[TESTS] Disable specific locales for RestrictedTrustManagerTest #33299
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Disable thai locale as Certificate expiration validation fails due to the date format in a FIPS 140 JVM. Added the locale switching logic here instead of subclassing ESTestCase as these are the only tests that fail for that local and JVM combination. Resolves elastic#33081
jkakavas
added
>test
|
Pinging @elastic/es-security |
|
Hi, @jkakavas do you know if this is happening because of JVM bug or bug related to bcfips? I am just trying to find if there is a root cause that we know and point to before we disable the locale. I could not find any information on the issue so the ask. Thank you. |
|
Thanks @bizybot , I've updated the original issue with the analysis and the link to the bug report upstream |
jkakavas
changed the title
|
jenkins test this please |
tvernum
approved these changes
Sep 12, 2018
| return inFipsJvm() && (Locale.getDefault().toLanguageTag().equals("th-TH") | ||
| || Locale.getDefault().toLanguageTag().equals("ja-JP-u-ca-japanese-x-lvariant-JP") | ||
| || Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH")); | ||
| } |
There was a problem hiding this comment.
Those are very specific. I trust you've done the analysis and that's exactly what we need?
There was a problem hiding this comment.
Yes, see #33081 and bcgit/bc-java#405
…estrictedtrustmanager
|
@bizybot do you have any additional concerns, or should I go ahead and merge this ? |
jkakavas
added a commit
that referenced
this pull request
Sep 14, 2018
Disable specific Thai and Japanese locales as Certificate expiration validation fails due to the date parsing of BouncyCastle (that manifests in a FIPS 140 JVM as this is the only place we use BouncyCastle). Added the locale switching logic here instead of subclassing ESTestCase as these are the only tests that fail for these locales and JVM combination. Resolves #33081
jasontedor
added a commit
to jasontedor/elasticsearch
that referenced
this pull request
Sep 14, 2018
* master: (24 commits) Only notify ready global checkpoint listeners (elastic#33690) Don't count hits via the collector if the hit count can be computed from index stats. (elastic#33701) Expose retries for CCR fetch failures (elastic#33694) Test fix - Graph vertices could appear in different orders based on map insertion sequence (elastic#33709) Structured audit logging (elastic#31931) Core: Add DateFormatter interface for java time parsing (elastic#33467) [CCR] Check whether the rejected execution exception has the shutdown flag set (elastic#33703) Mute ClusterDisruptionIT#testSendingShardFailure Revert "Mute FullClusterRestartSettingsUpgradeIT" Adjust BWC version on settings upgrade test (elastic#33650) [ML] Allow overrides for some file structure detection decisions (elastic#33630) Adapt skip version for doc_values format deprecation [TEST] wait for no initializing shards [Docs] Minor fix in `has_child` javadoc comment (elastic#33674) Mute FullClusterRestartSettingsUpgradeIT [Kerberos] Add realm name & UPN to user metadata (elastic#33338) [TESTS] Disable specific locales for RestrictedTrustManagerTest (elastic#33299) SQL: Return functions in JDBC driver metadata (elastic#33672) SCRIPTING: Move terms_set Context to its Own Class (elastic#33602) AwaitsFix testRestoreMinmal ...
jkakavas
added a commit
that referenced
this pull request
Oct 4, 2018
Disable specific Thai and Japanese locales as Certificate expiration validation fails due to the date parsing of BouncyCastle (that manifests in a FIPS 140 JVM as this is the only place we use BouncyCastle). Added the locale switching logic here instead of subclassing ESTestCase as these are the only tests that fail for these locales and JVM combination. Resolves #33081
jkakavas
added a commit
to jkakavas/elasticsearch
that referenced
this pull request
Feb 15, 2019
The Bouncy Castle FIPS provider that we use for running our tests in fips mode has an issue with locale sensitive handling of Dates as described in bcgit/bc-java#405 This causes certificate validation to fail if any given test that includes some form of certificate validation happens to run in one of the locales. This manifested earlier in elastic#33081 which was handled insufficiently in elastic#33299 This change ensures that the problematic 3 locales * th-TH * ja-JP-u-ca-japanese-x-lvariant-JP * th-TH-u-nu-thai-x-lvariant-TH will not be used when running our tests in a FIPS 140 JVM. It also reverts elastic#33299
jkakavas
added a commit
that referenced
this pull request
Feb 19, 2019
* Disable specific locales for tests in fips mode The Bouncy Castle FIPS provider that we use for running our tests in fips mode has an issue with locale sensitive handling of Dates as described in bcgit/bc-java#405 This causes certificate validation to fail if any given test that includes some form of certificate validation happens to run in one of the locales. This manifested earlier in #33081 which was handled insufficiently in #33299 This change ensures that the problematic 3 locales * th-TH * ja-JP-u-ca-japanese-x-lvariant-JP * th-TH-u-nu-thai-x-lvariant-TH will not be used when running our tests in a FIPS 140 JVM. It also reverts #33299
jkakavas
added a commit
that referenced
this pull request
Feb 19, 2019
* Disable specific locales for tests in fips mode The Bouncy Castle FIPS provider that we use for running our tests in fips mode has an issue with locale sensitive handling of Dates as described in bcgit/bc-java#405 This causes certificate validation to fail if any given test that includes some form of certificate validation happens to run in one of the locales. This manifested earlier in #33081 which was handled insufficiently in #33299 This change ensures that the problematic 3 locales * th-TH * ja-JP-u-ca-japanese-x-lvariant-JP * th-TH-u-nu-thai-x-lvariant-TH will not be used when running our tests in a FIPS 140 JVM. It also reverts #33299
jkakavas
added a commit
that referenced
this pull request
Feb 19, 2019
* Disable specific locales for tests in fips mode The Bouncy Castle FIPS provider that we use for running our tests in fips mode has an issue with locale sensitive handling of Dates as described in bcgit/bc-java#405 This causes certificate validation to fail if any given test that includes some form of certificate validation happens to run in one of the locales. This manifested earlier in #33081 which was handled insufficiently in #33299 This change ensures that the problematic 3 locales * th-TH * ja-JP-u-ca-japanese-x-lvariant-JP * th-TH-u-nu-thai-x-lvariant-TH will not be used when running our tests in a FIPS 140 JVM. It also reverts #33299
jkakavas
added a commit
that referenced
this pull request
Feb 19, 2019
* Disable specific locales for tests in fips mode The Bouncy Castle FIPS provider that we use for running our tests in fips mode has an issue with locale sensitive handling of Dates as described in bcgit/bc-java#405 This causes certificate validation to fail if any given test that includes some form of certificate validation happens to run in one of the locales. This manifested earlier in #33081 which was handled insufficiently in #33299 This change ensures that the problematic 3 locales * th-TH * ja-JP-u-ca-japanese-x-lvariant-JP * th-TH-u-nu-thai-x-lvariant-TH will not be used when running our tests in a FIPS 140 JVM. It also reverts #33299
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Disable specific Thai and Japanese locales as Certificate expiration
validation fails due to the date parsing of BouncyCastle (that manifests
in a FIPS 140 JVM as this is the only place we use BouncyCastle).
Added the locale switching logic here instead of subclassing
ESTestCase as these are the only tests that fail for that local and
JVM combination.
Resolves #33081