Skip to content

Commit a790ac0

Browse files
mergify[bot]michel-laterman
mergify[bot]
and
michel-laterman
authored
[8.19](backport #4983) Add basic fips cloudE2E test (#4998)
* Add basic fips cloudE2E test (#4983) Verify that FIPS capable artifacts work in cloud deployments. Correct openapi status endpoint return values. (cherry picked from commit 11b45c5) # Conflicts: # testing/go.mod # testing/go.sum * Fix testing go.mod --------- Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com> Co-authored-by: michel-laterman <michel.laterman@elastic.co>
1 parent f5ead35 commit a790ac0

File tree

11 files changed

+511
-170
lines changed

11 files changed

+511
-170
lines changed

.buildkite/hooks/pre-command

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -46,17 +46,19 @@ if [[ "$BUILDKITE_PIPELINE_SLUG" == "fleet-server-package-mbp" ]]; then
4646
fi
4747

4848
if [[ "$BUILDKITE_PIPELINE_SLUG" == "fleet-server" || "$BUILDKITE_PIPELINE_SLUG" == "fleet-server-perf-tests" ]]; then
49-
if [[ "$BUILDKITE_STEP_KEY" == "publish" || "$BUILDKITE_STEP_KEY" == "cloud-e2e-test" || "$BUILDKITE_STEP_KEY" == "create-image" ]]; then
49+
if [[ "$BUILDKITE_STEP_KEY" == "publish" || "$BUILDKITE_STEP_KEY" == "cloud-e2e-test" || "$BUILDKITE_STEP_KEY" == "cloud-e2e-fips-test" || "$BUILDKITE_STEP_KEY" == "create-image" ]]; then
5050
export DOCKER_USERNAME_SECRET=$(retry 5 vault kv get -field user "${DOCKER_REGISTRY_SECRET_PATH}")
5151
export DOCKER_PASSWORD_SECRET=$(retry 5 vault kv get -field password "${DOCKER_REGISTRY_SECRET_PATH}")
5252
docker login -u "${DOCKER_USERNAME_SECRET}" -p "${DOCKER_PASSWORD_SECRET}" "${DOCKER_REGISTRY}" 2>/dev/null
5353
fi
5454
fi
5555

56-
if [[ "$BUILDKITE_PIPELINE_SLUG" == "fleet-server" && "$BUILDKITE_STEP_KEY" == "cloud-e2e-test" ]]; then
57-
export EC_API_KEY_SECRET=$(retry 5 vault kv get -field apiKey "${EC_KEY_SECRET_PATH}")
58-
# Environment variables required by the Elastic Cloud service deployer
59-
export EC_API_KEY=${EC_API_KEY_SECRET}
56+
if [[ "$BUILDKITE_PIPELINE_SLUG" == "fleet-server" ]]; then
57+
if [[ "$BUILDKITE_STEP_KEY" == "cloud-e2e-test" || "$BUILDKITE_STEP_KEY" == "cloud-e2e-fips-test" ]]; then
58+
export EC_API_KEY_SECRET=$(retry 5 vault kv get -field apiKey "${EC_KEY_SECRET_PATH}")
59+
# Environment variables required by the Elastic Cloud service deployer
60+
export EC_API_KEY=${EC_API_KEY_SECRET}
61+
fi
6062
fi
6163

6264
# BK analytics

.buildkite/pipeline.yml

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ steps:
2929

3030
- group: "Performance test"
3131
key: "performance-test"
32+
depends_on: "check"
3233
steps:
3334
- label: "Run go benchmark for PR branch"
3435
key: "go-benchmark-pr"
@@ -67,10 +68,9 @@ steps:
6768
agents:
6869
provider: "gcp"
6970

70-
depends_on: "check"
71-
7271
- group: "Run tests"
7372
key: "tests"
73+
depends_on: "check"
7474
steps:
7575
- label: ":smartbear-testexecute: Run unit tests"
7676
key: unit-test
@@ -182,7 +182,28 @@ steps:
182182
allow_failure: false
183183
- step: "e2e-test"
184184
allow_failure: false
185-
depends_on: "check"
185+
186+
- label: ":gcloud: Cloud e2e FIPS Test"
187+
key: "cloud-e2e-fips-test"
188+
env:
189+
DOCKER_REGISTRY: "docker.elastic.co"
190+
DOCKER_BASE_IMAGE: "docker.elastic.co/cloud-release/elastic-agent-fips-cloud"
191+
DOCKER_IMAGE: "docker.elastic.co/beats-ci/elastic-agent-fips-cloud"
192+
DOCKER_IMAGE_TAG: "pr-${BUILDKITE_PULL_REQUEST}-${BUILDKITE_COMMIT:0:12}"
193+
SNAPSHOT: "true"
194+
PLATFORMS: "linux/amd64"
195+
TF_VAR_pull_request: "${BUILDKITE_PULL_REQUEST}"
196+
FIPS: "true"
197+
command: ".buildkite/scripts/cloud_e2e_test.sh"
198+
agents:
199+
provider: "gcp"
200+
depends_on:
201+
- step: "unit-test"
202+
allow_failure: false
203+
- step: "int-test"
204+
allow_failure: false
205+
- step: "e2e-test"
206+
allow_failure: false
186207

187208
- label: ":docker: Publish docker image"
188209
key: "publish"

internal/pkg/api/openapi.gen.go

Lines changed: 18 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

internal/pkg/server/fleet_integration_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1255,7 +1255,7 @@ func Test_SmokeTest_CheckinPollTimeout(t *testing.T) {
12551255
AgentId: agentID,
12561256
Message: "test-message",
12571257
Type: api.ACTIONRESULT,
1258-
Subtype: api.ACKNOWLEDGED,
1258+
Subtype: api.EventSubtypeACKNOWLEDGED,
12591259
}
12601260
ev := api.AckRequest_Events_Item{}
12611261
err := ev.FromGenericEvent(event)
@@ -1387,7 +1387,7 @@ func Test_SmokeTest_CheckinPollShutdown(t *testing.T) {
13871387
AgentId: agentID,
13881388
Message: "test-message",
13891389
Type: api.ACTIONRESULT,
1390-
Subtype: api.ACKNOWLEDGED,
1390+
Subtype: api.EventSubtypeACKNOWLEDGED,
13911391
}
13921392
ev := api.AckRequest_Events_Item{}
13931393
err := ev.FromGenericEvent(event)

magefile.go

Lines changed: 40 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -82,8 +82,10 @@ const (
8282
envDockerImage = "DOCKER_IMAGE"
8383
// envDockerTag is used to indicate tag for images produced by the docker:image target. Defaults to version. It
8484
envDockerTag = "DOCKER_IMAGE_TAG"
85-
// envDockerBaseImage is the image:tag for the base elastic-agent-cloud images used by e2e tests.
85+
// envDockerBaseImage is the base image for elastic-agent-cloud images used by e2e tests.
8686
envDockerBaseImage = "DOCKER_BASE_IMAGE"
87+
// envDockerBaseImageTag is the tag for the base image used by e2e tests.
88+
envDockerBaseImageTag = "DOCKER_BASE_IMAGE_TAG"
8789
)
8890

8991
// const and vars used by magefile.
@@ -997,12 +999,17 @@ func (Docker) Image() error {
997999

9981000
// Push pushs an image created by docker:image to the registry.
9991001
// FIPS may be used to push a FIPS capable image.
1002+
// DOCKER_IMAGE may be used to specify the image name.
10001003
// DOCKER_IMAGE_TAG may be used to specify the image tag.
10011004
func (Docker) Push() error {
10021005
image := dockerImage
10031006
if isFIPS() {
10041007
image += "-fips"
10051008
}
1009+
if v, ok := os.LookupEnv(envDockerImage); ok && v != "" {
1010+
image = v
1011+
}
1012+
10061013
version := getVersion()
10071014
if v, ok := os.LookupEnv(envDockerTag); ok && v != "" {
10081015
version = v
@@ -1015,6 +1022,7 @@ func (Docker) Push() error {
10151022
// This step requires a coverage enabled binary to be used.
10161023
// FIPS is used to control if a FIPS compliant image should be created.
10171024
// DOCKER_BASE_IMAGE may be used to specify the elastic-agent base image. docker.elastic.co/cloud-release/elastic-agent-cloud by default.
1025+
// DOCKER_BASE_IMAGE_TAG may be used to specify the elastic-agent base image tag. Uses the ELASTICESRCH version from dev-tools/integration/.env.
10181026
// DOCKER_IMAGE is used to specify the resulting image name.
10191027
// DOCKER_IMAGE_TAG is used to specify the resulting image tag.
10201028
func (Docker) CustomAgentImage() error {
@@ -1023,16 +1031,21 @@ func (Docker) CustomAgentImage() error {
10231031
return fmt.Errorf("unable to read env file: %w", err)
10241032
}
10251033

