Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Suppress Wildfly test in FIPS JVMs #32543

Conversation

DaveCTurner
Copy link
Contributor

Until #32534 is fixed, this suppresses this failing test on FIPS JVMs, but
allows the suite to pass and includes a dummy @AwaitsFix test too.

Until elastic#32534 is fixed, this suppresses this failing test on FIPS JVMs, but
allows the suite to pass and includes a dummy @AwaitsFix test too.
@DaveCTurner DaveCTurner added >test Issues or PRs that are addressing/adding tests v7.0.0 :Security/Security Security issues without another label v6.5.0 v6.3.3 v6.4.1 labels Aug 1, 2018
@jkakavas
Copy link
Member

jkakavas commented Aug 3, 2018

I'm thinking we could extend the check in

if (!Os.isFamily(Os.FAMILY_WINDOWS)) {

to

if (!Os.isFamily(Os.FAMILY_WINDOWS) && !inFipsJvm) {

so that we skip the integTest in FIPS JVMs.

I also proposed we do this anyway and close #32534, as running our transport client in an application on Wildfly in a FIPS 140 JVM is not something that we cover right now in our FIPS effort

@DaveCTurner
Copy link
Contributor Author

@jkakavas I've done as you suggested (and in the other place that checks for Windows in that file) and it passes ./gradlew precommit at least. I do not know how to test that this fixes the issue - I don't have a FIPS JVM installed locally. Could you take a look?

Copy link
Member

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks David

@jkakavas
Copy link
Member

jkakavas commented Aug 3, 2018

Could you take a look?

Will do !

I do not know how to test that this fixes the issue - I don't have a FIPS JVM installed locally

I have added instructions on how to troubleshoot test failures in a fips JVM if it ever becomes necessary in the future.

@jkakavas
Copy link
Member

jkakavas commented Aug 3, 2018

I can verify this mutes integTestRunner. But this is a little trickier.
integTestRunner task doesn't fail for me locally.
On CI, it fails on

try (CloseableHttpClient client = HttpClientBuilder.create().build()) {

We don't pass an sslcontext and the defult behavior for HttpClientBuilder is to use the JVMs default keystore and truststore. We however change the JVM keystore to be a BCFKS one for java8fips and we run in the FIPS JVM ( or does Wildfly run in the Gradle's JVM ? ) so it should be able to read it just fine and not fail with

 2> java.io.IOException: Invalid keystore format

I would still like to mute this by merging the PR so that we can continue running the rest of the tests in a FIPS. WDYT @jasontedor ?

@DaveCTurner DaveCTurner merged commit e3cc337 into elastic:master Aug 3, 2018
@DaveCTurner DaveCTurner deleted the 2018-08-01-suppress-wildfly-test-in-fips-jvm branch August 3, 2018 16:57
@DaveCTurner
Copy link
Contributor Author

I think it's right to merge this to mute the failing tests, and have done so, but I will leave #32534 open to track any work towards bringing these tests back into the fold again.

DaveCTurner added a commit that referenced this pull request Aug 3, 2018
WildflyIT fails on FIPS-enabled JVMs. This change mutes this test suite on such
JVMs. Relates #32534.
DaveCTurner added a commit that referenced this pull request Aug 3, 2018
WildflyIT fails on FIPS-enabled JVMs. This change mutes this test suite on such
JVMs. Relates #32534.
DaveCTurner added a commit that referenced this pull request Aug 3, 2018
WildflyIT fails on FIPS-enabled JVMs. This change mutes this test suite on such
JVMs. Relates #32534.
DaveCTurner added a commit that referenced this pull request Aug 3, 2018
The required gradle property does not exist in this branch.

This reverts commit 90ffcd3.
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Aug 6, 2018
…pe-detection-with-leading-whitespace

