Skip to content

Commit

Permalink
Experiment with changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@dkirov-dd
dkirov-dd committed Dec 24, 2024
1 parent 23d2930 commit 70e2d7c
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 19 deletions.
44 changes: 25 additions & 19 deletions .github/workflows/experimental.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,19 +155,22 @@ jobs:
- name: Verify OpenSSL
if: runner.os == 'Windows'
working-directory: .\python_dir
shell: powershell
run: |
.\openssl.exe version -a
.\openssl.exe list -providers
./openssl version -a
./openssl list -providers
- name: Verify OpenSSL with FIPS ENV vars
if: runner.os == 'Windows'
working-directory: .\python_dir
shell: powershell
run: |
$env:OPENSSL_MODULES = ".\ossl-modules"
$env:OPENSSL_CONF = ".\openssl.cnf"
.\openssl.exe list -providers
if [[ "$RUNNER_OS" == "Windows" ]]; then
echo "OPENSSL_MODULES=$(pwd)\ossl-modules" >> $GITHUB_ENV
echo "OPENSSL_CONF=$(pwd)\openssl.cnf" >> $GITHUB_ENV
else
echo "OPENSSL_MODULES=$(pwd)/ossl-modules" >> $GITHUB_ENV
echo "OPENSSL_CONF=$(pwd)/openssl.cnf" >> $GITHUB_ENV
fi
./openssl list -providers
- name: Add Python to PATH
run: |
Expand Down Expand Up @@ -207,16 +210,19 @@ jobs:
ddev config set repo core
- name: Test
if: runner.os == 'Windows'
shell: powershell
working-directory: ./python_dir
run: |
$env:PATH_TO_OPENSSL_CONF = "$(pwd)\openssl.cnf"
$env:PATH_TO_OPENSSL_MODULES = "$(pwd)\ossl-modules"
$env:OPENSSL_CONF = "$(pwd)\openssl.cnf"
$env:OPENSSL_MODULES = "$(pwd)\ossl-modules"
.\python_dir\openssl.exe list -providers
.\python_dir\openssl.exe md5
ddev datadog_checks_base -m fips_off
ddev datadog_checks_base -m fips_on
python -c "import ssl; ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT).set_ciphers('MD5')"
which python
if [[ "$RUNNER_OS" == "Windows" ]]; then
echo "PATH_TO_OPENSSL_CONF=$(pwd)\openssl.cnf" >> $GITHUB_ENV
echo "PATH_TO_OPENSSL_MODULES=$(pwd)\ossl-modules" >> $GITHUB_ENV
echo "OPENSSL_CONF=$(pwd)\openssl.cnf" >> $GITHUB_ENV
echo "OPENSSL_MODULES=$(pwd)\ossl-modules" >> $GITHUB_ENV
else
echo "PATH_TO_OPENSSL_CONF=$(pwd)/openssl.cnf" >> $GITHUB_ENV
echo "PATH_TO_OPENSSL_MODULES=$(pwd)/ossl-modules" >> $GITHUB_ENV
echo "OPENSSL_CONF=$(pwd)/openssl.cnf" >> $GITHUB_ENV
echo "OPENSSL_MODULES=$(pwd)/ossl-modules" >> $GITHUB_ENV
fi
./openssl list -providers
ddev test datadog_checks_base -- -s -m fips_off
ddev test datadog_checks_base -- -s -m fips_on
4 changes: 4 additions & 0 deletions datadog_checks_base/tests/test_fips.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

import os
import pytest
import sys

from datadog_checks.base.utils.fips import enable_fips

Expand Down Expand Up @@ -49,6 +50,9 @@ def test_ssl_md5_after_fips(clean_environment):
"""
import ssl

print(f'\nPython Path: {sys.executable}')
print(f'\nEnv Vars: {os.environ}')

enable_fips(path_to_openssl_conf=PATH_TO_OPENSSL_CONF, path_to_openssl_modules=PATH_TO_OPENSSL_MODULES)
with pytest.raises(ssl.SSLError, match='No cipher can be selected.'):
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
Expand Down

0 comments on commit 70e2d7c

Please sign in to comment.