcessError as e: + pytest.exit("Failed to set up FIPS mode. Exiting tests.", returncode=1) + yield + subprocess.run(["rm", f'{PATH_TO_EMBEDDED}/ssl/fipsmodule.cnf'], check=True) @pytest.fixture(scope="function") def clean_environment(): AgentCheck().disable_openssl_fips() yield - +@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux") def test_openssl_default_non_fips(): assert not _hashlib.get_fips_mode() +@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux") def test_openssl_fips_enable(): AgentCheck().enable_openssl_fips(path_to_embedded=PATH_TO_EMBEDDED) assert _hashlib.get_fips_mode() +@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux") def test_openssl_fips_disable(): AgentCheck().disable_openssl_fips() assert not _hashlib.get_fips_mode() +@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux") def test_md5_before_fips(): import ssl @@ -46,6 +66,7 @@ def test_md5_before_fips(): assert True +@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux") def test_md5_after_fips(clean_environment): import ssl @@ -55,7 +76,14 @@ def test_md5_after_fips(clean_environment): ctx.set_ciphers("MD5") -def test_cryptography_fips_enable(): +@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux") +def test_cryptography_md5_cryptography(): + from cryptography.hazmat.primitives import hashes + hashes.Hash(hashes.MD5()) + + +@pytest.mark.skipif(not sys.platform == "linux", reason="only testing on Linux") +def test_cryptography_md5_fips(): from cryptography.exceptions import InternalError from cryptography.hazmat.primitives import hashes