Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provision automatic test runs for ruby/java unit tests and integration tests with fips mode #17029

Merged
merged 6 commits into from
Feb 7, 2025
Merged

Provision automatic test runs for ruby/java unit tests and integration tests with fips mode #17029

merged 6 commits into from
Feb 7, 2025

Conversation

donoghuc
Copy link
Member

@donoghuc donoghuc commented Feb 5, 2025
edited
Loading

Release notes

[rn:skip]

What does this PR do?

Add pipeline steps for performing tests under fips mode. For the ruby/java unit tests and the integration tests we now run the tests in a docker environment configured for FIPS. Additionally gradle has been configured with a new option to ensure additional java properties are injected at test time. This in particular (managing injection of properties directly) will likely change over time, for now the emphasis is just getting automate testing in place so we can start burning down test failures related to running in FIPS mode.

How to test this PR locally

Buildkite build https://buildkite.com/elastic/logstash-exhaustive-tests-pipeline/builds/1266

Related issues

This is a POC for solving https://github.com/elastic/ingest-dev/issues/4954

@donoghuc
Run ruby unit tests under FIPS mode
b2a4c99 
This commit shows a proposed pattern for running automated tests for logstash in
FIPS mode. It uses a new identifier in gradle for conditionally setting
properties to configure fips mode. The tests are run in a container
representative of the base image the final artifacts will be built from.
@donoghuc
Move everything from qa/fips -> x-pack
7521575 
This commit moves test setup/config under x-pack dir.
@donoghuc
Extend test pipelines for fips mode to java unit tests and integration
41a470b
@donoghuc donoghuc changed the title Run ruby unit tests under FIPS mode Provision automatic test runs for ruby/java unit tests and integration tests with fips mode Feb 6, 2025
@donoghuc
Copy link
Member Author

donoghuc commented Feb 6, 2025

CODEREVIEW: What do we want to do about the failing license checks while we figure out how we want to manage the bcfips deps?

@yaauie yaauie mentioned this pull request Feb 6, 2025
Closed
yaauie
yaauie approved these changes Feb 6, 2025
View reviewed changes
Copy link
Member

@yaauie yaauie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I approve merging this to the feature branch, and have left one suggestion to more tightly-group the gradle bits together.

logstash-core/build.gradle Outdated
@@ -124,6 +124,20 @@ tasks.register("javaTests", Test) {
exclude '/org/logstash/plugins/factory/PluginFactoryExtTest.class'
exclude '/org/logstash/execution/ObservedExecutionTest.class'

if (runTestsInFIPSMode) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these test config modifications can live inside of x-pack:

#17033

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seems great! I just cherry-picked that commit to see how it does in CI. Thanks so much!

@robbavey
Copy link
Member

robbavey commented Feb 6, 2025

I'm ok with skipping the license checking in the feature branch, at least until we have the packaging story in place - I don't think it's really buying us a whole bunch at this point

@donoghuc
Copy link
Member Author

donoghuc commented Feb 6, 2025

@robbavey is there a pattern for skipping those other than just deleting those steps on this branch?

@robbavey
Copy link
Member

robbavey commented Feb 6, 2025

@donoghuc I believe you can add a skip: to a buildkite step with a reason:

https://buildkite.com/resources/changelog/11-skipped-jobs-are-now-hidden-by-default/

https://buildkite.com/docs/pipelines/configure/step-types/command-step

@donoghuc
Copy link
Member Author

donoghuc commented Feb 6, 2025

@robbavey sweet. Looks like that skip worked! Also, the commit i pulled in from @yaauie moving the gradle stuff to x-pack seemed to work in CI. I think this should be G2G pending the build 🚀

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 6, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

@donoghuc
Copy link
Member Author

donoghuc commented Feb 7, 2025

OK this is in good shape. I'm going to get this merged. We may want to split the integration tests as they take 40 mins.

@donoghuc donoghuc merged commit df94d53 into feature/fedramp-high-8.x Feb 7, 2025
5 of 6 checks passed
@donoghuc donoghuc deleted the fips-unit-tests-poc branch February 7, 2025 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yaauie yaauie yaauie approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@donoghuc @robbavey @elasticmachine @yaauie