diff --git a/.buildkite/bk.integration-fips.pipeline.yml b/.buildkite/bk.integration-fips.pipeline.yml index 5e84b150189..32c902ea934 100644 --- a/.buildkite/bk.integration-fips.pipeline.yml +++ b/.buildkite/bk.integration-fips.pipeline.yml @@ -7,6 +7,15 @@ env: IMAGE_UBUNTU_X86_64_FIPS: "platform-ingest-elastic-agent-ubuntu-2204-fips-1749862860" IMAGE_UBUNTU_ARM64_FIPS: "platform-ingest-elastic-agent-ubuntu-2204-fips-aarch64-1749862860" +# This section is used to define the plugins that will be used in the pipeline. +# See https://buildkite.com/docs/pipelines/integrations/plugins/using#using-yaml-anchors-with-plugins +common: + - vault_ec_key_prod: &vault_ec_key_prod + elastic/vault-secrets#v0.1.0: + path: "kv/ci-shared/platform-ingest/platform-ingest-ec-prod" + field: "apiKey" + env_var: "EC_API_KEY" + steps: - label: Build and push custom elastic-agent image depends_on: @@ -46,6 +55,8 @@ steps: agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" useCustomGlobalHooks: true + plugins: + - *vault_ec_key_prod - group: "fips:Stateful:Ubuntu" key: integration-tests-ubuntu-fips @@ -73,6 +84,8 @@ steps: provider: "aws" image: "${IMAGE_UBUNTU_X86_64_FIPS}" instanceType: "m5.2xlarge" + plugins: + - *vault_ec_key_prod matrix: setup: sudo: @@ -102,6 +115,8 @@ steps: provider: "aws" image: "${IMAGE_UBUNTU_ARM64_FIPS}" instanceType: "m6g.2xlarge" + plugins: + - *vault_ec_key_prod matrix: setup: sudo: @@ -121,6 +136,8 @@ steps: agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" useCustomGlobalHooks: true + plugins: + - *vault_ec_key_prod - label: Aggregate test reports depends_on: diff --git a/.buildkite/bk.integration.pipeline.yml b/.buildkite/bk.integration.pipeline.yml index 7f457df3e8e..923fa00c22d 100644 --- a/.buildkite/bk.integration.pipeline.yml +++ b/.buildkite/bk.integration.pipeline.yml @@ -37,6 +37,11 @@ common: KIBANA_HOST: ea-serverless-it-kibana-hostname KIBANA_USERNAME: ea-serverless-it-kibana-username KIBANA_PASSWORD: ea-serverless-it-kibana-password + - vault_ec_key_prod: &vault_ec_key_prod + elastic/vault-secrets#v0.1.0: + path: "kv/ci-shared/platform-ingest/platform-ingest-ec-prod" + field: "apiKey" + env_var: "EC_API_KEY" steps: - label: Start ESS stack for integration tests @@ -56,6 +61,8 @@ steps: agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" useCustomGlobalHooks: true + plugins: + - *vault_ec_key_prod - group: "Extended runtime leak tests" key: extended-integration-tests @@ -83,6 +90,9 @@ steps: retry: automatic: limit: 1 + plugins: + - *vault_ec_key_prod + - label: "Windows:2025:amd64:sudo" depends_on: - packaging-windows @@ -101,6 +111,9 @@ steps: provider: "gcp" machineType: "n2-standard-8" image: "${IMAGE_WIN_2025}" + plugins: + - *vault_ec_key_prod + - label: "Ubuntu:2404:amd64:sudo" depends_on: packaging-ubuntu-x86-64 env: @@ -118,6 +131,8 @@ steps: provider: "gcp" machineType: "n2-standard-8" image: "${IMAGE_UBUNTU_2404_X86_64}" + plugins: + - *vault_ec_key_prod - group: "Stateful: Windows" key: integration-tests-win @@ -143,6 +158,8 @@ steps: retry: automatic: limit: 1 + plugins: + - *vault_ec_key_prod matrix: - default - fleet @@ -169,6 +186,8 @@ steps: retry: automatic: limit: 1 + plugins: + - *vault_ec_key_prod matrix: - default @@ -188,6 +207,8 @@ steps: retry: automatic: limit: 1 + plugins: + - *vault_ec_key_prod matrix: - default - fleet @@ -214,6 +235,8 @@ steps: provider: "gcp" machineType: "n2-standard-8" image: "${IMAGE_WIN_2025}" + plugins: + - *vault_ec_key_prod matrix: - default @@ -240,6 +263,8 @@ steps: provider: "gcp" machineType: "n2-standard-8" image: "${IMAGE_UBUNTU_2404_X86_64}" + plugins: + - *vault_ec_key_prod matrix: - default @@ -260,6 +285,8 @@ steps: provider: "gcp" machineType: "n2-standard-8" image: "${IMAGE_UBUNTU_2404_X86_64}" + plugins: + - *vault_ec_key_prod matrix: - default - upgrade @@ -292,6 +319,8 @@ steps: retry: automatic: limit: 1 + plugins: + - *vault_ec_key_prod matrix: - default - upgrade @@ -326,6 +355,8 @@ steps: provider: "aws" image: "${IMAGE_UBUNTU_2404_ARM_64}" instanceType: "m6g.xlarge" + plugins: + - *vault_ec_key_prod matrix: - default @@ -352,6 +383,8 @@ steps: provider: "gcp" machineType: "n2-standard-8" image: "${IMAGE_DEBIAN_12}" + plugins: + - *vault_ec_key_prod matrix: - default @@ -372,6 +405,8 @@ steps: provider: "gcp" machineType: "n2-standard-8" image: "${IMAGE_DEBIAN_12}" + plugins: + - *vault_ec_key_prod matrix: - default - upgrade @@ -409,6 +444,8 @@ steps: retry: automatic: limit: 1 + plugins: + - *vault_ec_key_prod agents: provider: "gcp" machineType: "n2-standard-8" @@ -444,6 +481,8 @@ steps: machineType: "n2-standard-4" image: "${IMAGE_UBUNTU_2404_X86_64}" diskSizeGb: 80 + plugins: + - *vault_ec_key_prod matrix: setup: variants: @@ -547,7 +586,8 @@ steps: agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" useCustomGlobalHooks: true - + plugins: + - *vault_ec_key_prod - label: Aggregate test reports # Warning: The key has a hook in pre-command key: aggregate-reports diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index a1aaafe0d88..f11f9f6b2cc 100755 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -15,6 +15,8 @@ fi CI_DRA_ROLE_PATH="kv/ci-shared/release/dra-role" CI_GCP_OBS_PATH="kv/ci-shared/observability-ingest/cloud/gcp" +# This key exists for backward compatibility with OGC framework +# see https://github.com/elastic/elastic-agent/issues/8536 CI_ESS_PATH="kv/ci-shared/platform-ingest/platform-ingest-ec-prod" CI_DRA_ROLE_PATH="kv/ci-shared/release/dra-role" diff --git a/.buildkite/scripts/steps/ess.ps1 b/.buildkite/scripts/steps/ess.ps1 index 0a11a49fb9e..b1920fca9db 100644 --- a/.buildkite/scripts/steps/ess.ps1 +++ b/.buildkite/scripts/steps/ess.ps1 @@ -13,16 +13,7 @@ function ess_up { Write-Error "Error: Specify stack version: ess_up [stack_version]" return 1 } - - $Env:EC_API_KEY = Retry-Command -ScriptBlock { - vault kv get -field=apiKey kv/ci-shared/platform-ingest/platform-ingest-ec-prod - } - - if (-not $Env:EC_API_KEY) { - Write-Error "Error: Failed to get EC API key from vault" - exit 1 - } - + $BuildkiteBuildCreator = if ($Env:BUILDKITE_BUILD_CREATOR) { $Env:BUILDKITE_BUILD_CREATOR } else { get_git_user_email } $BuildkiteBuildNumber = if ($Env:BUILDKITE_BUILD_NUMBER) { $Env:BUILDKITE_BUILD_NUMBER } else { "0" } $BuildkitePipelineSlug = if ($Env:BUILDKITE_PIPELINE_SLUG) { $Env:BUILDKITE_PIPELINE_SLUG } else { "elastic-agent-integration-tests" } @@ -56,10 +47,7 @@ function ess_down { return 0 } Write-Output "~~~ Tearing down the ESS Stack(created for this step)" - try { - $Env:EC_API_KEY = Retry-Command -ScriptBlock { - vault kv get -field=apiKey kv/ci-shared/platform-ingest/platform-ingest-ec-prod - } + try { Push-Location -Path $TfDir & terraform init & terraform destroy -auto-approve diff --git a/.buildkite/scripts/steps/ess.sh b/.buildkite/scripts/steps/ess.sh index d1792a8bb29..cdc479b8e59 100755 --- a/.buildkite/scripts/steps/ess.sh +++ b/.buildkite/scripts/steps/ess.sh @@ -13,13 +13,6 @@ function ess_up() { return 1 fi - export EC_API_KEY=$(retry -t 5 -- vault kv get -field=apiKey kv/ci-shared/platform-ingest/platform-ingest-ec-prod) - - if [[ -z "${EC_API_KEY}" ]]; then - echo "Error: Failed to get EC API key from vault" >&2 - exit 1 - fi - BUILDKITE_BUILD_CREATOR="${BUILDKITE_BUILD_CREATOR:-"$(get_git_user_email)"}" BUILDKITE_BUILD_NUMBER="${BUILDKITE_BUILD_NUMBER:-"0"}" BUILDKITE_PIPELINE_SLUG="${BUILDKITE_PIPELINE_SLUG:-"elastic-agent-integration-tests"}" @@ -48,9 +41,6 @@ function ess_down() { echo "~~~ Tearing down the ESS Stack" local WORKSPACE=$(git rev-parse --show-toplevel) local TF_DIR="${WORKSPACE}/test_infra/ess/" - if [ -z "${EC_API_KEY:-}" ]; then - export EC_API_KEY=$(retry -t 5 -- vault kv get -field=apiKey kv/ci-shared/platform-ingest/platform-ingest-ec-prod) - fi pushd "${TF_DIR}" terraform init