Reinstate S3SearchableSnapshotsCredentialsReloadIT in FIPS JVMs
#126109
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These tests only don't work in a FIPS JVM because they use a secret key that is unacceptably short. This commit replaces the relevant uses of `randomIdentifier` with `randomSecretKey` so they work whether in FIPS mode or not.
DaveCTurner
added
>test
elasticsearchmachine
added
Team:Security
|
Pinging @elastic/es-security (Team:Security) |
|
Pinging @elastic/es-distributed-indexing (Team:Distributed Indexing) |
ywangd
reviewed
Apr 3, 2025
| keystoreSettings.put("s3.client." + alternativeClient + ".secret_key", randomIdentifier()); | ||
| keystoreSettings.put("s3.client." + alternativeClient + ".secret_key", randomSecretKey()); | ||
| cluster.updateStoredSecureSettings(); | ||
| assertOK(client().performRequest(new Request("POST", "/_nodes/reload_secure_settings"))); |
There was a problem hiding this comment.
The reload call needs to provide keystore password when in FIPS mode similar to this.
There was a problem hiding this comment.
Ah sorry for the noise I thought this had passed the FIPS tests when I asked for your review. Fixed that now.
DaveCTurner
added
auto-merge-without-approval
DaveCTurner
deleted the
2025/04/02/S3SearchableSnapshotsCredentialsReloadIT-fips
branch
💔 Backport failed
You can use sqren/backport to manually backport by running |
DaveCTurner
added a commit
to DaveCTurner/elasticsearch
that referenced
this pull request
Apr 4, 2025
…astic#126109) These tests only don't work in a FIPS JVM because they use a secret key that is unacceptably short. This commit replaces the relevant uses of `randomIdentifier` with `randomSecretKey` so they work whether in FIPS mode or not.
DaveCTurner
added a commit
to DaveCTurner/elasticsearch
that referenced
this pull request
Apr 4, 2025
…astic#126109) These tests only don't work in a FIPS JVM because they use a secret key that is unacceptably short. This commit replaces the relevant uses of `randomIdentifier` with `randomSecretKey` so they work whether in FIPS mode or not. Backport of elastic#126109 to `8.x`
DaveCTurner
added a commit
to DaveCTurner/elasticsearch
that referenced
this pull request
Apr 4, 2025
These tests only don't work in a FIPS JVM because they use a secret key that is unacceptably short. This commit replaces the relevant uses of `randomIdentifier` with `randomSecretKey` so they work whether in FIPS mode or not. Backport of elastic#126109 to `8.x`
|
Backport is #126324 |
elasticsearchmachine
pushed a commit
that referenced
this pull request
Apr 4, 2025
…26324) * Reinstate `S3SearchableSnapshotsCredentialsReloadIT` in FIPS JVMs These tests only don't work in a FIPS JVM because they use a secret key that is unacceptably short. This commit replaces the relevant uses of `randomIdentifier` with `randomSecretKey` so they work whether in FIPS mode or not. Backport of #126109 to `8.x` * CI poke
andreidan
pushed a commit
to andreidan/elasticsearch
that referenced
this pull request
Apr 9, 2025
…astic#126109) These tests only don't work in a FIPS JVM because they use a secret key that is unacceptably short. This commit replaces the relevant uses of `randomIdentifier` with `randomSecretKey` so they work whether in FIPS mode or not.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These tests only don't work in a FIPS JVM because they use a secret key
that is unacceptably short. This commit replaces the relevant uses of
randomIdentifierwithrandomSecretKeyso they work whether in FIPSmode or not.