From f7ddb36655ecbfeb114eb6a3c85e184ab488ce32 Mon Sep 17 00:00:00 2001
From: lcheng <lcheng@redhat.com>
Date: Fri, 31 May 2024 09:50:24 +0800
Subject: [PATCH] graphics: Add two cases about disable fips

XXX-103778 - [vnc] Start guest with fips disabled and with vnc password
XXX-103777 - [vnc] Start guest with fips disabled and without vnc password

Signed-off-by: lcheng <lcheng@redhat.com>
---
 .../cfg/graphics/graphics_functional.cfg      | 10 ++++++++++
 .../tests/src/graphics/graphics_functional.py | 19 ++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/libvirt/tests/cfg/graphics/graphics_functional.cfg b/libvirt/tests/cfg/graphics/graphics_functional.cfg
index 628ac0b47f..7aa777a274 100644
--- a/libvirt/tests/cfg/graphics/graphics_functional.cfg
+++ b/libvirt/tests/cfg/graphics/graphics_functional.cfg
@@ -339,6 +339,16 @@
                                     valid_time = 60
                                     opt_str = " --gtk-vnc-debug"
                                     rv_log_auth = "Authentication failed"
+                        - disable_fips:
+                            vnc_autoport = "yes"
+                            check_fips = "yes"
+                            check_qemu_pattern = "-enable-fips"
+                            expect_exist = False
+                            variants:
+                                - without_passwd:
+                                - with_passwd:
+                                    graphic_passwd = "PASSWORD.EXAMPLE"
+                                    vnc_passwd_place = "guest"
                 - spice_vnc:
                     spice_xml = yes
                     vnc_xml = yes
diff --git a/libvirt/tests/src/graphics/graphics_functional.py b/libvirt/tests/src/graphics/graphics_functional.py
index 5116828340..84be3f1c83 100644
--- a/libvirt/tests/src/graphics/graphics_functional.py
+++ b/libvirt/tests/src/graphics/graphics_functional.py
@@ -989,10 +989,11 @@ def check_qemu_command_line(params):
     :param params: dict for parameters
     """
     check_qemu_pattern = params.get('check_qemu_pattern')
+    expect_exist = eval(params.get('expect_exist', 'True'))
     if check_qemu_pattern:
         logging.debug("Checking qemu command line with "
                       "pattern:%s", check_qemu_pattern)
-        libvirt.check_qemu_cmd_line(check_qemu_pattern)
+        libvirt.check_qemu_cmd_line(check_qemu_pattern, expect_exist=expect_exist)
 
 
 def handle_auto_filled_items(given_graphic_attrs, vm, params):
@@ -1590,6 +1591,17 @@ def cleanup(params):
     libvirtd.restart()
 
 
+def is_enable_fips():
+    """
+    Check FIPS status
+
+    :param return: True or False, True for enable FIPS
+    """
+    cmd = "cat /proc/sys/crypto/fips_enabled"
+    ret = process.run(cmd, shell=True)
+    return True if ret.stdout_text.strip() else False
+
+
 def run(test, params, env):
     """
     Test of libvirt SPICE related features.
@@ -1647,6 +1659,11 @@ def run(test, params, env):
     insecure_channels = params.get("insecure_channels", "not_set")
     autoport = params.get("spice_autoport", "yes")
     spice_tls = params.get("spice_tls", "not_set")
+    check_fips = params.get("check_fips", "no") == 'yes'
+
+    if check_fips:
+        if not is_enable_fips():
+            test.cancel("This test need to disable FIPS.")
 
     sockets = block_ports(params)
     networks = setup_networks(params, test)