diff --git a/tests/conftest.py b/tests/conftest.py index c409ff0e4f..15247d19dd 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -66,6 +66,9 @@ # Flag coverage to track suprocesses by pointing it to the right .coveragerc file os.environ["COVERAGE_PROCESS_START"] = str(COVERAGERC_FILE) +# Variable defining a FIPS test run or not +FIPS_TESTRUN = os.environ.get("FIPS_TESTRUN", "0") == "1" + # Define the pytest plugins we rely on pytest_plugins = ["tempdir", "helpers_namespace"] @@ -1051,9 +1054,12 @@ def salt_syndic_master_factory( config_overrides = { "log_level_logfile": "quiet", "fips_mode": FIPS_TESTRUN, +<<<<<<< HEAD "publish_signing_algorithm": ( "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1" ), +======= +>>>>>>> 02b147ae59 (Add a FIPS enabled test run under PhotonOS 4 to the CI process) } ext_pillar = [] if salt.utils.platform.is_windows(): @@ -1170,9 +1176,12 @@ def salt_master_factory( config_overrides = { "log_level_logfile": "quiet", "fips_mode": FIPS_TESTRUN, +<<<<<<< HEAD "publish_signing_algorithm": ( "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1" ), +======= +>>>>>>> 02b147ae59 (Add a FIPS enabled test run under PhotonOS 4 to the CI process) } ext_pillar = [] if salt.utils.platform.is_windows(): @@ -1282,8 +1291,11 @@ def salt_minion_factory(salt_master_factory): "file_roots": salt_master_factory.config["file_roots"].copy(), "pillar_roots": salt_master_factory.config["pillar_roots"].copy(), "fips_mode": FIPS_TESTRUN, +<<<<<<< HEAD "encryption_algorithm": "OAEP-SHA224" if FIPS_TESTRUN else "OAEP-SHA1", "signing_algorithm": "PKCS1v15-SHA224" if FIPS_TESTRUN else "PKCS1v15-SHA1", +======= +>>>>>>> 02b147ae59 (Add a FIPS enabled test run under PhotonOS 4 to the CI process) } virtualenv_binary = get_virtualenv_binary_path() diff --git a/tests/pytests/conftest.py b/tests/pytests/conftest.py index c33e2d779e..18318488fb 100644 --- a/tests/pytests/conftest.py +++ b/tests/pytests/conftest.py @@ -23,6 +23,7 @@ import salt.utils.files import salt.utils.platform from salt.serializers import yaml +from tests.conftest import FIPS_TESTRUN from tests.support.helpers import Webserver, get_virtualenv_binary_path from tests.support.pytest.helpers import TestAccount from tests.support.runtests import RUNTIME_VARS diff --git a/tools/pre_commit.py b/tools/pre_commit.py index 1ecfc2b005..2d521d4691 100644 --- a/tools/pre_commit.py +++ b/tools/pre_commit.py @@ -81,6 +81,158 @@ def generate_workflows(ctx: Context): }, }, } + test_salt_listing = { + "linux": [ + ("almalinux-8", "Alma Linux 8", "x86_64"), + ("almalinux-9", "Alma Linux 9", "x86_64"), + ("amazonlinux-2", "Amazon Linux 2", "x86_64"), + ("amazonlinux-2-arm64", "Amazon Linux 2 Arm64", "aarch64"), + ("amazonlinux-2023", "Amazon Linux 2023", "x86_64"), + ("amazonlinux-2023-arm64", "Amazon Linux 2023 Arm64", "aarch64"), + ("archlinux-lts", "Arch Linux LTS", "x86_64"), + ("centos-7", "CentOS 7", "x86_64"), + ("centosstream-8", "CentOS Stream 8", "x86_64"), + ("centosstream-9", "CentOS Stream 9", "x86_64"), + ("debian-10", "Debian 10", "x86_64"), + ("debian-11", "Debian 11", "x86_64"), + ("debian-11-arm64", "Debian 11 Arm64", "aarch64"), + ("debian-12", "Debian 12", "x86_64"), + ("debian-12-arm64", "Debian 12 Arm64", "aarch64"), + ("fedora-37", "Fedora 37", "x86_64"), + ("fedora-38", "Fedora 38", "x86_64"), + ("opensuse-15", "Opensuse 15", "x86_64"), + ("photonos-3", "Photon OS 3", "x86_64"), + ("photonos-3-arm64", "Photon OS 3 Arm64", "aarch64"), + ("photonos-4", "Photon