kola/tests: Add failing test for FIPS & LUKS #4181
Conversation
|
Skipping CI for Draft Pull Request. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Code Review
This pull request adds a negative test case to ensure that LUKS setup with FIPS-incompatible algorithms fails correctly when FIPS mode is enabled. There are compilation errors due to undefined variables and mismatched function names. Renaming functions and extracting the Ignition config into a package-level variable will resolve these issues.
travier
force-pushed
the
main-fips-luks-argon2i
branch
3 times, most recently
from
3ae15d9 to
58b2d02
Compare
|
Looks like the test waits until the timeout if it does not fail, so maybe I should add a "poweroff" command to execute in the host to the test to make it fail quicker? |
There was a problem hiding this comment.
Nice, thanks for doing this!
Looks like the test waits until the timeout if it does not fail, so maybe I should add a "poweroff" command to execute in the host to the test to make it fail quicker?
Honestly also fine if it only delays in the failure case. OTOH, it's not hard either so up to you.
travier
force-pushed
the
main-fips-luks-argon2i
branch
from
58b2d02 to
0c01d09
Compare
https://github.com/coreos/coreos-assembler/pull/4181/files#r2190605106
|
travier
force-pushed
the
main-fips-luks-argon2i
branch
from
0c01d09 to
9d569b8
Compare
Ensure that setting up a LUKS device with FIPS incompatible algorithms will fail when FIPS mode is enabled. Only run this on QEMU as it should behave the same way on all platforms.
travier
force-pushed
the
main-fips-luks-argon2i
branch
from
9d569b8 to
f38ba6e
Compare
|
Should be good now. |
Ensure that setting up a LUKS device with FIPS incompatible algorithms will fail when FIPS mode is enabled.