Skip to content

Commit 361b1af

Browse files
travierdustymabe
travier
authored and
dustymabe
committed
Revert "tests: add fips.enable.tls"
This reverts commit f8f3c3a.
1 parent 5345a70 commit 361b1af

4 files changed

Lines changed: 0 additions & 218 deletions

File tree

mantle/kola/tests/fips/fips.go

Lines changed: 0 additions & 70 deletions
Original file line numberDiff line numberDiff line change
@@ -140,70 +140,6 @@ func init() {
140140
}
141141
}`),
142142
})
143-
// Test that using TLS works in FIPS mode by having Ignition fetch
144-
// a remote resource over HTTPS with FIPS compatible algorithms.
145-
// See https://issues.redhat.com/browse/COS-3487
146-
// Note that 34.172.244.189, running RHCOS 9.6 (build 20260312-0) on
147-
// Google Cloud Platform, provides HTTPS services using nginx-126:10.1.
148-
register.RegisterTest(&register.Test{
149-
Run: fipsEnableTestTLS,
150-
ClusterSize: 1,
151-
Name: `fips.enable.tls`,
152-
Description: "Verify that fips enabled works if fetching a remote resource over HTTPS with FIPS compatible algorithms.",
153-
Flags: []register.Flag{},
154-
Tags: []string{kola.NeedsInternetTag},
155-
Distros: []string{"rhcos"},
156-
Platforms: []string{"qemu"},
157-
ExcludeArchitectures: []string{"s390x", "ppc64le", "aarch64"}, // only test on x86_64
158-
UserData: conf.Ignition(`{
159-
"ignition": {
160-
"config": {
161-
"replace": {
162-
"source": null,
163-
"verification": {}
164-
}
165-
},
166-
"security": {
167-
"tls": {
168-
"certificateAuthorities": [
169-
{
170-
"compression": "gzip",
171-
"source": "data:;base64,H4sIAAAAAAAC/2SUTdN7yhbF5z7FnaduIUEY/AfdNFoQ2luYeUkkSLwk0fj0t57nnsk5Zw9/u2rV3lVrrf/+DEQGdv+jIhJiHasgRL+UcTBGVqOqoJdqQDEENY4q7G3jjqz64bkgmSjY2p8qKY3Gm0w1P7VOfYbvc+kCH9kM9AE1N1Q58G0APkKA0oi0nR+tMAp1p46NeKtUGGYXa59dMDXvpes0KXU2tHc0Z2PcBgjJD9x+4fYDf1kDbg7hqEFTLfZ9TYPECGIYYp04P+LZxeWw7nZM+cq68ueFHP/zPAh9oNW14QFNVUHaq3VtQHBWT5t93FhwWUnrFkyamb0KudwI1bgZ+jV86+TQaPrgrd/RvQRx+Xqx6lfffdnAi9FQTRw82PZ8HHM7Gt6IeaTV10vepwcr0iU/QLV250dMAquRsMi/rIJevXRV71auDPfnyVnHiD9UX4ukfUm5cGJkdr29FkGZ/DU58SQxrnjd9p/yAu+cgNL7JXq3j0oxd16NyiU3z+5bYyH5HK6NhTg5Y9J7labtJrhbee+zXBdD+7LGb42PLOOCbqoyfBp/93jvZBIBj6gGXwvCEsjE6q5o2iSGNe/EjLESWAdPw71i2EmRnCO22Y1k0i41HjGZaQLzaiM8r4kbDH3xewJdNBjhfh0ZGpTmt67ZfuLOYdjxwPJt4dh9RN/3Ba9LV78JzkjK0+rrV97xHamGieTUaRcqNVNxYdgPp5tRKtgt0PSg+wglmZ7obbN+cfNuR1JkJPLMJSx2tO1Pb+jtxnCJCpR3W8EOiGWaC8LlXZ9nT0nEJyeJm2iwTzRW/Km6Yrn189YdH5Y3Fy2K1OJT+VgDPoA939NEA2cG1m5s+jIENxlB4KgwB1SvUy0mXAd8k4WAUrVO8YmmEPqRCSiiGv3dEwhqysC+RHjcuDkE1f/FBKTXfpSRh97WU19wD/tV3W6NMRK2z0HSvf/mWOYnUX9ZFgI7MvEKKldoWtHGxSRxfLc9bbQrzSORUfLm2t2J3Bw42QVnTblbl4ww4DnmpaGN6OOuxKL79dTj7LqlPtcfH3vqK2XBC93VVzwavjTN+hnskvauGroj3Z4z442peDVjPXB4urDVFX8qsv924b7x7fuXaytdrbqyy53RL0r5my2udheyLWPJcHh6t5yZi5zjnEAxTRgeh+oRDpwkhnOunL/pQRjchO3LaPwaSuLkDs/HhqodOno6JA9BZsPYZ9BgdPPgKB9l1z/H9X3L8uU11Hv/6gSTZXpsGxm4Ts/24SbbT1pehxgCjh7XYY1Dc5KYqyh5tBYH/bk/vtbDHLgW/+yt83gTr1McTwczY08UWFIvfchVldSHYixka6XAN4lyEZinOkjjINfRNRpa3iuUs77t94NcgU8U7j6FtV0TCWTp7Qym5jn1jvupgkCKYuqEyhlhpig1gy0fs7mEuCi8ERNxt1R5+hHP5SZPX1AH1evyXCuzfZeP5uRVbNLbXbZ8UBvIw5tZtt1wqIKDRXA81H/+ML9ljVzt3wX+vwAAAP//bBEEnd0FAAA="
