[fips] do not expliclity set the default distro #91101
Conversation
| @@ -114,7 +114,8 @@ public class ElasticsearchNode implements TestClusterConfiguration { | |||
| "path.repo", | |||
| "discovery.seed_providers", | |||
| "cluster.deprecation_indexing.enabled", | |||
| "cluster.initial_master_nodes" | |||
| "cluster.initial_master_nodes", | |||
| "xpack.security.enabled" | |||
There was a problem hiding this comment.
This has the effect that allows you to enable security via the integ_test distribution (in x-pack or core). I think that is a good thing especially if we want to start using the integ_test distro for all module/plugin REST tests.
There was a problem hiding this comment.
It seems that security is disabled by default for INTEG_TEST distribution.
I think that means most FIPS related stuff will not be excercised in tests with INTEG_TEST distribution even the fips.gradle file configures a bunch of settings, e.g. xpack.security.fips_mode.enabled. Theoretically, this is probably a reduced coverage for FIPS since we are currently forcing DEFAULT distribution for FIPS tests?
That said, there are still tons of tests that use the DEFAULT distribution so that coverage is not really an issue. And we can later look into whether it is necessary and how to enable security for INTEG_TEST.
There was a problem hiding this comment.
Theoretically, this is probably a reduced coverage for FIPS since we are currently forcing DEFAULT distribution for FIPS tests?
I don't think this will reduce coverage since security is also disabled for FIPS tests with the DEFAULT distribution. Individual tests can enable security. Before this change they could only enable security if they used the default distribution, but with this change they can override for any REST test.
|
Pinging @elastic/es-delivery (Team:Delivery) |
|
Pinging @elastic/es-security (Team:Security) |
| @@ -114,7 +114,8 @@ public class ElasticsearchNode implements TestClusterConfiguration { | |||
| "path.repo", | |||
| "discovery.seed_providers", | |||
| "cluster.deprecation_indexing.enabled", | |||
| "cluster.initial_master_nodes" | |||
| "cluster.initial_master_nodes", | |||
| "xpack.security.enabled" | |||
There was a problem hiding this comment.
It seems that security is disabled by default for INTEG_TEST distribution.
I think that means most FIPS related stuff will not be excercised in tests with INTEG_TEST distribution even the fips.gradle file configures a bunch of settings, e.g. xpack.security.fips_mode.enabled. Theoretically, this is probably a reduced coverage for FIPS since we are currently forcing DEFAULT distribution for FIPS tests?
That said, there are still tons of tests that use the DEFAULT distribution so that coverage is not really an issue. And we can later look into whether it is necessary and how to enable security for INTEG_TEST.
This commit no longer explicitly sets the default configuration for FIPS tests.
This allows each project's tests to run in FIPS mode with out deviation (other
than the FIPS mode).
A side product of this change is that any REST test
can now enable security if they so choose without needing to use the default
distribution. This allows for additional usage of the integ_test distribution
which can help with testing modularization.
This only possible now that the security plugin is always included
with the integ_test distribution via #77632
fixes: #70005
related: #77632
note - I ran a full test suite with FIPS hard coded as enabled to sucess. (It would be nice to have a GH label to do that as well - edit: neat that already exists ! added the label)
note - #71664 can be fixed with this change via https://github.com/elastic/elasticsearch/compare/main...jakelandis%3Afix_71664?body=&expand=1