Skip to content

Suppress Wildfly test in FIPS JVMs #32543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 3, 2018
Merged

Suppress Wildfly test in FIPS JVMs #32543

merged 4 commits into from
Aug 3, 2018

Conversation

@DaveCTurner
Copy link
Contributor

@DaveCTurner DaveCTurner commented Aug 1, 2018

Until #32534 is fixed, this suppresses this failing test on FIPS JVMs, but
allows the suite to pass and includes a dummy @AwaitsFix test too.

@DaveCTurner
Suppress Wildfly test in FIPS JVMs
56f2340 
Until elastic#32534 is fixed, this suppresses this failing test on FIPS JVMs, but
allows the suite to pass and includes a dummy @AwaitsFix test too.
@DaveCTurner DaveCTurner added >test Issues or PRs that are addressing/adding tests v7.0.0 :Security/Security Security issues without another label v6.5.0 v6.3.3 v6.4.1 labels Aug 1, 2018
@jkakavas
Copy link
Contributor

jkakavas commented Aug 3, 2018
edited
Loading

I'm thinking we could extend the check in

elasticsearch/qa/wildfly/build.gradle

Line 181 in 937dcfd

if (!Os.isFamily(Os.FAMILY_WINDOWS)) {

to

if (!Os.isFamily(Os.FAMILY_WINDOWS) && !inFipsJvm) {

so that we skip the integTest in FIPS JVMs.

I also proposed we do this anyway and close #32534, as running our transport client in an application on Wildfly in a FIPS 140 JVM is not something that we cover right now in our FIPS effort

@jkakavas jkakavas requested review from jasontedor and jkakavas August 3, 2018 11:39
@DaveCTurner
Copy link
Contributor Author

DaveCTurner commented Aug 3, 2018

@jkakavas I've done as you suggested (and in the other place that checks for Windows in that file) and it passes ./gradlew precommit at least. I do not know how to test that this fixes the issue - I don't have a FIPS JVM installed locally. Could you take a look?

jkakavas
jkakavas approved these changes Aug 3, 2018
View reviewed changes
Copy link
Contributor

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks David

@jkakavas
Copy link
Contributor

jkakavas commented Aug 3, 2018
edited
Loading

Could you take a look?

Will do !

I do not know how to test that this fixes the issue - I don't have a FIPS JVM installed locally

I have added instructions on how to troubleshoot test failures in a fips JVM if it ever becomes necessary in the future.

@jkakavas
Copy link
Contributor

jkakavas commented Aug 3, 2018
edited
Loading

I can verify this mutes integTestRunner. But this is a little trickier.
integTestRunner task doesn't fail for me locally.
On CI, it fails on

try (CloseableHttpClient client = HttpClientBuilder.create().build()) {

We don't pass an sslcontext and the defult behavior for HttpClientBuilder is to use the JVMs default keystore and truststore. We however change the JVM keystore to be a BCFKS one for java8fips and we run in the FIPS JVM ( or does Wildfly run in the Gradle's JVM ? ) so it should be able to read it just fine and not fail with

 2> java.io.IOException: Invalid keystore format

I would still like to mute this by merging the PR so that we can continue running the rest of the tests in a FIPS. WDYT @jasontedor ?

@DaveCTurner DaveCTurner merged commit e3cc337 into elastic:master Aug 3, 2018
@DaveCTurner DaveCTurner deleted the 2018-08-01-suppress-wildfly-test-in-fips-jvm branch August 3, 2018 16:57
@DaveCTurner
Copy link
Contributor Author

DaveCTurner commented Aug 3, 2018

I think it's right to merge this to mute the failing tests, and have done so, but I will leave #32534 open to track any work towards bringing these tests back into the fold again.

