diff options
| author | Tim Smith <tsmith84@gmail.com> | 2020-08-07 15:43:45 -0700 |
|---|---|---|
| committer | Tim Smith <tsmith84@gmail.com> | 2020-08-07 15:43:45 -0700 |
| commit | ab6180be02712512a3a8309e75424dc56520b936 (patch) | |
| tree | 6bc2b8959e22f82cfc230dfda3729f74bf7f89a1 | |
| parent | d3a85588a81c0384039d09376adfadc2977de74f (diff) | |
| download | ohai-fix_fips.tar.gz | |
Simplify FIPS plugin and use system fips statusfix_fips
Don't rely on fips being enabled by chef-config. Pull the system status instead.
Signed-off-by: Tim Smith <tsmith@chef.io>
| -rw-r--r-- | lib/ohai/plugins/fips.rb | 6 | ||||
| -rw-r--r-- | spec/unit/plugins/fips_spec.rb | 29 |
2 files changed, 9 insertions, 26 deletions
diff --git a/lib/ohai/plugins/fips.rb b/lib/ohai/plugins/fips.rb index 4c63be88..ae42f4e6 100644 --- a/lib/ohai/plugins/fips.rb +++ b/lib/ohai/plugins/fips.rb @@ -29,10 +29,6 @@ Ohai.plugin(:Fips) do fips Mash.new require "openssl" unless defined?(OpenSSL) - if defined?(OpenSSL.fips_mode) && OpenSSL.fips_mode && !$FIPS_TEST_MODE - fips["kernel"] = { "enabled" => true } - else - fips["kernel"] = { "enabled" => false } - end + fips["kernel"] = { "enabled" => OpenSSL::OPENSSL_FIPS } end end diff --git a/spec/unit/plugins/fips_spec.rb b/spec/unit/plugins/fips_spec.rb index c91ef5b2..ff9aa75d 100644 --- a/spec/unit/plugins/fips_spec.rb +++ b/spec/unit/plugins/fips_spec.rb @@ -25,36 +25,23 @@ describe Ohai::System, "plugin fips" do plugin["fips"]["kernel"]["enabled"] end - let(:enabled) { 0 } let(:plugin) { get_plugin("fips") } - let(:openssl_test_mode) { false } before do allow(plugin).to receive(:collect_os).and_return(:linux) end - around do |ex| - - $FIPS_TEST_MODE = openssl_test_mode - ex.run - ensure - $FIPS_TEST_MODE = false - - end - - context "with OpenSSL.fips_mode == false" do - before { allow(OpenSSL).to receive(:fips_mode).and_return(false) } - - it "does not set fips plugin" do - expect(subject).to be(false) + context "when OpenSSL reports FIPS mode true" do + it "sets fips enabled true" do + stub_const("OpenSSL::OPENSSL_FIPS", true) + expect(subject).to be(true) end end - context "with OpenSSL.fips_mode == true" do - before { allow(OpenSSL).to receive(:fips_mode).and_return(true) } - - it "sets fips plugin" do - expect(subject).to be(true) + context "when OpenSSL reports FIPS mode false" do + it "sets fips enabled false" do + stub_const("OpenSSL::OPENSSL_FIPS", false) + expect(subject).to be(false) end end end |