forked from sonic-net/sonic-utilities
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support to enable fips for the command sonic_installer (sonic-net#2154)
- Loading branch information
Showing
10 changed files
with
305 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
from unittest.mock import Mock, patch | ||
|
||
# Import test module | ||
import sonic_installer.bootloader.aboot as aboot | ||
import tempfile | ||
import shutil | ||
|
||
# Constants | ||
image_dir = f'{aboot.IMAGE_DIR_PREFIX}expeliarmus-{aboot.IMAGE_DIR_PREFIX}abcde' | ||
exp_image = f'{aboot.IMAGE_PREFIX}expeliarmus-{aboot.IMAGE_DIR_PREFIX}abcde' | ||
image_dirs = [image_dir] | ||
|
||
def test_set_fips_aboot(): | ||
image = 'test-image' | ||
dirpath = tempfile.mkdtemp() | ||
bootloader = aboot.AbootBootloader() | ||
bootloader.get_image_path = Mock(return_value=dirpath) | ||
|
||
# The the default setting | ||
bootloader._set_image_cmdline(image, 'test=1') | ||
assert not bootloader.get_fips(image) | ||
|
||
# Test fips enabled | ||
bootloader.set_fips(image, True) | ||
assert bootloader.get_fips(image) | ||
|
||
# Test fips disabled | ||
bootloader.set_fips(image, False) | ||
assert not bootloader.get_fips(image) | ||
|
||
# Cleanup | ||
shutil.rmtree(dirpath) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
import os | ||
import shutil | ||
from unittest.mock import Mock, patch | ||
|
||
# Import test module | ||
import sonic_installer.bootloader.grub as grub | ||
|
||
@patch("sonic_installer.bootloader.grub.HOST_PATH", os.path.join(os.path.dirname(os.path.abspath(__file__)), 'installer_bootloader_input/_tmp_host')) | ||
def test_set_fips_grub(): | ||
# Prepare the grub.cfg in the _tmp_host folder | ||
current_path = os.path.dirname(os.path.abspath(__file__)) | ||
grub_config = os.path.join(current_path, 'installer_bootloader_input/host/grub/grub.cfg') | ||
tmp_host_path = os.path.join(current_path, 'installer_bootloader_input/_tmp_host') | ||
tmp_grub_path = os.path.join(tmp_host_path, 'grub') | ||
tmp_grub_config = os.path.join(tmp_grub_path, 'grub.cfg') | ||
os.makedirs(tmp_grub_path, exist_ok=True) | ||
shutil.copy(grub_config, tmp_grub_path) | ||
|
||
image = 'SONiC-OS-internal-202205.57377412-84a9a7f11b' | ||
bootloader = grub.GrubBootloader() | ||
|
||
# The the default setting | ||
assert not bootloader.get_fips(image) | ||
|
||
# Test fips enabled | ||
bootloader.set_fips(image, True) | ||
assert bootloader.get_fips(image) | ||
|
||
# Test fips disabled | ||
bootloader.set_fips(image, False) | ||
assert not bootloader.get_fips(image) | ||
|
||
# Cleanup the _tmp_host folder | ||
shutil.rmtree(tmp_host_path) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
serial --port=0x3f8 --speed=9600 --word=8 --parity=no --stop=1 | ||
terminal_input console serial | ||
terminal_output console serial | ||
|
||
set timeout=5 | ||
|
||
if [ -s $prefix/grubenv ]; then | ||
load_env | ||
fi | ||
if [ "${saved_entry}" ]; then | ||
set default="${saved_entry}" | ||
fi | ||
if [ "${next_entry}" ]; then | ||
set default="${next_entry}" | ||
unset next_entry | ||
save_env next_entry | ||
fi | ||
if [ "${onie_entry}" ]; then | ||
set next_entry="${default}" | ||
set default="${onie_entry}" | ||
unset onie_entry | ||
save_env onie_entry next_entry | ||
fi | ||
|
||
menuentry 'SONiC-OS-internal-202205.57377412-84a9a7f11b' { | ||
search --no-floppy --label --set=root SONiC-OS | ||
echo 'Loading SONiC-OS OS kernel ...' | ||
insmod gzio | ||
if [ x = xxen ]; then insmod xzio; insmod lzopio; fi | ||
insmod part_msdos | ||
insmod ext2 | ||
linux /image-internal-202205.57377412-84a9a7f11b/boot/vmlinuz-5.10.0-12-2-amd64 root=UUID=df89970c-bf6d-40cf-80fc-a977c89054dd rw console=tty0 console=ttyS0,9600n8 quiet intel_idle.max_cstate=0 net.ifnames=0 biosdevname=0 loop=image-internal-202205.57377412-84a9a7f11b/fs.squashfs loopfstype=squashfs systemd.unified_cgroup_hierarchy=0 apparmor=1 security=apparmor varlog_size=4096 usbcore.autosuspend=-1 acpi_enforce_resources=lax acpi=noirq | ||
