[8.19] (backport #7804) [Integration Test] Ensure that upgrading a FIPS-capable Agent results in a FIPS-capable Agent #8491
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mergify
bot
added
backport
conflicts
mergify
bot
added
the
conflicts
|
Cherry-pick of ac9ee9a has failed: To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally |
github-actions
bot
added
Team:Elastic-Agent-Control-Plane
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
|
This pull request has not been merged yet. Could you please review and merge it @ycombinator? 🙏 |
Merged
8 tasks
ycombinator
reviewed
Jun 17, 2025
|
This pull request is now in conflicts. Could you fix it? 🙏 |
… in a FIPS-capable Agent (#7804) * Adding skeleton for FIPS-to-FIPS upgrade test * Expose FIPS compliance in GRPC client Version call response * Test upgrade from FIPS to FIPS artifact * Change assert to require * Add postWatcherSuccessHook to upgrade test * Refactor standalone upgrade test to take upgradeOpts * Fix up FIPS upgrade test to use postWatcherSuccessHook to test FIPS compliance of upgraded Agent * Add version constraint to test * s/compliant/capable/ * s/compliant/capable/ * Append -fips to artifact name if current release of Agent is FIPS-capable * Enable FIPS-capable to FIPS-capable Agent upgrades * Running mage fmt * Adding test to ensure FIPS-capable Agent cannot be upgraded to non-FIPS-capable Agent * Adding return value * Fixing function calls * Remove post-upgrade success hook since we expect upgrade to fail * Add minimum FIPS version check for start version * Simplify upgradeOpts initialization * Add version equality comparison method * Fix version checks in tests * Refactor version check into own helper function * Fixing args * No need to pass testing.T * Remove redundant test case * Restrict FIPS integration tests to Linux * Add Fleet-managed Agent FIPS upgrade test * Remove integration test trying to upgrade FIPS to non-FIPS * Fix type of argument * Refactoring: extract common logic into helper function * Remove old code * Require no error * Fixing syntax errors * Define tests as needing a FIPS environment * FIPS upgrade tests should only run on Linux * FIPS upgrade tests should start with FIPS-capable version * Fixing comment + skip message * Fix syntax errors * Removing TestStandaloneUpgradeFIPStoFIPS test * Removing TestFleetManagedUpgradePrivilegedFIPS test * Add back accidentally-deleted function * Combine less and equal unit tests * Hash replaceToken only if its non-empty * Use startFixture (cherry picked from commit ac9ee9a)
ycombinator
force-pushed
the
mergify/bp/8.19/pr-7804
branch
from
86cadd6 to
c24d3ea
Compare
ycombinator
previously approved these changes
Jun 17, 2025
|
💛 Build succeeded, but was flaky
Failed CI Steps
History
cc @ycombinator |
|
This pull request has not been merged yet. Could you please review and merge it @ycombinator? 🙏 |
ycombinator
approved these changes
Jun 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This PR allows a FIPS-capable Agent to upgrade to another FIPS-capable Agent. It also adds an integration test,
TestFleetManagedUpgradeUnprivilegedFIPS, to check that a Fleet-managed FIPS-capable unprivileged Agent will upgrade only to another FIPS-capable Agent.Why is it important?
To preserve FIPS-compliance across upgrades.
Checklist
I have made corresponding changes to the documentationI have made corresponding change to the default configuration filesI have added tests that prove my fix is effective or that my feature worksI have added an entry in./changelog/fragmentsusing the changelog toolDisruptive User Impact
None; this PR adds an integration test.
This is an automatic backport of pull request #7804 done by [Mergify](https://mergify.com).