Skip to content

Commit

Permalink
PYTHON-4509 Update to FIPS host with Python 3.8 binary (mongodb#1688)
Browse files Browse the repository at this point in the history
(cherry picked from commit d4b4b74)
  • Loading branch information
blink1073 committed Jun 17, 2024
1 parent 5d8b433 commit 8bb2852
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 5 deletions.
10 changes: 5 additions & 5 deletions .evergreen/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -962,7 +962,7 @@ task_groups:
- ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/delete-vm.sh
- func: "upload test results"
setup_group_can_fail_task: true
teardown_group_can_fail_task: true
teardown_task_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- testazurekms-task
Expand Down Expand Up @@ -2220,9 +2220,9 @@ axes:
display_name: "RHEL 8.x"
run_on: rhel87-small
batchtime: 10080 # 7 days
- id: rhel80-fips
display_name: "RHEL 8.0 FIPS"
run_on: rhel80-fips
- id: rhel92-fips
display_name: "RHEL 9.2 FIPS"
run_on: rhel92-fips
batchtime: 10080 # 7 days
- id: ubuntu-22.04
display_name: "Ubuntu 22.04"
Expand Down Expand Up @@ -2596,7 +2596,7 @@ buildvariants:
- matrix_name: "tests-fips"
matrix_spec:
platform:
- rhel80-fips
- rhel92-fips
auth: "auth"
ssl: "ssl"
display_name: "${platform} ${auth} ${ssl}"
Expand Down
18 changes: 18 additions & 0 deletions test/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,7 @@ def __init__(self):
self.is_data_lake = False
self.load_balancer = TEST_LOADBALANCER
self.serverless = TEST_SERVERLESS
self._fips_enabled = None
if self.load_balancer or self.serverless:
self.default_client_options["loadBalanced"] = True
if COMPRESSORS:
Expand Down Expand Up @@ -523,6 +524,17 @@ def storage_engine(self):
# Raised if self.server_status is None.
return None

@property
def fips_enabled(self):
if self._fips_enabled is not None:
return self._fips_enabled
try:
subprocess.check_call(["fips-mode-setup", "--is-enabled"])
self._fips_enabled = True
except (subprocess.SubprocessError, FileNotFoundError):
self._fips_enabled = False
return self._fips_enabled

def check_auth_type(self, auth_type):
auth_mechs = self.server_parameters.get("authenticationMechanisms", [])
return auth_type in auth_mechs
Expand Down Expand Up @@ -670,6 +682,12 @@ def require_auth(self, func):
lambda: self.auth_enabled, "Authentication is not enabled on the server", func=func
)

def require_no_fips(self, func):
"""Run a test only if the host does not have FIPS enabled."""
return self._require(
lambda: not self.fips_enabled, "Test cannot run on a FIPS-enabled host", func=func
)

def require_no_auth(self, func):
"""Run a test only if the server is running without auth enabled."""
return self._require(
Expand Down
2 changes: 2 additions & 0 deletions test/test_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -343,6 +343,7 @@ def tearDown(self):
client_context.drop_user("pymongo_test", "user")
super().tearDown()

@client_context.require_no_fips
def test_scram_sha1(self):
host, port = client_context.host, client_context.port

Expand Down Expand Up @@ -404,6 +405,7 @@ def test_scram_skip_empty_exchange(self):
else:
self.assertEqual(started, ["saslStart", "saslContinue", "saslContinue"])

@client_context.require_no_fips
def test_scram(self):
# Step 1: create users
client_context.create_user(
Expand Down
2 changes: 2 additions & 0 deletions test/test_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -1016,6 +1016,7 @@ def test_bad_uri(self):
MongoClient("http://localhost")

@client_context.require_auth
@client_context.require_no_fips
def test_auth_from_uri(self):
host, port = client_context.host, client_context.port
client_context.create_user("admin", "admin", "pass")
Expand Down Expand Up @@ -1072,6 +1073,7 @@ def test_username_and_password(self):
rs_or_single_client_noauth(username="ad min", password="foo").server_info()

@client_context.require_auth
@client_context.require_no_fips
def test_lazy_auth_raises_operation_failure(self):
lazy_client = rs_or_single_client_noauth(
f"mongodb://user:wrong@{client_context.host}/pymongo_test", connect=False
Expand Down
1 change: 1 addition & 0 deletions test/test_connection_monitoring.py
Original file line number Diff line number Diff line change
Expand Up @@ -400,6 +400,7 @@ def mock_connect(*args, **kwargs):
failed_event = listener.events[3]
self.assertEqual(failed_event.reason, ConnectionCheckOutFailedReason.CONN_ERROR)

@client_context.require_no_fips
def test_5_check_out_fails_auth_error(self):
listener = CMAPListener()
client = single_client_noauth(
Expand Down
1 change: 1 addition & 0 deletions test/test_database.py
Original file line number Diff line number Diff line change
Expand Up @@ -431,6 +431,7 @@ def test_cursor_command(self):
def test_cursor_command_invalid(self):
self.assertRaises(InvalidOperation, self.db.cursor_command, "usersInfo", "test")

@client_context.require_no_fips
def test_password_digest(self):
self.assertRaises(TypeError, auth._password_digest, 5)
self.assertRaises(TypeError, auth._password_digest, True)
Expand Down

0 comments on commit 8bb2852

Please sign in to comment.