OS 4", "x86_64"), + ("photonos-4-arm64", "Photon OS 4 Arm64", "aarch64"), + ("photonos-5", "Photon OS 5", "x86_64"), + ("photonos-5-arm64", "Photon OS 5 Arm64", "aarch64"), + ("ubuntu-20.04", "Ubuntu 20.04", "x86_64"), + ("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64"), + ("ubuntu-22.04", "Ubuntu 22.04", "x86_64"), + ("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64"), + ], + "macos": [ + ("macos-12", "macOS 12", "x86_64"), + ], + "windows": [ + ("windows-2016", "Windows 2016", "amd64"), + ("windows-2019", "Windows 2019", "amd64"), + ("windows-2022", "Windows 2022", "amd64"), + ], + } + for idx, (slug, display_name, arch) in enumerate(test_salt_listing["linux"][:]): + fips = False + test_salt_listing["linux"][idx] = (slug, display_name, arch, fips) # type: ignore[assignment] + if slug == "photonos-4": + fips = True + test_salt_listing["linux"].append((slug, display_name, arch, fips)) # type: ignore[arg-type] + + test_salt_pkg_listing = { + "linux": ( + ("amazonlinux-2", "Amazon Linux 2", "x86_64", "rpm"), + ("amazonlinux-2-arm64", "Amazon Linux 2 Arm64", "aarch64", "rpm"), + ("amazonlinux-2023", "Amazon Linux 2023", "x86_64", "rpm"), + ("amazonlinux-2023-arm64", "Amazon Linux 2023 Arm64", "aarch64", "rpm"), + ("centos-7", "CentOS 7", "x86_64", "rpm"), + ("centosstream-8", "CentOS Stream 8", "x86_64", "rpm"), + ("centosstream-9", "CentOS Stream 9", "x86_64", "rpm"), + ("debian-10", "Debian 10", "x86_64", "deb"), + ("debian-11", "Debian 11", "x86_64", "deb"), + ("debian-11-arm64", "Debian 11 Arm64", "aarch64", "deb"), + ("debian-12", "Debian 12", "x86_64", "deb"), + ("debian-12-arm64", "Debian 12 Arm64", "aarch64", "deb"), + ("photonos-3", "Photon OS 3", "x86_64", "rpm"), + ("photonos-3-arm64", "Photon OS 3 Arm64", "aarch64", "rpm"), + ("photonos-4", "Photon OS 4", "x86_64", "rpm"), + ("photonos-4-arm64", "Photon OS 4 Arm64", "aarch64", "rpm"), + ("photonos-5", "Photon OS 5", "x86_64", "rpm"), + ("photonos-5-arm64", "Photon OS 5 Arm64", "aarch64", "rpm"), + ("ubuntu-20.04", "Ubuntu 20.04", "x86_64", "deb"), + ("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64", "deb"), + ("ubuntu-22.04", "Ubuntu 22.04", "x86_64", "deb"), + ("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64", "deb"), + ), + "macos": (("macos-12", "macOS 12", "x86_64"),), + "windows": ( + ("windows-2016", "Windows 2016", "amd64"), + ("windows-2019", "Windows 2019", "amd64"), + ("windows-2022", "Windows 2022", "amd64"), + ), + } + build_ci_deps_listing = { + "linux": [ + ("almalinux-8", "Alma Linux 8", "x86_64"), + ("almalinux-8-arm64", "Alma Linux 8 Arm64", "aarch64"), + ("almalinux-9", "Alma Linux 9", "x86_64"), + ("almalinux-9-arm64", "Alma Linux 9 Arm64", "aarch64"), + ("amazonlinux-2", "Amazon Linux 2", "x86_64"), + ("amazonlinux-2-arm64", "Amazon Linux 2 Arm64", "aarch64"), + ("amazonlinux-2023", "Amazon Linux 2023", "x86_64"), + ("amazonlinux-2023-arm64", "Amazon Linux 2023 Arm64", "aarch64"), + ("archlinux-lts", "Arch Linux LTS", "x86_64"), + ("centos-7", "CentOS 7", "x86_64"), + ("centos-7-arm64", "CentOS 7 Arm64", "aarch64"), + ("centosstream-8", "CentOS Stream 8", "x86_64"), + ("centosstream-8-arm64", "CentOS Stream 8 Arm64", "aarch64"), + ("centosstream-9", "CentOS Stream 9", "x86_64"), + ("centosstream-9-arm64", "CentOS Stream 9 Arm64", "aarch64"), + ("debian-10", "Debian 10", "x86_64"), + ("debian-11", "Debian 11", "x86_64"), + ("debian-11-arm64", "Debian 11 Arm64", "aarch64"), + ("debian-12", "Debian 12", "x86_64"), + ("debian-12-arm64", "Debian 