DaveCTurner added a commit that referenced this pull request Aug 3, 2018
@DaveCTurner
Suppress Wildfly test in FIPS JVMs (#32543)
abb2baf 
WildflyIT fails on FIPS-enabled JVMs. This change mutes this test suite on such
JVMs. Relates #32534.
DaveCTurner added a commit that referenced this pull request Aug 3, 2018
@DaveCTurner
Suppress Wildfly test in FIPS JVMs (#32543)
25a0873 
WildflyIT fails on FIPS-enabled JVMs. This change mutes this test suite on such
JVMs. Relates #32534.
DaveCTurner added a commit that referenced this pull request Aug 3, 2018
@DaveCTurner
Suppress Wildfly test in FIPS JVMs (#32543)
90ffcd3 
WildflyIT fails on FIPS-enabled JVMs. This change mutes this test suite on such
JVMs. Relates #32534.
@DaveCTurner DaveCTurner mentioned this pull request Aug 3, 2018
Closed
DaveCTurner added a commit that referenced this pull request Aug 3, 2018
@DaveCTurner
Revert "Suppress Wildfly test in FIPS JVMs (#32543)"
e189796 
The required gradle property does not exist in this branch.

This reverts commit 90ffcd3.
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Aug 6, 2018
@jasontedor
Merge remote-tracking branch 'elastic/master' into improve-content-ty…
46efbd7 
…pe-detection-with-leading-whitespace

