s2i-python-container icon indicating copy to clipboard operation
s2i-python-container copied to clipboard
verified publisher icon sclorg

Add test suite in case of FIPS is enabled

Open phracek opened this issue 6 months ago • 0 comments

It would be nice to test in upstream also python container in case of FIPS is enabled on host machine.

  • First of all the GitHub Action should be present in directory .github/workflows. The content should be similar like this https://github.com/sclorg/s2i-nodejs-container/blob/master/.github/workflows/container-fips-tests.yml
  • The second one are alone tests.
  1. In case of FIPS mode is disabled on host, then Python FIPS mode should not be execute at all or it should fail.
  2. In case of FIPS mode is enabled on host, then detection if FIPS mode from python point of view has to passed.

The detection of FIPS mode is present in this file /proc/sys/crypto/fips_enabled.

It would be nice to have two test cases.

  • check FIPS from ruby code like it is here: https://github.com/sclorg/s2i-nodejs-container/blob/master/test/test-lib-nodejs.sh#L485
  • check FIPS from python application point of view.

A similar pull request in s2i-nodejs-container is here: github.com/sclorg/s2i-nodejs-container/pull/493, where you can take inspiration.

phracek avatar Jul 02 '25 12:07 phracek