Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CI / Build / FIPS] Use xpack.security.experimental.fipsMode.enabled in CI and Docker #187533

Merged
merged 20 commits into from
Jul 15, 2024
Merged

[CI / Build / FIPS] Use xpack.security.experimental.fipsMode.enabled in CI and Docker #187533

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
46f4c0c
update dockerfile generator
Ikuni17 Jul 4, 2024
79901ae
add kbn flag to yml in ci
Ikuni17 Jul 4, 2024
a196c62
ignore config changes
Ikuni17 Jul 4, 2024
1423207
missing ignore
Ikuni17 Jul 4, 2024
96d53e0
use basic license in ftr configs
Ikuni17 Jul 4, 2024
19d3497
use env variable
Ikuni17 Jul 4, 2024
3e64aa1
revert ignore changes
Ikuni17 Jul 4, 2024
3ddecbc
Revert "revert ignore changes"
Ikuni17 Jul 4, 2024
af0127a
revert env variable for ftr env
Ikuni17 Jul 4, 2024
b59e71f
Merge remote-tracking branch 'upstream/main' into fix/add-kbn-fips-flag
Ikuni17 Jul 8, 2024
86060b5
Merge remote-tracking branch 'upstream/main' into fix/add-kbn-fips-flag
Ikuni17 Jul 8, 2024
2b79a19
Revert "use basic license in ftr configs"
Ikuni17 Jul 8, 2024
e349639
Merge remote-tracking branch 'upstream/main' into fix/add-kbn-fips-flag
Ikuni17 Jul 10, 2024
346d65f
add exp flag
Ikuni17 Jul 10, 2024
9b51d5e
use env var for ci
Ikuni17 Jul 10, 2024
bd1bcc5
Merge remote-tracking branch 'upstream/main' into fix/add-kbn-fips-flag
Ikuni17 Jul 10, 2024
ce626d7
Merge remote-tracking branch 'upstream/main' into fix/add-kbn-fips-flag
Ikuni17 Jul 11, 2024
cd39c6d
Revert "use env var for ci"
Ikuni17 Jul 11, 2024
adcc39c
Merge branch 'main' into fix/add-kbn-fips-flag
Ikuni17 Jul 13, 2024
52adb8d
Merge branch 'main' into fix/add-kbn-fips-flag
Ikuni17 Jul 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions .buildkite/scripts/common/env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,6 @@ export MERGE_QUEUE_TARGET_BRANCH
BUILDKITE_BRANCH_MERGE_QUEUE="${MERGE_QUEUE_TARGET_BRANCH:-${BUILDKITE_BRANCH:-}}"
export BUILDKITE_BRANCH_MERGE_QUEUE


BUILDKITE_AGENT_GCP_REGION=""
if [[ "$(curl -is metadata.google.internal || true)" ]]; then
# projects/1003139005402/zones/us-central1-a -> us-central1-a -> us-central1
Expand Down Expand Up @@ -133,15 +132,19 @@ export TEST_GROUP_TYPE_FUNCTIONAL="Functional Tests"
export GH_REPO=github.com/elastic/kibana

FTR_ENABLE_FIPS_AGENT=false
# used by FIPS agents to link FIPS OpenSSL modules
if [[ "${KBN_ENABLE_FIPS:-}" == "true" ]] || is_pr_with_label "ci:enable-fips-agent"; then
FTR_ENABLE_FIPS_AGENT=true
# used by FIPS agents to link FIPS OpenSSL modules
export OPENSSL_MODULES=$HOME/openssl/lib/ossl-modules

if [[ -f "$KIBANA_DIR/config/node.options" ]]; then
echo -e '\n--enable-fips' >>"$KIBANA_DIR/config/node.options"
echo "--openssl-config=$HOME/nodejs.cnf" >>"$KIBANA_DIR/config/node.options"
fi

if [[ -f "$KIBANA_DIR/config/kibana.yml" ]]; then
echo -e '\nxpack.security.experimental.fipsMode.enabled: true' >>"$KIBANA_DIR/config/kibana.yml"
fi
fi

export FTR_ENABLE_FIPS_AGENT
4 changes: 2 additions & 2 deletions .buildkite/scripts/common/util.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ check_for_changed_files() {

SHOULD_AUTO_COMMIT_CHANGES="${2:-}"
CUSTOM_FIX_MESSAGE="${3:-}"
GIT_CHANGES="$(git status --porcelain -- . ':!:.bazelrc' ':!:config/node.options')"
GIT_CHANGES="$(git status --porcelain -- . ':!:.bazelrc' ':!:config/node.options' ':!config/kibana.yml')"

if [ "$GIT_CHANGES" ]; then
if ! is_auto_commit_disabled && [[ "$SHOULD_AUTO_COMMIT_CHANGES" == "true" && "${BUILDKITE_PULL_REQUEST:-}" ]]; then
Expand All @@ -56,7 +56,7 @@ check_for_changed_files() {
git config --global user.name kibanamachine
git config --global user.email '[email protected]'
gh pr checkout "${BUILDKITE_PULL_REQUEST}"
git add -A -- . ':!.bazelrc' ':!config/node.options'
git add -A -- . ':!.bazelrc' ':!config/node.options' ':!config/kibana.yml'

git commit -m "$NEW_COMMIT_MESSAGE"
git push
Expand Down
1 change: 1 addition & 0 deletions src/dev/build/tasks/os_packages/docker_generator/templates/base/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,7 @@ RUN /usr/bin/echo -e '\n--enable-fips' >> config/node.options
RUN /usr/bin/echo '--openssl-config=/usr/share/kibana/config/nodejs.cnf' >> config/node.options
COPY --chown=1000:0 openssl/nodejs.cnf "/usr/share/kibana/config/nodejs.cnf"
ENV OPENSSL_MODULES=/usr/share/kibana/openssl/lib/ossl-modules
ENV XPACK_SECURITY_EXPERIMENTAL_FIPSMODE_ENABLED=true

{{/fips}}
RUN ln -s /usr/share/kibana /opt/kibana
Expand Down