Fix FIPS mode. Move the functionality to test-fips directory

as test.js file

Signed-off-by: Petr "Stone" Hracek <[email protected]>

Author: phracek

test/test-fips/test.js

@@ -0,0 +1,3 @@
+const crypto = require('crypto');
+
+process.exit(crypto.getFips());

test/test-lib-nodejs.sh

@@ -495,12 +495,12 @@ function test_nodejs_fips_mode() {
   if [[ "$is_fips_enabled" == "0" ]]; then
     # FIPS disabled -- crypto.getFips() should return 0
     echo "Fips should be disabled"
-    docker run --rm ${IMAGE_NAME}-testfips /bin/bash -c "node -e 'const crypto = require(\"crypto\"); process.exit(crypto.getFips());'"
+    docker run --rm ${IMAGE_NAME}-testfips /bin/bash -c "node test.js"
     ct_check_testcase_result "$?"
   else
     # FIPS enabled -- crypto.getFips() should return 1
     echo "Fips should be enabled"
-    docker run --rm ${IMAGE_NAME}-testfips /bin/bash -c "! node -e 'const crypto = require(\"crypto\"); process.exit(crypto.getFips());'"
+    docker run --rm ${IMAGE_NAME}-testfips /bin/bash -c "! node test.js"
     ct_check_testcase_result "$?"
   fi
 }

test/test_container_basics.py

@@ -1,9 +1,28 @@
+from doctest import debug
+
 import pytest
 
+from pathlib import Path
+
 from container_ci_suite.container_lib import ContainerTestLib, PodmanCLIWrapper
+from container_ci_suite.utils import get_file_content
 
 from conftest import VARS
 
+test_fips = VARS.TEST_DIR / "test-fips"
+
+
+def build_s2i_app(app_path: Path) -> ContainerTestLib:
+    container_lib = ContainerTestLib(VARS.IMAGE_NAME)
+    app_name = app_path.name
+    s2i_app = container_lib.build_as_df(
+        app_path=app_path,
+        s2i_args=f"--pull-policy=never {container_lib.build_s2i_npm_variables()}",
+        src_image=VARS.IMAGE_NAME,
+        dst_image=f"{VARS.IMAGE_NAME}-{app_name}"
+    )
+    return s2i_app
+
 
 class TestNodeJSAppContainer:
 
@@ -55,3 +74,45 @@ def test_dockerfiles(self, dockerfile):
             url=cip,
             expected_output="Node.js Crud Application"
         )
+
+
+class TestNodeJSFipsContainer:
+    def setup_method(self):
+        self.s2i_fips = build_s2i_app(test_fips)
+
+    def teardown_method(self):
+        self.s2i_fips.cleanup()
+
+    def test_nodejs_fips_mode(self):
+        if VARS.OS == "rhel8":
+            pytest.skip("Do not execute on RHEL8")
+        is_fips_enabled = 0
+        fips_enabled_file = Path("/proc/sys/crypto/fips_enabled")
+        if fips_enabled_file.exists():
+            is_fips_enabled = int(get_file_content(fips_enabled_file))
+        if is_fips_enabled == 1:
+            fips_result = PodmanCLIWrapper.podman_run_command_and_remove(
+                cid_file_name=f"{VARS.IMAGE_NAME}-{self.s2i_fips.app_name}",
+                cmd="node test.js",
+                return_output=False,
+            )
+            assert fips_result == 1
+        else:
+            fips_mode = PodmanCLIWrapper.podman_run_command_and_remove(
+                cid_file_name=f"{VARS.IMAGE_NAME}-{self.s2i_fips.app_name}",
+                cmd="node test.js",
+                return_output=False,
+            )
+            assert fips_mode == 0
+
+    def test_run_fips_app_application(self):
+        is_fips_enabled = 0
+        fips_enabled_file = Path("/proc/sys/crypto/fips_enabled")
+        if fips_enabled_file.exists():
+            is_fips_enabled = int(get_file_content(fips_enabled_file))
+        if is_fips_enabled == 1:
+            assert self.s2i_fips.create_container(
+                cid_file_name=self.s2i_fips.app_name,
+                container_args="--user 100001"
+            )
+            assert self.s2i_fips.get_cid(cid_file_name=self.s2i_fips.app_name)