* elastic/master: (34 commits)
  Cross-cluster search: preserve cluster alias in shard failures (elastic#32608)
  Handle AlreadyClosedException when bumping primary term
  [TEST] Allow to run in FIPS JVM (elastic#32607)
  [Test] Add ckb to the list of unsupported languages (elastic#32611)
  SCRIPTING: Move Aggregation Scripts to their own context (elastic#32068)
  Painless: Use LocalMethod Map For Lookup at Runtime (elastic#32599)
  [TEST] Enhance failure message when bulk updates have failures
  [ML] Add ML result classes to protocol library (elastic#32587)
  Suppress LicensingDocumentationIT.testPutLicense in release builds (elastic#32613)
  [Rollup] Update wire version check after backport
  Suppress Wildfly test in FIPS JVMs (elastic#32543)
  [Rollup] Improve ID scheme for rollup documents (elastic#32558)
  ingest: doc: move Dot Expander Processor doc to correct position (elastic#31743)
  [ML] Add some ML config classes to protocol library (elastic#32502)
  [TEST]Split transport verification mode none tests (elastic#32488)
  Core: Move helper date formatters over to java time (elastic#32504)
  [Rollup] Remove builders from DateHistogramGroupConfig (elastic#32555)
  [TEST} unmutes SearchAsyncActionTests and adds debugging info
  [ML] Add Detector config classes to protocol library (elastic#32495)
  [Rollup] Remove builders from MetricConfig (elastic#32536)
  ...
dnhatn added a commit that referenced this pull request Aug 6, 2018
@dnhatn
Merge branch '6.x' into ccr-6.x
e4a919f 
* 6.x:
  [Kerberos] Use canonical host name (#32588)
  Cross-cluster search: preserve cluster alias in shard failures (#32608)
  [TEST] Allow to run in FIPS JVM (#32607)
  Handle AlreadyClosedException when bumping primary term
  [Test] Add ckb to the list of unsupported languages (#32611)
  SCRIPTING: Move Aggregation Scripts to their own context (#32068) (#32629)
  [TEST] Enhance failure message when bulk updates have failures
  [ML] Add ML result classes to protocol library (#32587)
  Suppress LicensingDocumentationIT.testPutLicense in release builds (#32613)
  [Rollup] Improve ID scheme for rollup documents (#32558)
  Mutes failing SQL string function tests due to #32589
  Suppress Wildfly test in FIPS JVMs (#32543)
  Add cluster UUID to Cluster Stats API response (#32206)
  [ML] Add some ML config classes to protocol library (#32502)
  [TEST]Split transport verification mode none tests (#32488)
  [Rollup] Remove builders from DateHistogramGroupConfig (#32555)
  [ML] Add Detector config classes to protocol library (#32495)
  [Rollup] Remove builders from MetricConfig (#32536)
  Fix race between replica reset and primary promotion (#32442)
  HLRC: Move commercial clients from XPackClient (#32596)
  Security: move User to protocol project (#32367)
  Minor fix for javadoc (applicable for java 11). (#32573)
  Painless: Move Some Lookup Logic to PainlessLookup (#32565)
  Core: Minor size reduction for AbstractComponent (#32509)
  INGEST: Enable default pipelines (#32286) (#32591)
  TEST: Avoid merges in testSeqNoAndCheckpoints
  [Rollup] Remove builders from HistoGroupConfig (#32533)
  fixed elements in array of produced terms (#32519)
  Mutes ReindexFailureTests.searchFailure dues to #28053
  Mutes LicensingDocumentationIT due to #32580
  Remove the SATA controller from OpenSUSE box
  [ML] Rename JobProvider to JobResultsProvider (#32551)
dnhatn added a commit that referenced this pull request Aug 6, 2018
@dnhatn
Merge branch 'master' into ccr
5881322 
* master:
  Cross-cluster search: preserve cluster alias in shard failures (#32608)
  Handle AlreadyClosedException when bumping primary term
  [TEST] Allow to run in FIPS JVM (#32607)
  [Test] Add ckb to the list of unsupported languages (#32611)
  SCRIPTING: Move Aggregation Scripts to their own context (#32068)
  Painless: Use LocalMethod Map For Lookup at Runtime (#32599)
  [TEST] Enhance failure message when bulk updates have failures
  [ML] Add ML result classes to protocol library (#32587)
  Suppress LicensingDocumentationIT.testPutLicense in release builds (#32613)
  [Rollup] Update wire version check after backport
  Suppress Wildfly test in FIPS JVMs (#32543)
  [Rollup] Improve ID scheme for rollup documents (#32558)
  ingest: doc: move Dot Expander Processor doc to correct position (#31743)
  [ML] Add some ML config classes to protocol library (#32502)
  [TEST]Split transport verification mode none tests (#32488)
  Core: Move helper date formatters over to java time (#32504)
  [Rollup] Remove builders from DateHistogramGroupConfig (#32555)
  [TEST} unmutes SearchAsyncActionTests and adds debugging info
  [ML] Add Detector config classes to protocol library (#32495)
  [Rollup] Remove builders from MetricConfig (#32536)
  Tests: Add rolling upgrade tests for watcher (#32428)
  Fix race between replica reset and primary promotion (#32442)
@jkakavas jkakavas mentioned this pull request Aug 13, 2018
Merged
jkakavas added a commit that referenced this pull request Aug 13, 2018
@jkakavas
Unmute WildFly tests in FIPS JVM (#32814)
106a4a6 
WildflyIT test fails in a FIPS JVM due to the amount of output in stderr. The excessive stderr output is due to https://bugs.openjdk.java.net/browse/JDK-8202893 and is not an indication of a failure that should be tracked.
This commit adjusts the limit to something more lenient that would allow the test to succeed.
Reverts #32543
jkakavas added a commit that referenced this pull request Aug 13, 2018
@jkakavas
Unmute WildFly tests in FIPS JVM (#32814)
52e6fdf 
WildflyIT test fails in a FIPS JVM due to the amount of output in stderr. The excessive stderr output is due to https://bugs.openjdk.java.net/browse/JDK-8202893 and is not an indication of a failure that should be tracked.
This commit adjusts the limit to something more lenient that would allow the test to succeed.
Reverts #32543
jkakavas added a commit that referenced this pull request Aug 13, 2018
@jkakavas
Unmute WildFly tests in FIPS JVM (#32814)
c07a461 
WildflyIT test fails in a FIPS JVM due to the amount of output in stderr. The excessive stderr output is due to https://bugs.openjdk.java.net/browse/JDK-8202893 and is not an indication of a failure that should be tracked.
This commit adjusts the limit to something more lenient that would allow the test to succeed.
Reverts #32543
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkakavas jkakavas jkakavas approved these changes

@jasontedor jasontedor Awaiting requested review from jasontedor

Assignees

No one assigned

Labels

:Security/Security Security issues without another label >test Issues or PRs that are addressing/adding tests v6.3.3 v6.4.1 v6.5.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DaveCTurner @jkakavas @colings86