1026-
baseImage := "docker.elastic.co/cloud-release/elastic-agent-cloud:" + env["ELASTICSEARCH_VERSION"]
1034+
baseImage := "docker.elastic.co/cloud-release/elastic-agent-cloud"
10271035
if v, ok := os.LookupEnv(envDockerBaseImage); ok && v != "" {
10281036
baseImage = v
10291037
}
1038+
baseImageTag := env["ELASTICSEARCH_VERSION"]
1039+
if v, ok := os.LookupEnv(envDockerBaseImageTag); ok && v != "" {
1040+
baseImageTag = v
1041+
}
1042+
10301043
dockerEnv := map[string]string{"DOCKER_BUILDKIT": "1"}
1031-
err = sh.RunWithV(dockerEnv, "docker", "pull", "--platform", "linux/"+runtime.GOARCH, baseImage)
1044+
err = sh.RunWithV(dockerEnv, "docker", "pull", "--platform", "linux/"+runtime.GOARCH, baseImage+":"+baseImageTag)
10321045
if err != nil {
10331046
return fmt.Errorf("failed to pull image: %w", err)
10341047
}
1035-
vcsRef, err := sh.OutputWith(dockerEnv, "docker", "inspect", "-f", "{{index .Config.Labels \"org.label-schema.vcs-ref\" }}", baseImage)
1048+
vcsRef, err := sh.OutputWith(dockerEnv, "docker", "inspect", "-f", "{{index .Config.Labels \"org.label-schema.vcs-ref\" }}", baseImage+":"+baseImageTag)
10361049
if err != nil {
10371050
return fmt.Errorf("unable to find vcs-ref label: %w", err)
10381051
}
@@ -1050,7 +1063,7 @@ func (Docker) CustomAgentImage() error {
10501063
}
10511064
err = sh.RunWithV(dockerEnv, "docker", "build",
10521065
"-f", filepath.Join("dev-tools", "e2e", "Dockerfile"),
1053-
"--build-arg", "ELASTIC_AGENT_IMAGE="+baseImage,
1066+
"--build-arg", "ELASTIC_AGENT_IMAGE="+baseImage+":"+baseImageTag,
10541067
"--build-arg", "STACK_VERSION="+getVersion(),
10551068
"--build-arg", "VCS_REF_SHORT="+vcsRef[:6],
10561069
"--build-arg", "FLEET_FIPS="+fips,
@@ -2027,6 +2040,7 @@ func (Test) CloudE2E() {
20272040
// DOCKER_IMAGE can be used to specify the custom integration server image.
20282041
// DOCKER_IMAGE_TAG can be used to specify the tag of the custom integration server.
20292042
func (Test) CloudE2EUp() error {
2043+
os.Setenv(envSnapshot, "true")
20302044
imageName := dockerImage
20312045
imageTag := getVersion()
20322046

@@ -2081,16 +2095,35 @@ func (Test) CloudE2EDown() error {
20812095

20822096
// CloudE2ERun runs tests against the remote cloud deployment.
20832097
func (Test) CloudE2ERun() error {
2084-
url, err := sh.Output("terraform", "output", "--raw", "--state="+filepath.Join("dev-tools", "cloud", "terraform", "terraform.tfstate"), "fleet_url")
2098+
fleetURL, err := sh.Output("terraform", "output", "--raw", "--state="+filepath.Join("dev-tools", "cloud", "terraform", "terraform.tfstate"), "fleet_url")
20852099
if err != nil {
20862100
return fmt.Errorf("unable to retrive fleet-server cloud url: %w", err)
20872101
}
20882102

2103+
kibanaURL, err := sh.Output("terraform", "output", "--raw", "--state="+filepath.Join("dev-tools", "cloud", "terraform", "terraform.tfstate"), "kibana_url")
2104+
if err != nil {
2105+
return fmt.Errorf("unable to retrive kibana cloud url: %w", err)
2106+
}
2107+
2108+
user, err := sh.Output("terraform", "output", "--raw", "--state="+filepath.Join("dev-tools", "cloud", "terraform", "terraform.tfstate"), "elasticsearch_username")
2109+
if err != nil {
2110+
return fmt.Errorf("unable to retrive es username: %w", err)
2111+
}
2112+
pass, err := sh.Output("terraform", "output", "--raw", "--state="+filepath.Join("dev-tools", "cloud", "terraform", "terraform.tfstate"), "elasticsearch_password")
2113+
if err != nil {
2114+
return fmt.Errorf("unable to retrive es password: %w", err)
2115+
}
2116+
20892117
var b bytes.Buffer
20902118
w := io.MultiWriter(&b, os.Stdout)
20912119
cmd := exec.Command("go", "test", "-v", "-timeout", "30m", "-tags=cloude2e", "-count=1", "-p", "1", "./...")
20922120
cmd.Dir = "testing"
2093-
cmd.Env = append(os.Environ(), "FLEET_SERVER_URL="+url)
2121+
cmd.Env = append(os.Environ(),
2122+
"FLEET_SERVER_URL="+fleetURL,
2123+
"KIBANA_URL="+kibanaURL,
2124+
"ELASTIC_USER="+user,
2125+
"ELASTIC_PASS="+pass,
2126+
)
20942127
cmd.Stdout = w
20952128
cmd.Stderr = w
20962129
err = cmd.Run()

model/openapi.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -86,14 +86,14 @@ components:
8686
A Unit state that fleet-server may report.
8787
Unit state is defined in the elastic-agent-client specification.
8888
enum:
89-
- starting
90-
- configuring
91-
- healthy
92-
- degraded
93-
- failed
94-
- stopping
95-
- stopped
96-
- unknown
89+
- STARTING
90+
- CONFIGURING
91+
- HEALTHY
92+
- DEGRADED
93+
- FAILED
94+
- STOPPING
95+
- STOPPED
96+
- UNKNOWN
9797
version:
9898
$ref: "#/components/schemas/statusResponseVersion"
9999
enrollMetadata:

pkg/api/types.gen.go

Lines changed: 18 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)