From 70e2d7cc61aff1b3cf2b2c1bd21ea7bf9721fa7c Mon Sep 17 00:00:00 2001 From: David Kirov Date: Mon, 23 Dec 2024 18:50:37 +0200 Subject: [PATCH] Experiment with changes --- .github/workflows/experimental.yml | 44 +++++++++++++++----------- datadog_checks_base/tests/test_fips.py | 4 +++ 2 files changed, 29 insertions(+), 19 deletions(-) diff --git a/.github/workflows/experimental.yml b/.github/workflows/experimental.yml index b5bd0ed0b81ca..0bd67f1b03c09 100644 --- a/.github/workflows/experimental.yml +++ b/.github/workflows/experimental.yml @@ -155,19 +155,22 @@ jobs: - name: Verify OpenSSL if: runner.os == 'Windows' working-directory: .\python_dir - shell: powershell run: | - .\openssl.exe version -a - .\openssl.exe list -providers + ./openssl version -a + ./openssl list -providers - name: Verify OpenSSL with FIPS ENV vars if: runner.os == 'Windows' working-directory: .\python_dir - shell: powershell run: | - $env:OPENSSL_MODULES = ".\ossl-modules" - $env:OPENSSL_CONF = ".\openssl.cnf" - .\openssl.exe list -providers + if [[ "$RUNNER_OS" == "Windows" ]]; then + echo "OPENSSL_MODULES=$(pwd)\ossl-modules" >> $GITHUB_ENV + echo "OPENSSL_CONF=$(pwd)\openssl.cnf" >> $GITHUB_ENV + else + echo "OPENSSL_MODULES=$(pwd)/ossl-modules" >> $GITHUB_ENV + echo "OPENSSL_CONF=$(pwd)/openssl.cnf" >> $GITHUB_ENV + fi + ./openssl list -providers - name: Add Python to PATH run: | @@ -207,16 +210,19 @@ jobs: ddev config set repo core - name: Test - if: runner.os == 'Windows' - shell: powershell + working-directory: ./python_dir run: | - $env:PATH_TO_OPENSSL_CONF = "$(pwd)\openssl.cnf" - $env:PATH_TO_OPENSSL_MODULES = "$(pwd)\ossl-modules" - $env:OPENSSL_CONF = "$(pwd)\openssl.cnf" - $env:OPENSSL_MODULES = "$(pwd)\ossl-modules" - .\python_dir\openssl.exe list -providers - .\python_dir\openssl.exe md5 - ddev datadog_checks_base -m fips_off - ddev datadog_checks_base -m fips_on - python -c "import ssl; ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT).set_ciphers('MD5')" - which python + if [[ "$RUNNER_OS" == "Windows" ]]; then + echo "PATH_TO_OPENSSL_CONF=$(pwd)\openssl.cnf" >> $GITHUB_ENV + echo "PATH_TO_OPENSSL_MODULES=$(pwd)\ossl-modules" >> $GITHUB_ENV + echo "OPENSSL_CONF=$(pwd)\openssl.cnf" >> $GITHUB_ENV + echo "OPENSSL_MODULES=$(pwd)\ossl-modules" >> $GITHUB_ENV + else + echo "PATH_TO_OPENSSL_CONF=$(pwd)/openssl.cnf" >> $GITHUB_ENV + echo "PATH_TO_OPENSSL_MODULES=$(pwd)/ossl-modules" >> $GITHUB_ENV + echo "OPENSSL_CONF=$(pwd)/openssl.cnf" >> $GITHUB_ENV + echo "OPENSSL_MODULES=$(pwd)/ossl-modules" >> $GITHUB_ENV + fi + ./openssl list -providers + ddev test datadog_checks_base -- -s -m fips_off + ddev test datadog_checks_base -- -s -m fips_on diff --git a/datadog_checks_base/tests/test_fips.py b/datadog_checks_base/tests/test_fips.py index 426e5e0861265..2aaa516178965 100644 --- a/datadog_checks_base/tests/test_fips.py +++ b/datadog_checks_base/tests/test_fips.py @@ -5,6 +5,7 @@ import os import pytest +import sys from datadog_checks.base.utils.fips import enable_fips @@ -49,6 +50,9 @@ def test_ssl_md5_after_fips(clean_environment): """ import ssl + print(f'\nPython Path: {sys.executable}') + print(f'\nEnv Vars: {os.environ}') + enable_fips(path_to_openssl_conf=PATH_TO_OPENSSL_CONF, path_to_openssl_modules=PATH_TO_OPENSSL_MODULES) with pytest.raises(ssl.SSLError, match='No cipher can be selected.'): ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)