kola/tests: Add failing test for FIPS & LUKS #4181
Conversation
|
Skipping CI for Draft Pull Request. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Code Review
This pull request adds a negative test case to ensure that LUKS setup with FIPS-incompatible algorithms fails correctly when FIPS mode is enabled. There are compilation errors due to undefined variables and mismatched function names. Renaming functions and extracting the Ignition config into a package-level variable will resolve these issues.
travier
force-pushed
the
main-fips-luks-argon2i
branch
3 times, most recently
from
3ae15d9 to
58b2d02
Compare
|
Looks like the test waits until the timeout if it does not fail, so maybe I should add a "poweroff" command to execute in the host to the test to make it fail quicker? |
There was a problem hiding this comment.
Nice, thanks for doing this!
Looks like the test waits until the timeout if it does not fail, so maybe I should add a "poweroff" command to execute in the host to the test to make it fail quicker?
Honestly also fine if it only delays in the failure case. OTOH, it's not hard either so up to you.
travier
force-pushed
the
main-fips-luks-argon2i
branch
from
58b2d02 to
0c01d09
Compare
https://github.com/coreos/coreos-assembler/pull/4181/files#r2190605106
|
travier
force-pushed
the
main-fips-luks-argon2i
branch
from
0c01d09 to
9d569b8
Compare
Ensure that setting up a LUKS device with FIPS incompatible algorithms will fail when FIPS mode is enabled. Only run this on QEMU as it should behave the same way on all platforms.
travier
force-pushed
the
main-fips-luks-argon2i
branch
from
9d569b8 to
f38ba6e
Compare
|
Should be good now. |
|
Let's start with this one and I'll make another PR for the Ignition testing parts. |
backporting coreos#4181
|
/cherrypick rhcos-4.16 |
|
@aaradhak: new pull request created: #4261 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherrypick rhcos-4.15 |
|
@aaradhak: new pull request created: #4262 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@aaradhak: new pull request created: #4263 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherrypick rhcos-4.19 |
|
@aaradhak: new pull request created: #4264 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@aaradhak: new pull request created: #4265 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@aaradhak: new pull request created: #4266 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Ensure that setting up a LUKS device with FIPS incompatible algorithms will fail when FIPS mode is enabled.