mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Skip some md5 related unit tests when running in fips mode
This commit is contained in:
parent
531eaddb3d
commit
e05b22e0d1
2 changed files with 33 additions and 7 deletions
|
@ -28,9 +28,18 @@ sys.setdefaultencoding("utf8")
|
|||
|
||||
class TestUtils(unittest.TestCase):
|
||||
|
||||
def _is_fips(self):
|
||||
try:
|
||||
data = open('/proc/sys/crypto/fips_enabled').read().strip()
|
||||
except:
|
||||
return False
|
||||
if data != '1':
|
||||
return False
|
||||
return True
|
||||
|
||||
def test_before_comment(self):
|
||||
''' see if we can detect the part of a string before a comment. Used by INI parser in inventory '''
|
||||
|
||||
|
||||
input = "before # comment"
|
||||
expected = "before "
|
||||
actual = ansible.utils.before_comment(input)
|
||||
|
@ -357,10 +366,14 @@ class TestUtils(unittest.TestCase):
|
|||
dict(foo=dict(bar='qux')))
|
||||
|
||||
def test_md5s(self):
|
||||
if self._is_fips():
|
||||
raise SkipTest('MD5 unavailable on FIPs enabled systems')
|
||||
self.assertEqual(ansible.utils.md5s('ansible'), '640c8a5376aa12fa15cf02130ce239a6')
|
||||
# Need a test that causes UnicodeEncodeError See 4221
|
||||
|
||||
def test_md5(self):
|
||||
if self._is_fips():
|
||||
raise SkipTest('MD5 unavailable on FIPs enabled systems')
|
||||
self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cfg')),
|
||||
'fb7b5b90ea63f04bde33e804b6fad42c')
|
||||
self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cf')),
|
||||
|
@ -373,7 +386,7 @@ class TestUtils(unittest.TestCase):
|
|||
def test_checksum(self):
|
||||
self.assertEqual(ansible.utils.checksum(os.path.join(os.path.dirname(__file__), 'ansible.cfg')),
|
||||
'658b67c8ac7595adde7048425ff1f9aba270721a')
|
||||
self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cf')),
|
||||
self.assertEqual(ansible.utils.checksum(os.path.join(os.path.dirname(__file__), 'ansible.cf')),
|
||||
None)
|
||||
|
||||
def test_default(self):
|
||||
|
@ -443,10 +456,6 @@ class TestUtils(unittest.TestCase):
|
|||
hash = ansible.utils.do_encrypt('ansible', 'sha256_crypt')
|
||||
self.assertTrue(passlib.hash.sha256_crypt.verify('ansible', hash))
|
||||
|
||||
hash = ansible.utils.do_encrypt('ansible', 'md5_crypt', salt_size=4)
|
||||
self.assertTrue(passlib.hash.md5_crypt.verify('ansible', hash))
|
||||
|
||||
|
||||
try:
|
||||
ansible.utils.do_encrypt('ansible', 'ansible')
|
||||
except ansible.errors.AnsibleError:
|
||||
|
@ -454,6 +463,12 @@ class TestUtils(unittest.TestCase):
|
|||
else:
|
||||
raise AssertionError('Incorrect exception, expected AnsibleError')
|
||||
|
||||
def test_do_encrypt_md5(self):
|
||||
if self._is_fips:
|
||||
raise SkipTest('MD5 unavailable on FIPS systems')
|
||||
hash = ansible.utils.do_encrypt('ansible', 'md5_crypt', salt_size=4)
|
||||
self.assertTrue(passlib.hash.md5_crypt.verify('ansible', hash))
|
||||
|
||||
def test_last_non_blank_line(self):
|
||||
self.assertEqual(ansible.utils.last_non_blank_line('a\n\nb\n\nc'), 'c')
|
||||
self.assertEqual(ansible.utils.last_non_blank_line(''), '')
|
||||
|
|
|
@ -36,6 +36,15 @@ except ImportError:
|
|||
|
||||
class TestVaultLib(TestCase):
|
||||
|
||||
def _is_fips(self):
|
||||
try:
|
||||
data = open('/proc/sys/crypto/fips_enabled').read().strip()
|
||||
except:
|
||||
return False
|
||||
if data != '1':
|
||||
return False
|
||||
return True
|
||||
|
||||
def test_methods_exist(self):
|
||||
v = VaultLib('ansible')
|
||||
slots = ['is_encrypted',
|
||||
|
@ -77,6 +86,8 @@ class TestVaultLib(TestCase):
|
|||
assert v.version == "9.9"
|
||||
|
||||
def test_encrypt_decrypt_aes(self):
|
||||
if self._is_fips():
|
||||
raise SkipTest('MD5 not available on FIPS enabled systems')
|
||||
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
||||
raise SkipTest
|
||||
v = VaultLib('ansible')
|
||||
|
@ -84,7 +95,7 @@ class TestVaultLib(TestCase):
|
|||
enc_data = v.encrypt("foobar")
|
||||
dec_data = v.decrypt(enc_data)
|
||||
assert enc_data != "foobar", "encryption failed"
|
||||
assert dec_data == "foobar", "decryption failed"
|
||||
assert dec_data == "foobar", "decryption failed"
|
||||
|
||||
def test_encrypt_decrypt_aes256(self):
|
||||
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
||||
|
|
Loading…
Reference in a new issue