Mute enrollment tests in FIPS 140-2 mode (#74538)

jkakavas · web-flow · commit 49ca629b6224 · 2021-06-24T11:11:48.000+03:00
We don't support enrollment mode in FIPS 140-2 mode as we are using PKCS#12 keystores. This change mutes related tests in FIPS 140-2 mode. Resolves: #74256
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/enrollment/TransportKibanaEnrollmentActionTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/enrollment/TransportKibanaEnrollmentActionTests.java
@@ -30,6 +30,7 @@
 import org.elasticsearch.xpack.core.ssl.SSLConfiguration;
 import org.elasticsearch.xpack.core.ssl.SSLService;
 import org.junit.Before;
+import org.junit.BeforeClass;
 
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -50,19 +51,23 @@ public class TransportKibanaEnrollmentActionTests extends ESTestCase {
     private List<ChangePasswordRequest> changePasswordRequests;
     private TransportKibanaEnrollmentAction action;
     private Client client;
-    private Path httpCaPath;
+
+    @BeforeClass
+    public static void muteInFips(){
+        assumeFalse("Enrollment is not supported in FIPS 140-2 as we are using PKCS#12 keystores", inFipsJvm());
+    }
 
     @Before @SuppressWarnings("unchecked") public void setup() throws Exception {
         changePasswordRequests = new ArrayList<>();
         final Environment env = mock(Environment.class);
         final Path tempDir = createTempDir();
-        httpCaPath = tempDir.resolve("httpCa.p12");
+        final Path httpCaPath = tempDir.resolve("httpCa.p12");
         Files.copy(getDataPath("/org/elasticsearch/xpack/security/action/enrollment/httpCa.p12"), httpCaPath);
         when(env.configFile()).thenReturn(tempDir);
         final MockSecureSettings secureSettings = new MockSecureSettings();
         secureSettings.setString("keystore.secure_password", "password");
         final Settings settings = Settings.builder()
-            .put("keystore.path", "httpCa.p12")
+            .put("keystore.path", httpCaPath)
             .setSecureSettings(secureSettings)
             .build();
         when(env.settings()).thenReturn(settings);
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/enrollment/CreateEnrollmentTokenTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/enrollment/CreateEnrollmentTokenTests.java
@@ -25,6 +25,7 @@
 import org.elasticsearch.xpack.security.tool.HttpResponse;
 import org.hamcrest.Matchers;
 import org.junit.Before;
+import org.junit.BeforeClass;
 
 import java.io.IOException;
 import java.net.HttpURLConnection;
@@ -50,6 +51,11 @@
 public class CreateEnrollmentTokenTests extends ESTestCase {
     private Environment environment;
 
+    @BeforeClass
+    public static void muteInFips(){
+        assumeFalse("Enrollment is not supported in FIPS 140-2 as we are using PKCS#12 keystores", inFipsJvm());
+    }
+
     @Before
     public void setupMocks() throws Exception {
         final Path tempDir = createTempDir();
