Skip to content

Commit

Permalink
kola: add basic fips test
Browse files Browse the repository at this point in the history
FIPS is available on RHCOS now so lets add a test for it.
  • Loading branch information
mike-nguyen committed Nov 15, 2019
1 parent d0bd758 commit 4a0c87f
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 0 deletions.
1 change: 1 addition & 0 deletions kola/registry/registry.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
_ "github.com/coreos/mantle/kola/tests/crio"
_ "github.com/coreos/mantle/kola/tests/docker"
_ "github.com/coreos/mantle/kola/tests/etcd"
_ "github.com/coreos/mantle/kola/tests/fips"
_ "github.com/coreos/mantle/kola/tests/flannel"
_ "github.com/coreos/mantle/kola/tests/ignition"
_ "github.com/coreos/mantle/kola/tests/kubernetes"
Expand Down
48 changes: 48 additions & 0 deletions kola/tests/fips/fips.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package fips

import (
"github.com/coreos/mantle/kola/cluster"
"github.com/coreos/mantle/kola/register"
"github.com/coreos/mantle/platform/conf"
)

func init() {
register.Register(&register.Test{
Run: fipsEnableTest,
ClusterSize: 1,
Name: `fips.enable`,
Flags: []register.Flag{},
Distros: []string{"rhcos"},
UserData: conf.Ignition(`{
"ignition": {
"version": "2.2.0"
},
"storage": {
"files": [
{
"filesystem": "root",
"path": "/etc/ignition-machine-config-encapsulated.json",
"contents": {
"source": "data:,%7B%22metadata%22%3A%7B%22name%22%3A%22rendered-worker-1cc576110e0cf8396831ce4016f63900%22%2C%22selfLink%22%3A%22%2Fapis%2Fmachineconfiguration.openshift.io%2Fv1%2Fmachineconfigs%2Frendered-worker-1cc576110e0cf8396831ce4016f63900%22%2C%22uid%22%3A%2248871c03-899d-4332-a5f5-bef94e54b23f%22%2C%22resourceVersion%22%3A%224168%22%2C%22generation%22%3A1%2C%22creationTimestamp%22%3A%222019-11-04T15%3A54%3A08Z%22%2C%22annotations%22%3A%7B%22machineconfiguration.openshift.io%2Fgenerated-by-controller-version%22%3A%22bd846958bc95d049547164046a962054fca093df%22%7D%2C%22ownerReferences%22%3A%5B%7B%22apiVersion%22%3A%22machineconfiguration.openshift.io%2Fv1%22%2C%22kind%22%3A%22MachineConfigPool%22%2C%22name%22%3A%22worker%22%2C%22uid%22%3A%223d0dee9e-c9d6-4656-a4a9-81785b9ab01a%22%2C%22controller%22%3Atrue%2C%22blockOwnerDeletion%22%3Atrue%7D%5D%7D%2C%22spec%22%3A%7B%22osImageURL%22%3A%22registry.svc.ci.openshift.org%2Focp%2F4.3-2019-11-04-125204%40sha256%3A8a344c5b157bd01c3ca1abfcef0004fc39f5d69cac1cdaad0fd8dd332ad8e272%22%2C%22config%22%3A%7B%22ignition%22%3A%7B%22config%22%3A%7B%7D%2C%22security%22%3A%7B%22tls%22%3A%7B%7D%7D%2C%22timeouts%22%3A%7B%7D%2C%22version%22%3A%222.2.0%22%7D%2C%22networkd%22%3A%7B%7D%2C%22passwd%22%3A%7B%7D%2C%22storage%22%3A%7B%7D%2C%22systemd%22%3A%7B%7D%7D%2C%22kernelArguments%22%3A%5B%5D%2C%22fips%22%3Atrue%7D%7D",
"verification": {}
},
"mode": 420
}
]
}
}`),
})
}

// Test: Run basic FIPS test
func fipsEnableTest(c cluster.TestCluster) {
m := c.Machines()[0]
status := c.MustSSH(m, `cat /proc/sys/crypto/fips_enabled`)
if string(status) != "1" {
c.Fatal("/proc/sys/crypto/fips_enabled is not set to 1")
}
policy := c.MustSSH(m, `update-crypto-policies --show`)
if string(policy) != "FIPS" {
c.Fatal("update-crypto-policies is not in FIPS mode")
}
}

0 comments on commit 4a0c87f

Please sign in to comment.