Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Azure tests in FIPS mode again #111611

Merged
merged 3 commits into from
Aug 6, 2024
Merged

Fix Azure tests in FIPS mode again #111611

merged 3 commits into from
Aug 6, 2024

Conversation

DaveCTurner
Copy link
Contributor

Closes #111345
Closes #111607
Closes #111608

@DaveCTurner DaveCTurner added >test Issues or PRs that are addressing/adding tests :Distributed Coordination/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs v8.16.0 labels Aug 5, 2024
@DaveCTurner DaveCTurner requested a review from ywangd August 5, 2024 21:09
@DaveCTurner DaveCTurner requested a review from a team as a code owner August 5, 2024 21:09
@elasticsearchmachine elasticsearchmachine added the Team:Distributed Meta label for distributed team (obsolete) label Aug 5, 2024
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-distributed (Team:Distributed)

ywangd
ywangd approved these changes Aug 6, 2024
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Btw, you can tag a PR with :Security/FIPS to get FIPS CI running for it when necessary. Not really useful for this one since it is disabling them.

modules/repository-azure/build.gradle
Comment on lines +330 to +334
if (BuildParams.inFipsJvm) {
// Cannot override the trust store in FIPS mode, and these tasks require a HTTPS fixture
tasks.named("managedIdentityYamlRestTest").configure { enabled = false }
tasks.named("workloadIdentityYamlRestTest").configure { enabled = false }
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we disable these tests globally, I think we should remove the ESTestCase.inFipsJvm() in RepositoryAzureClientYamlTestSuiteIT and AzureSnapshotRepoTestKitIT? IIUC, we will always use HTTPS fixture when fixture is in use? If so, might also make sense to merge USE_FIXTURE and USE_HTTPS_FIXTURE into one. Can be a follow-up if you prefer.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We run the regular yamlRestTest variants of RepositoryAzureClientYamlTestSuiteIT and AzureSnapshotRepoTestKitIT in FIPS mode too, and we want to use the HTTP fixture in those cases.

@DaveCTurner DaveCTurner added the :Security/FIPS Running ES in FIPS 140-2 mode label Aug 6, 2024
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Aug 6, 2024
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@DaveCTurner DaveCTurner added the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Aug 6, 2024
@DaveCTurner
Copy link
Contributor Author

you can tag a PR with :Security/FIPS to get FIPS CI running for it

TIL, thanks. I was wondering why we didn't have a label for triggering these CI jobs.

@elasticsearchmachine elasticsearchmachine merged commit 7ed83fd into elastic:main Aug 6, 2024
20 checks passed
@DaveCTurner DaveCTurner deleted the 2024/08/05/more-azure-fips-fixes branch August 6, 2024 11:33
mhl-b pushed a commit that referenced this pull request Aug 8, 2024
@DaveCTurner @mhl-b
Fix Azure tests in FIPS mode again (#111611)
50036bc 
Closes #111345 Closes #111607 Closes #111608
cbuescher pushed a commit to cbuescher/elasticsearch that referenced this pull request Sep 4, 2024
@DaveCTurner @cbuescher
Fix Azure tests in FIPS mode again (elastic#111611)
7788a12 
Closes elastic#111345 Closes elastic#111607 Closes elastic#111608
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ywangd ywangd ywangd approved these changes

@idegtiarenko idegtiarenko idegtiarenko approved these changes

Assignees
No one assigned
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) :Distributed Coordination/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs :Security/FIPS Running ES in FIPS 140-2 mode Team:Distributed Meta label for distributed team (obsolete) Team:Security Meta label for security team >test Issues or PRs that are addressing/adding tests v8.16.0
Projects
None yet
Milestone
No milestone
4 participants
@DaveCTurner @elasticsearchmachine @idegtiarenko @ywangd