Skip to content

Netty4ClientYamlTestSuiteIT.test {yaml=/10_basic/Netty loaded}" fails in fips mode #66818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jkakavas opened this issue Dec 25, 2020 · 1 comment · Fixed by #66842
Closed

Netty4ClientYamlTestSuiteIT.test {yaml=/10_basic/Netty loaded}" fails in fips mode #66818

jkakavas opened this issue Dec 25, 2020 · 1 comment · Fixed by #66842
Assignees
@tvernum
Labels
:Security/FIPS Running ES in FIPS 140-2 mode Team:Security Meta label for security team >test-failure Triaged test failures from CI

Comments

@jkakavas
Copy link
Member

Build scan:
https://gradle-enterprise.elastic.co/s/earxcnp2emm4i
Repro line:
./gradlew ':modules:transport-netty4:yamlRestTest' --tests "org.elasticsearch.http.netty4.Netty4ClientYamlTestSuiteIT.test {yaml=/10_basic/Netty loaded}" -Dtests.seed=67CB54BD26A6D093 -Dtests.security.manager=true -Dtests.locale=el -Dtests.timezone=Chile/Continental -Druntime.java=15 -Dtests.fips.enabled=true |  

Reproduces locally?: yes

Applicable branches:
Master
Failure history:

Failure excerpt:


org.elasticsearch.http.netty4.Netty4ClientYamlTestSuiteIT > test {yaml=/10_basic/Netty loaded} FAILED |  
-- | --
  | java.lang.AssertionError: Failure at [/10_basic:21]: field [nodes.network_types.transport_types.netty4] is null |  
  | at __randomizedtesting.SeedInfo.seed([67CB54BD26A6D093:EF9F6B67885ABD6B]:0)

I assume this fails because we force the default distribution and security is on on fips mode, so transport type is security4 . We dont have the logic to handle this with a conditional but maybe we can mute this yaml test case in fips with features: fips_140
@jkakavas jkakavas added >test-failure Triaged test failures from CI :Security/Security Security issues without another label labels Dec 25, 2020
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Dec 25, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@tvernum tvernum added :Security/FIPS Running ES in FIPS 140-2 mode and removed :Security/Security Security issues without another label labels Dec 29, 2020
@tvernum tvernum self-assigned this Dec 29, 2020
tvernum added a commit to tvernum/elasticsearch that referenced this issue Dec 29, 2020
@tvernum
Skip netty4 yaml test in FIPS mode
664a068 
The "Netty loaded" YAML test asserts that the configured transport is
"netty4", however when in FIPS mode, the tests enable security and the
configured transport is "security4".

This change skips the netty4 yaml test when running in FIPS mode.

Resolves: elastic#66818
@tvernum tvernum mentioned this issue Dec 29, 2020
Merged
tvernum added a commit that referenced this issue Dec 29, 2020
@tvernum
Skip netty4 yaml test in FIPS mode (#66842)
22bc833 
The "Netty loaded" YAML test asserts that the configured transport is
"netty4", however when in FIPS mode, the tests enable security and the
configured transport is "security4".

This change skips the netty4 yaml test when running in FIPS mode.

Resolves: #66818
tvernum added a commit to tvernum/elasticsearch that referenced this issue Dec 29, 2020
@tvernum
Skip netty4 yaml test in FIPS mode
b91bbda 
The "Netty loaded" YAML test asserts that the configured transport is
"netty4", however when in FIPS mode, the tests enable security and the
configured transport is "security4".

This change skips the netty4 yaml test when running in FIPS mode.

Resolves: elastic#66818
Backport of: elastic#66842
tvernum added a commit that referenced this issue Dec 29, 2020
@tvernum
Skip netty4 yaml test in FIPS mode (#66848)
08113b2 
The "Netty loaded" YAML test asserts that the configured transport is
"netty4", however when in FIPS mode, the tests enable security and the
configured transport is "security4".

This change skips the netty4 yaml test when running in FIPS mode.

Resolves: #66818
Backport of: #66842
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tvernum tvernum

Labels
:Security/FIPS Running ES in FIPS 140-2 mode Team:Security Meta label for security team >test-failure Triaged test failures from CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Skip netty4 yaml test in FIPS mode tvernum/elasticsearch
3 participants
@tvernum @jkakavas @elasticmachine