diff options
author | Tim Smith <tsmith@chef.io> | 2018-11-24 14:17:42 -0800 |
---|---|---|
committer | Tim Smith <tsmith@chef.io> | 2018-11-24 14:18:50 -0800 |
commit | 816808092a73bae10743e5dedb588ced1c5ea4b7 (patch) | |
tree | ca5782f745c79c66d114a025397136ea061ac9bf | |
parent | 534b36d51ef9b48dac7fae6dd563e3e41d0f85f5 (diff) | |
download | ohai-816808092a73bae10743e5dedb588ced1c5ea4b7.tar.gz |
Remove the Ruby < 2.5 logic from the FIPS plugins
So much to delete here.
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | lib/ohai/plugins/windows/fips.rb | 23 | ||||
-rw-r--r-- | spec/unit/plugins/linux/fips_spec.rb | 48 | ||||
-rw-r--r-- | spec/unit/plugins/windows/fips_spec.rb | 79 |
3 files changed, 20 insertions, 130 deletions
diff --git a/lib/ohai/plugins/windows/fips.rb b/lib/ohai/plugins/windows/fips.rb index 56e5cdc7..085c7f2c 100644 --- a/lib/ohai/plugins/windows/fips.rb +++ b/lib/ohai/plugins/windows/fips.rb @@ -1,6 +1,6 @@ # # Author:: Matt Wrock (<matt@mattwrock.com>) -# Copyright:: Copyright (c) 2016 Chef Software, Inc. +# Copyright:: Copyright (c) 2016-2018 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -28,30 +28,11 @@ Ohai.plugin(:Fips) do collect_data(:windows) do fips Mash.new - # Check for new fips_mode method added in Ruby 2.5. After we drop support - # for Ruby 2.4, clean up everything after this and collapse the FIPS plugins. require "openssl" if defined?(OpenSSL.fips_mode) && OpenSSL.fips_mode && !$FIPS_TEST_MODE fips["kernel"] = { "enabled" => true } else - require "win32/registry" - # from http://msdn.microsoft.com/en-us/library/windows/desktop/aa384129(v=vs.85).aspx - if ::RbConfig::CONFIG["target_cpu"] == "i386" - reg_type = Win32::Registry::KEY_READ | 0x100 - elsif ::RbConfig::CONFIG["target_cpu"] == "x86_64" - reg_type = Win32::Registry::KEY_READ | 0x200 - else - reg_type = Win32::Registry::KEY_READ - end - - begin - Win32::Registry::HKEY_LOCAL_MACHINE.open('System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy', reg_type) do |policy| - enabled = policy["Enabled"] - fips["kernel"] = { "enabled" => enabled == 0 ? false : true } - end - rescue Win32::Registry::Error - fips["kernel"] = { "enabled" => false } - end + fips["kernel"] = { "enabled" => false } end end end diff --git a/spec/unit/plugins/linux/fips_spec.rb b/spec/unit/plugins/linux/fips_spec.rb index 43179b1c..dc4e1fe6 100644 --- a/spec/unit/plugins/linux/fips_spec.rb +++ b/spec/unit/plugins/linux/fips_spec.rb @@ -1,6 +1,6 @@ # # Author:: Matt Wrock (<matt@mattwrock.com>) -# Copyright:: Copyright (c) 2016 Chef Software, Inc. +# Copyright:: Copyright (c) 2016-2018 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,8 +22,7 @@ require "openssl" describe Ohai::System, "plugin fips" do let(:enabled) { "0" } let(:plugin) { get_plugin("linux/fips") } - let(:fips_path) { "/proc/sys/crypto/fips_enabled" } - let(:openssl_test_mode) { true } + let(:openssl_test_mode) { false } subject do plugin.run @@ -32,7 +31,6 @@ describe Ohai::System, "plugin fips" do before(:each) do allow(plugin).to receive(:collect_os).and_return(:linux) - allow(::File).to receive(:read).with(fips_path).and_return(enabled) end around do |ex| @@ -44,47 +42,17 @@ describe Ohai::System, "plugin fips" do end - context "fips file is present and contains 1" do - let(:enabled) { "1" } - - it "sets fips plugin" do - expect(subject).to be(true) - end - end - - context "fips file does not contain 1" do - let(:enabled) { "0" } - + context "with OpenSSL.fips_mode == false" do + before { allow(OpenSSL).to receive(:fips_mode).and_return(false) } it "does not set fips plugin" do expect(subject).to be(false) end end - context "fips file is not present" do - before do - allow(::File).to receive(:read).and_raise(Errno::ENOENT, "bibbleboop") - end - - it "does not set fips plugin" do - expect(subject).to be(false) - end - end - - context "with Ruby 2.5 or newer", if: defined?