* elastic/master: (34 commits)
  Cross-cluster search: preserve cluster alias in shard failures (elastic#32608)
  Handle AlreadyClosedException when bumping primary term
  [TEST] Allow to run in FIPS JVM (elastic#32607)
  [Test] Add ckb to the list of unsupported languages (elastic#32611)
  SCRIPTING: Move Aggregation Scripts to their own context (elastic#32068)
  Painless: Use LocalMethod Map For Lookup at Runtime (elastic#32599)
  [TEST] Enhance failure message when bulk updates have failures
  [ML] Add ML result classes to protocol library (elastic#32587)
  Suppress LicensingDocumentationIT.testPutLicense in release builds (elastic#32613)
  [Rollup] Update wire version check after backport
  Suppress Wildfly test in FIPS JVMs (elastic#32543)
  [Rollup] Improve ID scheme for rollup documents (elastic#32558)
  ingest: doc: move Dot Expander Processor doc to correct position (elastic#31743)
  [ML] Add some ML config classes to protocol library (elastic#32502)
  [TEST]Split transport verification mode none tests (elastic#32488)
  Core: Move helper date formatters over to java time (elastic#32504)
  [Rollup] Remove builders from DateHistogramGroupConfig (elastic#32555)
  [TEST} unmutes SearchAsyncActionTests and adds debugging info
  [ML] Add Detector config classes to protocol library (elastic#32495)
  [Rollup] Remove builders from MetricConfig (elastic#32536)
  ...
dnhatn added a commit that referenced this pull request Aug 6, 2018
* 6.x:
  [Kerberos] Use canonical host name (#32588)
  Cross-cluster search: preserve cluster alias in shard failures (#32608)
  [TEST] Allow to run in FIPS JVM (#32607)
  Handle AlreadyClosedException when bumping primary term
  [Test] Add ckb to the list of unsupported languages (#32611)
  SCRIPTING: Move Aggregation Scripts to their own context (#32068) (#32629)
  [TEST] Enhance failure message when bulk updates have failures
  [ML] Add ML result classes to protocol library (#32587)
  Suppress LicensingDocumentationIT.testPutLicense in release builds (#32613)
  [Rollup] Improve ID scheme for rollup documents (#32558)
  Mutes failing SQL string function tests due to #32589
  Suppress Wildfly test in FIPS JVMs (#32543)
  Add cluster UUID to Cluster Stats API response (#32206)
  [ML] Add some ML config classes to protocol library (#32502)
  [TEST]Split transport verification mode none tests (#32488)
  [Rollup] Remove builders from DateHistogramGroupConfig (#32555)
  [ML] Add Detector config classes to protocol library (#32495)
  [Rollup] Remove builders from MetricConfig (#32536)
  Fix race between replica reset and primary promotion (#32442)
  HLRC: Move commercial clients from XPackClient (#32596)
  Security: move User to protocol project (#32367)
  Minor fix for javadoc (applicable for java 11). (#32573)
  Painless: Move Some Lookup Logic to PainlessLookup (#32565)
  Core: Minor size reduction for AbstractComponent (#32509)
  INGEST: Enable default pipelines (#32286) (#32591)
  TEST: Avoid merges in testSeqNoAndCheckpoints
  [Rollup] Remove builders from HistoGroupConfig (#32533)
  fixed elements in array of produced terms (#32519)
  Mutes ReindexFailureTests.searchFailure dues to #28053
  Mutes LicensingDocumentationIT due to #32580
  Remove the SATA controller from OpenSUSE box
  [ML] Rename JobProvider to JobResultsProvider (#32551)
dnhatn added a commit that referenced this pull request Aug 6, 2018
* master:
  Cross-cluster search: preserve cluster alias in shard failures (#32608)
  Handle AlreadyClosedException when bumping primary term
  [TEST] Allow to run in FIPS JVM (#32607)
  [Test] Add ckb to the list of unsupported languages (#32611)
  SCRIPTING: Move Aggregation Scripts to their own context (#32068)
  Painless: Use LocalMethod Map For Lookup at Runtime (#32599)
  [TEST] Enhance failure message when bulk updates have failures
  [ML] Add ML result classes to protocol library (#32587)
  Suppress LicensingDocumentationIT.testPutLicense in release builds (#32613)
  [Rollup] Update wire version check after backport
  Suppress Wildfly test in FIPS JVMs (#32543)
  [Rollup] Improve ID scheme for rollup documents (#32558)
  ingest: doc: move Dot Expander Processor doc to correct position (#31743)
  [ML] Add some ML config classes to protocol library (#32502)
  [TEST]Split transport verification mode none tests (#32488)
  Core: Move helper date formatters over to java time (#32504)
  [Rollup] Remove builders from DateHistogramGroupConfig (#32555)
  [TEST} unmutes SearchAsyncActionTests and adds debugging info
  [ML] Add Detector config classes to protocol library (#32495)
  [Rollup] Remove builders from MetricConfig (#32536)
  Tests: Add rolling upgrade tests for watcher (#32428)
  Fix race between replica reset and primary promotion (#32442)
jkakavas added a commit that referenced this pull request Aug 13, 2018
WildflyIT test fails in a FIPS JVM due to the amount of output in stderr. The excessive stderr output is due to https://bugs.openjdk.java.net/browse/JDK-8202893 and is not an indication of a failure that should be tracked.
This commit adjusts the limit to something more lenient that would allow the test to succeed.
Reverts #32543
jkakavas added a commit that referenced this pull request Aug 13, 2018
WildflyIT test fails in a FIPS JVM due to the amount of output in stderr. The excessive stderr output is due to https://bugs.openjdk.java.net/browse/JDK-8202893 and is not an indication of a failure that should be tracked.
This commit adjusts the limit to something more lenient that would allow the test to succeed.
Reverts #32543
jkakavas added a commit that referenced this pull request Aug 13, 2018
WildflyIT test fails in a FIPS JVM due to the amount of output in stderr. The excessive stderr output is due to https://bugs.openjdk.java.net/browse/JDK-8202893 and is not an indication of a failure that should be tracked.
This commit adjusts the limit to something more lenient that would allow the test to succeed.
Reverts #32543
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
:Security/Security Security issues without another label >test Issues or PRs that are addressing/adding tests v6.3.3 v6.4.1 v6.5.0 v7.0.0-beta1
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants