Add FIPS specific testclusters configuration

[alpar-t]

ClusterFormationTasks auto configured these properties for clusters.
This PR adds FIPS specific configuration across all test clusters from
the main build script to prevent coupling betwwen testclusters and the
build plugin.

Closes #40904

[elasticmachine]

Pinging @elastic/es-core-infra

[jkakavas]

Is this : https://github.com/elastic/elasticsearch/blob/master/buildSrc/src/main/groovy/org/elasticsearch/gradle/test/ClusterFormationTasks.groovy#L303 still needed now ?

[alpar-t]

@jkakavas yes, other projects still use ClusterFormationTasks. That will go away when the whole class goes.

[jkakavas]

@jkakavas yes, other projects still use ClusterFormationTasks. That will go away when the whole class goes.

So, any further fips specific system properties should be added both in the build.gradle of the elasticsearch project and in the ClusterFormationTasks until that's removed, correct ?

[jkakavas]

LGTM

[jkakavas]

On second thought: I'm adding a few things related to FIPS config in #41024 and my initial approach is to add that config in BuildPlugin too , i.e.

                // Set the system keystore/truststore password if we're running tests in a FIPS-140 JVM
                if (project.ext.inFipsJvm) {
                    ExportElasticsearchBuildResourcesTask buildResources = project.tasks.getByName('buildResources')
                    dependsOn buildResources
                    project.dependencies.add('testCompile', "org.bouncycastle:bc-fips:1.0.1:jar")
                    systemProperty 'javax.net.ssl.keyStore', buildResources.copy("cacerts.bcfks")
                    systemProperty 'javax.net.ssl.keyStoreType', 'BCFKS'
                    systemProperty 'javax.net.ssl.keyStorePassword', 'password'
                    systemProperty 'javax.net.ssl.trustStore', buildResources.copy("cacerts.bcfks")
                    systemProperty 'javax.net.ssl.trustStoreType', 'BCFKS'
                    systemProperty 'javax.net.ssl.trustStorePassword', 'password'
                    String policyFile = "java_${project.ext.runtimeJavaVersion.getMajorVersion()}_fips.policy"
                    String securityPropertiesFile = "java_${project.ext.runtimeJavaVersion.getMajorVersion()}_fips.security"
                    systemProperty 'java.security.policy', buildResources.copy(policyFile)
                    systemProperty 'java.security.properties', buildResources.copy(securityPropertiesFile)
                }

AFAIU, we can't move the ones depending on buildResources to the main build script, so would it be worth it having fips related config in multiple places ?

[alpar-t]

I think it's very much worth having everything in a single place, but it doesn't have to be the build plugin. Some projects ( tests ) will need fips without having that plugin applied. The build resources is still universally available since other tasks create it as well.
You could add configuration to the task with tasks.withType(ExportElasticsearchBuildResourcesTask) {} so it's only applicable when the task is created.

We could also have everything fips specific live in a new plugin.