(OpenSSL.fips_mode) do - let(:openssl_test_mode) { false } - - context "with OpenSSL.fips_mode == false" do - before { allow(OpenSSL).to receive(:fips_mode).and_return(false) } - it "does not set fips plugin" do - expect(subject).to be(false) - end - end - - context "with OpenSSL.fips_mode == true" do - before { allow(OpenSSL).to receive(:fips_mode).and_return(true) } - it "sets fips plugin" do - expect(subject).to be(true) - end + context "with OpenSSL.fips_mode == true" do + before { allow(OpenSSL).to receive(:fips_mode).and_return(true) } + it "sets fips plugin" do + expect(subject).to be(true) end end end diff --git a/spec/unit/plugins/windows/fips_spec.rb b/spec/unit/plugins/windows/fips_spec.rb index 88983cc8..4696ea60 100644 --- a/spec/unit/plugins/windows/fips_spec.rb +++ b/spec/unit/plugins/windows/fips_spec.rb @@ -1,6 +1,6 @@ # # Author:: Matt Wrock (<matt@mattwrock.com>) -# Copyright:: Copyright (c) 2016 Chef Software, Inc. +# Copyright:: Copyright (c) 2016-2018 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,9 +22,7 @@ require "openssl" describe Ohai::System, "plugin fips", :windows_only do let(:enabled) { 0 } let(:plugin) { get_plugin("windows/fips") } - let(:fips_key) { 'System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy' } - let(:win_reg_entry) { { "Enabled" => enabled } } - let(:openssl_test_mode) { true } + let(:openssl_test_mode) { false } subject do plugin.run @@ -33,7 +31,6 @@ describe Ohai::System, "plugin fips", :windows_only do before(:each) do allow(plugin).to receive(:collect_os).and_return(:windows) - allow(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open).with(fips_key, arch).and_yield(win_reg_entry) end around do |ex| @@ -45,73 +42,17 @@ describe Ohai::System, "plugin fips", :windows_only do end - shared_examples "fips_plugin" do - context "fips enabled key is set to 1" do - let(:enabled) { 1 } - - it "sets fips plugin" do - expect(subject).to be(true) - end - end - - context "fips enabled key is set to 0" do - let(:enabled) { 0 } - - it "does not set fips plugin" do - expect(subject).to be(false) - end + context "with OpenSSL.fips_mode == false" do + before { allow(OpenSSL).to receive(:fips_mode).and_return(false) } + it "does not set fips plugin" do + expect(subject).to be(false) end - - context "fips key does not exist" do - before do - allow(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open).and_raise(Win32::Registry::Error, 50) - end - - it "does not set fips plugin" do - expect(subject).to be(false) - end - end - end - - context "on 32 bit ruby" do - let(:arch) { Win32::Registry::KEY_READ | 0x100 } - - before { stub_const("::RbConfig::CONFIG", { "target_cpu" => "i386" } ) } - - it_behaves_like "fips_plugin" end - context "on 64 bit ruby" do - let(:arch) { Win32::Registry::KEY_READ | 0x200 } - - before { stub_const("::RbConfig::CONFIG", { "target_cpu" => "x86_64" } ) } - - it_behaves_like "fips_plugin" - end - - context "on unknown ruby" do - let(:arch) { Win32::Registry::KEY_READ } - - before { stub_const("::RbConfig::CONFIG", { "target_cpu" => nil } ) } - - it_behaves_like "fips_plugin" - end - - context "with Ruby 2.5 or newer", if: defined?(OpenSSL.fips_mode) do - let(:openssl_test_mode) { false } - - context "with OpenSSL.fips_mode == false" do - before { allow(OpenSSL).to receive(:fips_mode).and_return(false) } - it "does not set fips plugin" do - expect(subject).to be(false) - end - end - - context "with OpenSSL.fips_mode == true" do - before { allow(OpenSSL).to receive(:fips_mode).and_return(true) } - it "sets fips plugin" do - expect(subject).to be(true) - end + context "with OpenSSL.fips_mode == true" do + before { allow(OpenSSL).to receive(:fips_mode).and_return(true) } + it "sets fips plugin" do + expect(subject).to be(true) end end end |