12 Arm64", "aarch64"), + ("fedora-37", "Fedora 37", "x86_64"), + ("fedora-37-arm64", "Fedora 37 Arm64", "aarch64"), + ("fedora-38", "Fedora 38", "x86_64"), + ("fedora-38-arm64", "Fedora 38 Arm64", "aarch64"), + ("opensuse-15", "Opensuse 15", "x86_64"), + ("photonos-3", "Photon OS 3", "x86_64"), + ("photonos-3-arm64", "Photon OS 3 Arm64", "aarch64"), + ("photonos-4", "Photon OS 4", "x86_64"), + ("photonos-4-arm64", "Photon OS 4 Arm64", "aarch64"), + ("photonos-5", "Photon OS 5", "x86_64"), + ("photonos-5-arm64", "Photon OS 5 Arm64", "aarch64"), + ("ubuntu-20.04", "Ubuntu 20.04", "x86_64"), + ("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64"), + ("ubuntu-22.04", "Ubuntu 22.04", "x86_64"), + ("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64"), + ], + "macos": [ + ("macos-12", "macOS 12", "x86_64"), + ], + "windows": [ + ("windows-2016", "Windows 2016", "amd64"), + ("windows-2019", "Windows 2019", "amd64"), + ("windows-2022", "Windows 2022", "amd64"), + ], + } + test_salt_pkg_downloads_listing: dict[str, list[tuple[str, str, str]]] = { + "linux": [], + "macos": [], + "windows": [], + } + for slug, display_name, arch in build_ci_deps_listing["linux"]: + if slug in ("archlinux-lts", "opensuse-15"): + continue + test_salt_pkg_downloads_listing["linux"].append((slug, arch, "package")) + for slug, display_name, arch in build_ci_deps_listing["linux"][-2:]: + if slug in ("archlinux-lts", "opensuse-15"): + continue + test_salt_pkg_downloads_listing["linux"].append((slug, arch, "onedir")) + for slug, display_name, arch in build_ci_deps_listing["macos"]: + test_salt_pkg_downloads_listing["macos"].append((slug, arch, "package")) + for slug, display_name, arch in build_ci_deps_listing["macos"][-1:]: + test_salt_pkg_downloads_listing["macos"].append((slug, arch, "onedir")) + for slug, display_name, arch in build_ci_deps_listing["windows"][-1:]: + for pkg_type in ("nsis", "msi", "onedir"): + test_salt_pkg_downloads_listing["windows"].append((slug, arch, pkg_type)) + + test_salt_pkg_downloads_needs_slugs = set() + for platform in test_salt_pkg_downloads_listing: + for slug, _, _ in test_salt_pkg_downloads_listing[platform]: + test_salt_pkg_downloads_needs_slugs.add(f"{slug.replace('.', '')}-ci-deps") + env = Environment( block_start_string="<%", block_end_string="%>", diff --git a/tools/vm.py b/tools/vm.py index 9500317f52..76e8707945 100644 --- a/tools/vm.py +++ b/tools/vm.py @@ -302,6 +302,7 @@ def test( print_system_info: bool = False, skip_code_coverage: bool = False, envvars: list[str] = None, + fips: bool = False, ): """ Run test in the VM. @@ -336,6 +337,9 @@ def test( if "photonos" in name: skip_known_failures = os.environ.get("SKIP_INITIAL_PHOTONOS_FAILURES", "1") env["SKIP_INITIAL_PHOTONOS_FAILURES"] = skip_known_failures + if fips: + env["FIPS_TESTRUN"] = "1" + vm.run(["tdnf", "install", "-y", "openssl-fips-provider"], sudo=True) if envvars: for key in envvars: if key not in os.environ: @@ -670,6 +674,9 @@ def write_ssh_config(self): forward_agent = "no" else: forward_agent = "yes" + ciphers = "" + if "photonos" in self.name: + ciphers = "Ciphers=aes256-gcm@openssh.com,aes256-cbc,aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com" ssh_config = textwrap.dedent( f"""\ Host {self.name} @@ -681,6 +688,8 @@ def write_ssh_config(self): StrictHostKeyChecking=no UserKnownHostsFile=/dev/null ForwardAgent={forward_agent} + PasswordAuthentication=no + {ciphers} """ ) self.ssh_config_file.write_text(ssh_config)