mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Skip some md5 related unit tests when running in fips mode
This commit is contained in:
parent
531eaddb3d
commit
e05b22e0d1
2 changed files with 33 additions and 7 deletions
|
@ -28,9 +28,18 @@ sys.setdefaultencoding("utf8")
|
||||||
|
|
||||||
class TestUtils(unittest.TestCase):
|
class TestUtils(unittest.TestCase):
|
||||||
|
|
||||||
|
def _is_fips(self):
|
||||||
|
try:
|
||||||
|
data = open('/proc/sys/crypto/fips_enabled').read().strip()
|
||||||
|
except:
|
||||||
|
return False
|
||||||
|
if data != '1':
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
def test_before_comment(self):
|
def test_before_comment(self):
|
||||||
''' see if we can detect the part of a string before a comment. Used by INI parser in inventory '''
|
''' see if we can detect the part of a string before a comment. Used by INI parser in inventory '''
|
||||||
|
|
||||||
input = "before # comment"
|
input = "before # comment"
|
||||||
expected = "before "
|
expected = "before "
|
||||||
actual = ansible.utils.before_comment(input)
|
actual = ansible.utils.before_comment(input)
|
||||||
|
@ -357,10 +366,14 @@ class TestUtils(unittest.TestCase):
|
||||||
dict(foo=dict(bar='qux')))
|
dict(foo=dict(bar='qux')))
|
||||||
|
|
||||||
def test_md5s(self):
|
def test_md5s(self):
|
||||||
|
if self._is_fips():
|
||||||
|
raise SkipTest('MD5 unavailable on FIPs enabled systems')
|
||||||
self.assertEqual(ansible.utils.md5s('ansible'), '640c8a5376aa12fa15cf02130ce239a6')
|
self.assertEqual(ansible.utils.md5s('ansible'), '640c8a5376aa12fa15cf02130ce239a6')
|
||||||
# Need a test that causes UnicodeEncodeError See 4221
|
# Need a test that causes UnicodeEncodeError See 4221
|
||||||
|
|
||||||
def test_md5(self):
|
def test_md5(self):
|
||||||
|
if self._is_fips():
|
||||||
|
raise SkipTest('MD5 unavailable on FIPs enabled systems')
|
||||||
self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cfg')),
|
self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cfg')),
|
||||||
'fb7b5b90ea63f04bde33e804b6fad42c')
|
'fb7b5b90ea63f04bde33e804b6fad42c')
|
||||||
self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cf')),
|
self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cf')),
|
||||||
|
@ -373,7 +386,7 @@ class TestUtils(unittest.TestCase):
|
||||||
def test_checksum(self):
|
def test_checksum(self):
|
||||||
self.assertEqual(ansible.utils.checksum(os.path.join(os.path.dirname(__file__), 'ansible.cfg')),
|
self.assertEqual(ansible.utils.checksum(os.path.join(os.path.dirname(__file__), 'ansible.cfg')),
|
||||||
'658b67c8ac7595adde7048425ff1f9aba270721a')
|
'658b67c8ac7595adde7048425ff1f9aba270721a')
|
||||||
self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cf')),
|
self.assertEqual(ansible.utils.checksum(os.path.join(os.path.dirname(__file__), 'ansible.cf')),
|
||||||
None)
|
None)
|
||||||
|
|
||||||
def test_default(self):
|
def test_default(self):
|
||||||
|
@ -443,10 +456,6 @@ class TestUtils(unittest.TestCase):
|
||||||
hash = ansible.utils.do_encrypt('ansible', 'sha256_crypt')
|
hash = ansible.utils.do_encrypt('ansible', 'sha256_crypt')
|
||||||
self.assertTrue(passlib.hash.sha256_crypt.verify('ansible', hash))
|
self.assertTrue(passlib.hash.sha256_crypt.verify('ansible', hash))
|
||||||
|
|
||||||
hash = ansible.utils.do_encrypt('ansible', 'md5_crypt', salt_size=4)
|
|
||||||
self.assertTrue(passlib.hash.md5_crypt.verify('ansible', hash))
|
|
||||||
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
ansible.utils.do_encrypt('ansible', 'ansible')
|
ansible.utils.do_encrypt('ansible', 'ansible')
|
||||||
except ansible.errors.AnsibleError:
|
except ansible.errors.AnsibleError:
|
||||||
|
@ -454,6 +463,12 @@ class TestUtils(unittest.TestCase):
|
||||||
else:
|
else:
|
||||||
raise AssertionError('Incorrect exception, expected AnsibleError')
|
raise AssertionError('Incorrect exception, expected AnsibleError')
|
||||||
|
|
||||||
|
def test_do_encrypt_md5(self):
|
||||||
|
if self._is_fips:
|
||||||
|
raise SkipTest('MD5 unavailable on FIPS systems')
|
||||||
|
hash = ansible.utils.do_encrypt('ansible', 'md5_crypt', salt_size=4)
|
||||||
|
self.assertTrue(passlib.hash.md5_crypt.verify('ansible', hash))
|
||||||
|
|
||||||
def test_last_non_blank_line(self):
|
def test_last_non_blank_line(self):
|
||||||
self.assertEqual(ansible.utils.last_non_blank_line('a\n\nb\n\nc'), 'c')
|
self.assertEqual(ansible.utils.last_non_blank_line('a\n\nb\n\nc'), 'c')
|
||||||
self.assertEqual(ansible.utils.last_non_blank_line(''), '')
|
self.assertEqual(ansible.utils.last_non_blank_line(''), '')
|
||||||
|
|
|
@ -36,6 +36,15 @@ except ImportError:
|
||||||
|
|
||||||
class TestVaultLib(TestCase):
|
class TestVaultLib(TestCase):
|
||||||
|
|
||||||
|
def _is_fips(self):
|
||||||
|
try:
|
||||||
|
data = open('/proc/sys/crypto/fips_enabled').read().strip()
|
||||||
|
except:
|
||||||
|
return False
|
||||||
|
if data != '1':
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
def test_methods_exist(self):
|
def test_methods_exist(self):
|
||||||
v = VaultLib('ansible')
|
v = VaultLib('ansible')
|
||||||
slots = ['is_encrypted',
|
slots = ['is_encrypted',
|
||||||
|
@ -77,6 +86,8 @@ class TestVaultLib(TestCase):
|
||||||
assert v.version == "9.9"
|
assert v.version == "9.9"
|
||||||
|
|
||||||
def test_encrypt_decrypt_aes(self):
|
def test_encrypt_decrypt_aes(self):
|
||||||
|
if self._is_fips():
|
||||||
|
raise SkipTest('MD5 not available on FIPS enabled systems')
|
||||||
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
||||||
raise SkipTest
|
raise SkipTest
|
||||||
v = VaultLib('ansible')
|
v = VaultLib('ansible')
|
||||||
|
@ -84,7 +95,7 @@ class TestVaultLib(TestCase):
|
||||||
enc_data = v.encrypt("foobar")
|
enc_data = v.encrypt("foobar")
|
||||||
dec_data = v.decrypt(enc_data)
|
dec_data = v.decrypt(enc_data)
|
||||||
assert enc_data != "foobar", "encryption failed"
|
assert enc_data != "foobar", "encryption failed"
|
||||||
assert dec_data == "foobar", "decryption failed"
|
assert dec_data == "foobar", "decryption failed"
|
||||||
|
|
||||||
def test_encrypt_decrypt_aes256(self):
|
def test_encrypt_decrypt_aes256(self):
|
||||||
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
||||||
|
|
Loading…
Reference in a new issue