echo 'Loading SONiC-OS OS initial ramdisk ...' | ||
initrd /image-internal-202205.57377412-84a9a7f11b/boot/initrd.img-5.10.0-12-2-amd64 | ||
} | ||
menuentry 'SONiC-OS-master-11298.116581-1a4f95389' { | ||
search --no-floppy --label --set=root SONiC-OS | ||
echo 'Loading SONiC-OS OS kernel ...' | ||
insmod gzio | ||
if [ x = xxen ]; then insmod xzio; insmod lzopio; fi | ||
insmod part_msdos | ||
insmod ext2 | ||
linux /image-master-11298.116581-1a4f95389/boot/vmlinuz-5.10.0-12-2-amd64 root=UUID=df89970c-bf6d-40cf-80fc-a977c89054dd rw console=tty0 console=ttyS0,9600n8 quiet intel_idle.max_cstate=0 sonic_fips=1 net.ifnames=0 biosdevname=0 loop=image-master-11298.116581-1a4f95389/fs.squashfs loopfstype=squashfs systemd.unified_cgroup_hierarchy=0 apparmor=1 security=apparmor varlog_size=4096 usbcore.autosuspend=-1 acpi_enforce_resources=lax acpi=noirq | ||
echo 'Loading SONiC-OS OS initial ramdisk ...' | ||
initrd /image-master-11298.116581-1a4f95389/boot/initrd.img-5.10.0-12-2-amd64 | ||
} | ||
menuentry ONIE { | ||
search --no-floppy --label --set=root ONIE-BOOT | ||
echo 'Loading ONIE ...' | ||
chainloader +1 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
import os | ||
from unittest.mock import Mock, patch | ||
|
||
# Import test module | ||
import sonic_installer.bootloader.uboot as uboot | ||
|
||
class MockProc(): | ||
commandline = "linuxargs=" | ||
def communicate(): | ||
return commandline, None | ||
|
||
def mock_run_command(cmd): | ||
MockProc.commandline = cmd | ||
|
||
@patch("sonic_installer.bootloader.uboot.subprocess.Popen") | ||
@patch("sonic_installer.bootloader.uboot.run_command") | ||
def test_set_fips_uboot(run_command_patch, popen_patch): | ||
class MockProc(): | ||
commandline = "linuxargs" | ||
def communicate(self): | ||
return MockProc.commandline, None | ||
|
||
def mock_run_command(cmd): | ||
# Remove leading string "/usr/bin/fw_setenv linuxargs " -- the 29 characters | ||
MockProc.commandline = 'linuxargs=' + cmd[29:] | ||
|
||
run_command_patch.side_effect = mock_run_command | ||
popen_patch.return_value = MockProc() | ||
|
||
image = 'test-image' | ||
bootloader = uboot.UbootBootloader() | ||
|
||
# The the default setting | ||
assert not bootloader.get_fips(image) | ||
|
||
# Test fips enabled | ||
bootloader.set_fips(image, True) | ||
assert bootloader.get_fips(image) | ||
|
||
# Test fips disabled | ||
bootloader.set_fips(image, False) | ||
assert not bootloader.get_fips(image) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
import os | ||
from contextlib import contextmanager | ||
from sonic_installer.main import sonic_installer | ||
from click.testing import CliRunner | ||
from unittest.mock import patch, Mock, call | ||
|
||
@patch("sonic_installer.main.get_bootloader") | ||
def test_set_fips(get_bootloader): | ||
""" This test covers the execution of "sonic-installer set-fips/get-fips" command. """ | ||
|
||
image = "image_1" | ||
next_image = "image_2" | ||
|
||
# Setup bootloader mock | ||
mock_bootloader = Mock() | ||
mock_bootloader.get_next_image = Mock(return_value=next_image) | ||
mock_bootloader.get_installed_images = Mock(return_value=[image, next_image]) | ||
mock_bootloader.set_fips = Mock() | ||
mock_bootloader.get_fips = Mock(return_value=False) | ||
get_bootloader.return_value=mock_bootloader | ||
|
||
runner = CliRunner() | ||
|
||
# Test set-fips command options: --enable-fips/--disable-fips | ||
result = runner.invoke(sonic_installer.commands["set-fips"], [next_image, '--enable-fips']) | ||
assert 'Set FIPS' in result.output | ||
result = runner.invoke(sonic_installer.commands["set-fips"], ['--disable-fips']) | ||
assert 'Set FIPS' in result.output | ||
|
||
# Test command get-fips options | ||
result = runner.invoke(sonic_installer.commands["get-fips"]) | ||
assert "FIPS is disabled" in result.output | ||
mock_bootloader.get_fips = Mock(return_value=True) | ||
result = runner.invoke(sonic_installer.commands["get-fips"], [next_image]) | ||
assert "FIPS is enabled" in result.output |