Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a reproducible E2E manual testing env for running LS in FIPS mode #17010

Open
wants to merge 1 commit into
base: feature/fedramp-high-8.x
Choose a base branch
from
Open

Create a reproducible E2E manual testing env for running LS in FIPS mode #17010

wants to merge 1 commit into from

Conversation

donoghuc
Copy link
Member

@donoghuc donoghuc commented Feb 1, 2025

Release notes

[rn:skip]

What does this PR do?

This commit pushes configuration files to qa/fips for a portable environment for running logstash configured for end to end testing of logstash configured to run with BC providers. Currently it tests the beats input and the elasticsearch output which should be representative of plugins which will require FIPS crypto.

The intention here is to have a common shared environment for everyone on the project to be able to reference as we propose changes.

Why is it important/What is the impact to the user?

This is just for internal use for now.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
    - [ ] I have made corresponding changes to the documentation
    - [ ] I have made corresponding change to the default configuration files (and/or docker env variables)
    - [ ] I have added tests that prove my fix is effective or that my feature works

Author's Checklist

How to test this PR locally

Check the README.md file i published!

@donoghuc
Create a reproducible E2E manual testing env for running LS in FIPS mode
3f9c4fe 
This commit pushes configuration files to `qa/fips` for a portable environment
for running logstash configured for end to end testing of logstash configured to
run with BC providers. Currently it tests the beats input and the elasticsearch
output which should be representative of plugins which will require FIPS crypto.

The intention here is to have a common shared environment for everyone on the
project to be able to reference as we propose changes.
@donoghuc donoghuc mentioned this pull request Feb 1, 2025
Closed
@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 1, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

donoghuc
donoghuc commented Feb 4, 2025
View reviewed changes
qa/fips/docker/Dockerfile

ENV JAVA_SECURITY_PROPERTIES=/etc/java/security/java.security
ENV JAVA_OPTS="\
-Dio.netty.ssl.provider=JDK \
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably want this so that it does not try to use openssl as default https://netty.io/4.1/api/io/netty/handler/ssl/SslContext.html#defaultClientProvider--

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@donoghuc @elasticmachine