Simplify workflow

DataDog · Jan 24, 2025 · f49963c · f49963c
1 parent 9f1ea21
commit f49963c
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 20 deletions.
diff --git a/.github/workflows/fips-test.yml b/.github/workflows/fips-test.yml
@@ -16,21 +16,14 @@ jobs:
     strategy:
       matrix:
         platform: [linux, windows]
-        agent-image: ["datadog/agent-dev:master-py3", "datadog/agent-dev:master-fips", "datadog/agent-dev:master-py3-win-servercore"]
-        cipher: ["ECDHE-RSA-AES128-SHA256", "ECDHE-RSA-CHACHA20-POLY1305"]
-        exclude:
-          - platform: windows
-            agent-image: "datadog/agent-dev:master-fips"
-          - platform: windows
-            agent-image: "datadog/agent-dev:master-py3"
-          - platform: linux
-            agent-image: "datadog/agent-dev:master-py3-win-servercore"
+        agent-type: [fips-agent, standard-agent]
     runs-on: ${{ matrix.platform == 'linux' && 'ubuntu-22.04' || 'windows-2022' }}
     name: "Test FIPS"
 
     env:
       FORCE_COLOR: "1"
       PYTHON_VERSION: "3.12"
+      AGENT_TYPE: "${{ matrix.agent-type }}"
 
     steps:
 
@@ -46,11 +39,21 @@ jobs:
       run: |
         pip install pytest
 
-    - name: Set up containers
+    - name: Set up Linux containers
+      if: matrix.platform == 'linux'
       env:
-        AGENT_IMAGE: "${{ matrix.agent-image }}"
-        SERVER_IMAGE: "${{ matrix.platform == 'linux' && 'alpine:3.14' || 'mcr.microsoft.com/windows/servercore:ltsc2022' }}"
-        CIPHER: "${{ matrix.cipher }}"
+        AGENT_IMAGE: "${{ matrix.agent-type == 'fips-agent' && 'datadog/agent-dev:master-fips' || 'datadog/agent-dev:master-py3' }}"
+        SERVER_IMAGE: 'alpine:3.14'
+        DD_API_KEY: ${{ secrets.DD_API_KEY }}
+      run: |
+        docker compose -f .github/workflows/fips/compose/docker-compose.yml up -d
+
+    - name: Set up Windows containers
+      if: matrix.platform == 'windows'
+      env:
+        AGENT_IMAGE: "${{ matrix.agent-type == 'fips-agent' && 'mcr.microsoft.com/windows/servercore:ltsc2022' || 'mcr.microsoft.com/windows/servercore:ltsc2012' }}"
+        SERVER_IMAGE: 'alpine:3.14'
+        DOCKER_DEFAULT_PLATFORM: linux/amd64
         DD_API_KEY: ${{ secrets.DD_API_KEY }}
       run: |
         docker compose -f .github/workflows/fips/compose/docker-compose.yml up -d

diff --git a/.github/workflows/fips/compose/agent/conf.d/connections.yaml b/.github/workflows/fips/compose/agent/conf.d/connections.yaml
@@ -1,5 +1,6 @@
 init_config:
 
 instances:
+  - http_endpoint: https://http-server-fips:443
   - http_endpoint: https://http-server:443
 
diff --git a/.github/workflows/fips/compose/docker-compose.yml b/.github/workflows/fips/compose/docker-compose.yml
@@ -18,14 +18,26 @@ services:
       interval: 5s
       timeout: 2s
       retries: 3
+  http-server-fips:
+    build:
+      context: server
+      dockerfile: Dockerfile
+      args:
+        - BASE_IMAGE=$SERVER_IMAGE
+    command: ["./start-server.sh", "ECDHE-RSA-AES128-SHA256"]
+    healthcheck:
+      test: "curl -f localhost:443"
+      start_period: 5s
+      interval: 10s
+      timeout: 5s
+      retries: 3
   http-server:
     build:
       context: server
       dockerfile: Dockerfile
       args:
         - BASE_IMAGE=$SERVER_IMAGE
-        - CIPHER=$CIPHER
-    command: ["./start-server.sh", $CIPHER]
+    command: ["./start-server.sh", "ECDHE-RSA-CHACHA20-POLY1305"]
     healthcheck:
       test: "curl -f localhost:443"
       start_period: 5s

diff --git a/.github/workflows/fips/tests/test_connections.py b/.github/workflows/fips/tests/test_connections.py
@@ -1,28 +1,45 @@
 import subprocess
 import json
+import pytest
+import os
 
+FIPS_AGENT = 1 if "fips" in os.getenv("AGENT_TYPE") else 0
 
 REGULAR_AGENT = {
     'http_status': 1,
-    'http_status_fips_server': 1,
+    'http_status_fips': 1,
 }
 FIPS_AGENT = {
     'http_status': 0,
-    'http_status_fips_server': 1,
+    'http_status_fips': 1,
 }
 
 
 def _parse_json(payload):
     """
     Convert agent check json to dict of metric_name: value.
     """
+    parsed_json = {}
+    for instance, suffix in zip(payload, ("", "_fips")):
+        submitted_metrics = instance['aggregator']['metrics']
+        for metric_json in submitted_metrics:
+            parsed_json[metric_json["metric"]+suffix] = int(metric_json["points"][-1][-1])
+        return parsed_json
 
 
+@pytest.skipif(FIPS_AGENT, reason="FIPS Agent enabled")
 def test_connections_regular_agent():
     result = subprocess.run(["docker", "exec", "compose-agent-1", "agent", "check", "connections", "--json"], check=True, capture_output=True)
     check_json = json.loads(result.stdout)
-    submitted_metrics = check_json[0]['aggregator']['metrics']
-    for metric_json in submitted_metrics:
-        assert metric_json["points"][-1][-1] == 0
+    parsed_json = _parse_json(check_json)
 
     assert parsed_json == REGULAR_AGENT
+
+
+@pytest.skipif(not FIPS_AGENT, reason="FIPS Agent not enabled")
+def test_connections_fips_agent():
+    result = subprocess.run(["docker", "exec", "compose-agent-1", "agent", "check", "connections", "--json"], check=True, capture_output=True)
+    check_json = json.loads(result.stdout)
+    parsed_json = _parse_json(check_json)
+
+    assert parsed_json == FIPS_AGENT