[rhcos-4.15] kola/tests: Add failing test for FIPS & LUKS

[openshift-cherrypick-robot]

This is an automated cherry-pick of #4181

/assign aaradhak

[openshift-ci]

Hi @openshift-cherrypick-robot. Thanks for your PR.

I'm waiting for a coreos member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[gemini-code-assist]

Code Review

This pull request adds a new test case to verify that cryptsetup fails with non-FIPS-compliant algorithms when FIPS mode is enabled. The overall approach and implementation are sound. I have a couple of suggestions to improve code readability and maintainability by refactoring two functions for conciseness and clarity.

[gemini-code-assist]

The fileContainsPattern function can be made more concise. The current comments are not very descriptive, and the logic can be simplified. A clearer function comment and a more direct implementation would improve readability.

// fileContainsPattern reads a file and reports whether it contains a match for a regex.
func fileContainsPattern(path string, searchPattern string) (bool, error) {
	file, err := os.ReadFile(path)
	if err != nil {
		return false, err
	}
	return regexp.MustCompile(searchPattern).Match(file), nil
}

[gemini-code-assist]

The error handling logic within this goroutine can be simplified. Using guard clauses with early returns for error conditions would make the code flatter and easier to follow, which is a common practice in Go for improving readability.

resultingError := inst.WaitAll(ctx)
		if resultingError == nil {
			errchan <- fmt.Errorf("ignition unexpectedly succeeded")
			return
		}
		if resultingError != platform.ErrInitramfsEmergency {
			errchan <- errors.Wrap(resultingError, "expected initramfs emergency.target error")
			return
		}

		// Expected initramfs failure, checking the console file to ensure
		// that it failed the expected way
		found, err := fileContainsPattern(builder.ConsoleFile, searchPattern)
		if err != nil {
			errchan <- errors.Wrapf(err, "looking for pattern '%s' in file '%s' failed", searchPattern, builder.ConsoleFile)
			return
		}
		if !found {
			errchan <- fmt.Errorf("pattern '%s' in file '%s' not found", searchPattern, builder.ConsoleFile)
			return
		}

		// The expected case
		errchan <- nil

[aaradhak]

/ok-to-test

[dustymabe]

/lgtm

[jlebon]

Hmm, Prow CI is failing on the new test. But because test result archiving is/was not setup properly, we don't actually have logs. Were you able to sanity-check that this new test passes locally against 4.15?

[mike-nguyen]

/retest

[openshift-ci]

@openshift-cherrypick-robot: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/rhcos	6157bac	link	true	/test rhcos

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[aaradhak]

I will test this locally and confirm