forked from elastic/fleet-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfips_test.go
89 lines (75 loc) · 2.48 KB
/
fips_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.
//go:build e2e && requirefips
package e2e
import (
"context"
"debug/buildinfo"
"fmt"
"os"
"os/exec"
"path/filepath"
"runtime"
"strings"
"testing"
"github.com/stretchr/testify/suite"
"github.com/elastic/fleet-server/testing/e2e/scaffold"
"github.com/elastic/fleet-server/v7/version"
)
type FIPSStandAlone struct {
scaffold.Scaffold
binaryPath string
}
func TestFIPSStandAlone(t *testing.T) {
suite.Run(t, new(FIPSStandAlone))
}
func (suite *FIPSStandAlone) SetupSuite() {
arch := runtime.GOARCH
if arch == "amd64" {
arch = "x86_64"
}
// NOTE the path checked is hardcoded to linux as we currently only support linux for FIPS builds
path, err := filepath.Abs(filepath.Join("..", "..", "build", "cover", fmt.Sprintf("fleet-server-fips-%s-SNAPSHOT-linux-%s", version.DefaultVersion, arch), binaryName))
suite.Require().NoError(err)
suite.binaryPath = path
_, err = os.Stat(suite.binaryPath)
suite.Require().NoError(err)
suite.Setup() // base setup
}
// TestVerifyArtifact verifies the artifact has FIPS indicators.
func (suite *FIPSStandAlone) TestVerifyArtifact() {
info, err := buildinfo.ReadFile(suite.binaryPath)
suite.Require().NoError(err)
checkLinks := false
foundTags := false
foundExperiment := false
for _, setting := range info.Settings {
switch setting.Key {
case "-tags":
foundTags = true
suite.Require().Contains(setting.Value, "requirefips")
continue
case "GOEXPERIMENT":
foundExperiment = true
suite.Require().Contains(setting.Value, "systemcrypto")
continue
case "-ldflags":
if !strings.Contains(setting.Value, "-s") {
checkLinks = true
continue
}
}
}
suite.Require().True(foundTags, "Did not find -tags within binary description")
suite.Require().True(foundExperiment, "Did not find GOEXPERIMENT within binary description")
if checkLinks {
suite.T().Log("checking artifact symbols")
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
cmd := exec.CommandContext(ctx, "go", "tool", "nm", suite.binaryPath) // TODO replace ctx with suite.T().Context() once we upgrade to go 1.24
output, err := cmd.CombinedOutput()
suite.Require().NoError(err)
suite.Require().Contains(string(output), "OpenSSL_version", "Unable to find OpenSSL symbol links within binary")
}
}