forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
FIPS FTR Overrides and test skips (elastic#192053)
## Summary Kibana requires security to be enabled and a platinum or better license to run in FIPS mode. Since not all FTR configs assume these conditions will be enabled, we cant run every test. So these failing tests will be skipped when these overrides are enforced. This does not mean that the functionality is not supported in FIPS mode. ## What is the point? Running these tests in FIPS mode is not necessarily to check that the functionality works as expected, it is to make sure Kibana does not crash due to unsupported algorithm usage (`md4`, `md5`, etc). When running in FIPS mode, Node will throw an `unsupported envelope function` error (with FIPS enabled) if it encounters an unsupported algorithm, so the more lines of code covered, the more assurance we can have that features will work in FIPS mode. ## Nature of the changes To skip a test, a `tag` is added: `this.tags('skipFIPS')` `this.tags` is only available for `describe('description', function() {...});` There should not be any logical changes, just tests wrapped in an extra block. I tried to make the wording in the new `describe` block "flow" 😅 if you prefer different wording in the new `describe` block - please add a change! --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
- Loading branch information
1 parent
2d40fa3
commit 5ec0cb0
Showing
103 changed files
with
1,919 additions
and
1,595 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
packages/kbn-test/src/functional_tests/lib/fips_overrides.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the "Elastic License | ||
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side | ||
* Public License v 1"; you may not use this file except in compliance with, at | ||
* your election, the "Elastic License 2.0", the "GNU Affero General Public | ||
* License v3.0 only", or the "Server Side Public License, v 1". | ||
*/ | ||
|
||
// This will only apply overrides when running in FIPS mode | ||
export function applyFipsOverrides(vars: any) { | ||
vars.esTestCluster.license = 'trial'; | ||
|
||
const skipTags = vars.suiteTags?.exclude ?? []; | ||
skipTags.push('skipFIPS'); | ||
vars.suiteTags = { | ||
...vars.suiteTags, | ||
exclude: skipTags, | ||
}; | ||
|
||
vars.security = { | ||
...vars.security, | ||
/* | ||
* When running in FIPS mode, security must be enabled. Many suites expect that there will be no authc/authz. | ||
* Test user's roles are set to `defaultRoles`, the most privileged roles are added here | ||
* so that more tests can be run successfully | ||
*/ | ||
defaultRoles: ['superuser', 'kibana_admin', 'system_indices_superuser'], | ||
}; | ||
|
||
const newServerArgs = vars.esTestCluster.serverArgs.filter( | ||
(arg: string) => arg !== 'xpack.security.enabled=false' | ||
); | ||
newServerArgs.push('xpack.security.enabled=true'); | ||
|
||
const selfTypedBasicLicenseIndex = newServerArgs.indexOf( | ||
`xpack.license.self_generated.type=basic` | ||
); | ||
if (selfTypedBasicLicenseIndex > -1) { | ||
newServerArgs[selfTypedBasicLicenseIndex] = `xpack.license.self_generated.type=trial`; | ||
} | ||
|
||
vars.esTestCluster.serverArgs = newServerArgs; | ||
|
||
return vars; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.