172-
}
173-
]
174-
}
175-
},
176-
"timeouts": {},
177-
"version": "3.4.0"
178-
},
179-
"passwd": {},
180-
"storage": {
181-
"files": [
182-
{
183-
"group": {
184-
"name": "root"
185-
},
186-
"overwrite": true,
187-
"path": "/etc/ignition-machine-config-encapsulated.json",
188-
"user": {
189-
"name": "root"
190-
},
191-
"contents": {
192-
"source": "data:,%7B%22metadata%22%3A%7B%22name%22%3A%22rendered-worker-1cc576110e0cf8396831ce4016f63900%22%2C%22selfLink%22%3A%22%2Fapis%2Fmachineconfiguration.openshift.io%2Fv1%2Fmachineconfigs%2Frendered-worker-1cc576110e0cf8396831ce4016f63900%22%2C%22uid%22%3A%2248871c03-899d-4332-a5f5-bef94e54b23f%22%2C%22resourceVersion%22%3A%224168%22%2C%22generation%22%3A1%2C%22creationTimestamp%22%3A%222019-11-04T15%3A54%3A08Z%22%2C%22annotations%22%3A%7B%22machineconfiguration.openshift.io%2Fgenerated-by-controller-version%22%3A%22bd846958bc95d049547164046a962054fca093df%22%7D%2C%22ownerReferences%22%3A%5B%7B%22apiVersion%22%3A%22machineconfiguration.openshift.io%2Fv1%22%2C%22kind%22%3A%22MachineConfigPool%22%2C%22name%22%3A%22worker%22%2C%22uid%22%3A%223d0dee9e-c9d6-4656-a4a9-81785b9ab01a%22%2C%22controller%22%3Atrue%2C%22blockOwnerDeletion%22%3Atrue%7D%5D%7D%2C%22spec%22%3A%7B%22osImageURL%22%3A%22registry.svc.ci.openshift.org%2Focp%2F4.3-2019-11-04-125204%40sha256%3A8a344c5b157bd01c3ca1abfcef0004fc39f5d69cac1cdaad0fd8dd332ad8e272%22%2C%22config%22%3A%7B%22ignition%22%3A%7B%22config%22%3A%7B%7D%2C%22security%22%3A%7B%22tls%22%3A%7B%7D%7D%2C%22timeouts%22%3A%7B%7D%2C%22version%22%3A%223.0.0%22%7D%2C%22networkd%22%3A%7B%7D%2C%22passwd%22%3A%7B%7D%2C%22storage%22%3A%7B%7D%2C%22systemd%22%3A%7B%7D%7D%2C%22kernelArguments%22%3A%5B%5D%2C%22fips%22%3Atrue%7D%7D",
193-
"verification": {}
194-
},
195-
"mode": 420
196-
},
197-
{
198-
"path": "/var/resource/https-fips",
199-
"contents": {
200-
"source": "https://34.172.244.189:8443/index.html"
201-
}
202-
}
203-
]
204-
}
205-
}`),
206-
})
207143
}
208144

209145
// Test: Run basic FIPS test
@@ -212,9 +148,3 @@ func fipsEnableTest(c cluster.TestCluster) {
212148
c.AssertCmdOutputContains(m, `cat /proc/sys/crypto/fips_enabled`, "1")
213149
c.AssertCmdOutputContains(m, `update-crypto-policies --show`, "FIPS")
214150
}
215-
216-
func fipsEnableTestTLS(c cluster.TestCluster) {
217-
fipsEnableTest(c)
218-
m := c.Machines()[0]
219-
c.AssertCmdOutputContains(m, `cat /var/resource/https-fips`, "This file was served from an RHCOS FIPS-hardened server.")
220-
}

tests/containers/fips-nginx/Containerfile

Lines changed: 0 additions & 13 deletions
This file was deleted.

tests/containers/fips-nginx/README.md

Lines changed: 0 additions & 28 deletions
This file was deleted.

tests/containers/fips-nginx/build.sh

Lines changed: 0 additions & 107 deletions
This file was deleted.

0 commit comments

Comments
 (0)