Skip to content

[rhcos-4.17] - Backport failing test for FIPS & LUKS#4259

Closed
aaradhak wants to merge 1 commit intocoreos:rhcos-4.17from
aaradhak:backport4.17
Closed

[rhcos-4.17] - Backport failing test for FIPS & LUKS#4259
aaradhak wants to merge 1 commit intocoreos:rhcos-4.17from
aaradhak:backport4.17

Conversation

@aaradhak
Copy link
Copy Markdown
Member

@aaradhak aaradhak commented Aug 13, 2025

Backporting #4181

gemini-code-assist[bot]
gemini-code-assist bot reviewed Aug 13, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds a new test to verify that cryptsetup lukscreate fails with FIPS-incompatible algorithms. The overall logic of the test is sound. I've made a couple of suggestions to improve code quality and robustness: one related to error handling to preserve stack traces for better debugging, and another to simplify a helper function and make it more robust against invalid inputs.

mantle/kola/tests/fips/failure.go
Comment on lines +98 to +100
if err := ignitionFailure(c); err != nil {
c.Fatal(err.Error())
}
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Calling err.Error() can discard useful information, such as a stack trace if the error was created with pkg/errors. It's better to pass the error object directly to c.Fatal() for better debugging.

Suggested change
if err := ignitionFailure(c); err != nil {
c.Fatal(err.Error())
}
if err := ignitionFailure(c); err != nil {
c.Fatal(err)
}

mantle/kola/tests/fips/failure.go
Comment on lines +103 to +119
// Read file and verify if it contains a pattern
// 1. Read file, make sure it exists
// 2. regex for pattern
func fileContainsPattern(path string, searchPattern string) (bool, error) {
file, err := os.ReadFile(path)
if err != nil {
return false, err
}
// File has content, but the pattern is not present
match := regexp.MustCompile(searchPattern).Match(file)
if match {
// Pattern found
return true, nil
}
// Pattern not found
return false, nil
}
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This function can be simplified. The comments are noisy and partially incorrect. Using regexp.MustCompile on a pattern passed as an argument is risky as it will panic on an invalid pattern. A better approach is to use a function like regexp.Match which returns an error on compilation failure, making the function more robust.

// fileContainsPattern reads a file and reports whether it contains a match for a regular expression.
func fileContainsPattern(path string, searchPattern string) (bool, error) {
	file, err := os.ReadFile(path)
	if err != nil {
		return false, err
	}
	return regexp.Match(searchPattern, file)
}

@aaradhak aaradhak closed this Aug 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aaradhak