search

SUSE / BCI-tests

This repository contains the tests for the SUSE Base Container Images
Apache License 2.0
8 stars 21 forks source link

Run FIPS tests in non-FIPS hosts #498

Closed pablo-herranz closed 3 months ago

pablo-herranz commented 3 months ago

For FIPS images we need to run the FIPS tests, even when those are running on non-FIPS hosts. Currently the FIPS tests are skipped on non-FIPS hosts. We need to add an exception for the FIPS images in BCI-Tests

dcermak commented 3 months ago

@pablo-herranz Please also remove the -e '/fips/d' in .github/workflows/ci.yaml from line 51, so that we can run the fips tests on github too.

pablo-herranz commented 3 months ago

The function test_openssl_fips_hashes is still being skipped.

After removing the -e '/fips/d' in .github/workflows/ci.yaml, the function test_openssl_fips_hashes has started to fail in the image registry.suse.de/suse/sle-15-sp3/update/cr/totest/images/bci/bci-base:15.3.

========================================================================================================== short test summary info ===========================================================================================================
FAILED tests/test_fips.py::test_openssl_fips_hashes[bci/bci-base:15.3 from registry.suse.de/suse/sle-15-sp3/update/cr/totest/images/bci/bci-base:15.3] - AssertionError: assert 0 != 0
 +  where 0 = CommandResult(backend=<testinfra.backend.podman.PodmanBackend object at 0x7fc321eee1d0>, exit_status=0, command=b'openssl blake2b512 /dev/null', _stdout=b'BLAKE2b512(/dev/null)= 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce\n', _stderr=b'').rc
FAILED tests/test_fips.py::test_openssl_fips_hashes[suse/ltss/sle15.3/bci-base:15.3 from registry.suse.de/suse/sle-15-sp3/update/cr/totest/images/suse/ltss/sle15.3/bci-base:15.3] - AssertionError: assert 0 != 0
 +  where 0 = CommandResult(backend=<testinfra.backend.podman.PodmanBackend object at 0x7fc320b2a4d0>, exit_status=0, command=b'openssl blake2b512 /dev/null', _stdout=b'BLAKE2b512(/dev/null)= 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce\n', _stderr=b'').rc
============================================================================================ 2 failed, 2 passed, 112 skipped in 72.50s (0:01:12) =============================================================================================
dcermak commented 3 months ago

@pablo-herranz you need to apply the same logic to the parameters of test_openssl_fips_hashes as well