Add FIPS build tooling #17907
Add FIPS build tooling #17907
Conversation
|
❌ Gradle check result for 0bd8f13: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
beanuwave
force-pushed
the
fips_build_tooling
branch
from
0bd8f13 to
e128e8a
Compare
|
❌ Gradle check result for e128e8a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
beanuwave
force-pushed
the
fips_build_tooling
branch
2 times, most recently
from
cabd094 to
3aae4ce
Compare
|
❌ Gradle check result for 3aae4ce: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
beanuwave
force-pushed
the
fips_build_tooling
branch
from
3aae4ce to
abfb83a
Compare
|
❌ Gradle check result for abfb83a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
beanuwave
force-pushed
the
fips_build_tooling
branch
from
abfb83a to
11cf500
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #17907 +/- ##
============================================
- Coverage 72.74% 72.70% -0.04%
+ Complexity 67767 67722 -45
============================================
Files 5497 5499 +2
Lines 311815 311864 +49
Branches 45261 45271 +10
============================================
- Hits 226822 226733 -89
- Misses 66504 66618 +114
- Partials 18489 18513 +24 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
beanuwave
force-pushed
the
fips_build_tooling
branch
from
11cf500 to
81729ad
Compare
|
❌ Gradle check result for 81729ad: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
beanuwave
force-pushed
the
fips_build_tooling
branch
from
81729ad to
c3cd834
Compare
|
❌ Gradle check result for c3cd834: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
beanuwave
force-pushed
the
fips_build_tooling
branch
from
c3cd834 to
df45869
Compare
|
To include FIPS test coverage in the build, an additional test suite is required. Thankfully, @cwperks has already provided a skeleton for it - which we’ll extend and integrate shortly. |
buildSrc/src/main/java/org/opensearch/gradle/OpenSearchTestBasePlugin.java
Show resolved
Hide resolved
client/rest/src/test/java/org/opensearch/client/RestClientBuilderIntegTests.java
Outdated
Show resolved
Hide resolved
...ools/plugin-cli/src/test/java/org/opensearch/tools/cli/plugin/InstallPluginCommandTests.java
Outdated
Show resolved
Hide resolved
server/src/main/java/org/opensearch/bootstrap/SecurityProviderManager.java
Outdated
Show resolved
Hide resolved
|
Hi @beanuwave , |
Hi @prakashsatpathy you are absolutely right - the changes from this PR need to be merged into #14912 . Although it's stale and won't be reviewed anymore, we’re keeping it open as a backreference and to serve as a code diff for upcoming PRs. |
|
❌ Gradle check result for 634cc83: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
beanuwave
force-pushed
the
fips_build_tooling
branch
from
634cc83 to
1b16b34
Compare
@reta Sounds good! I've addressed two of your comments in the latest change — please take a look. |
beanuwave
force-pushed
the
fips_build_tooling
branch
from
1b16b34 to
3a74481
Compare
test/framework/src/main/java/org/opensearch/bootstrap/BootstrapForTesting.java
Outdated
Show resolved
Hide resolved
server/src/main/java/org/opensearch/bootstrap/SecurityProviderManager.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]> # Conflicts: # CHANGELOG.md # Conflicts: # CHANGELOG.md
…ls/cli/plugin/InstallPluginCommandTests.java Co-authored-by: Andriy Redko <[email protected]> Signed-off-by: Iwan Igonin <[email protected]>
…Manager.java Co-authored-by: Andriy Redko <[email protected]> Signed-off-by: Iwan Igonin <[email protected]>
…SSWORD when running docker tests. Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]>
Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]>
Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]>
Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]>
Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]>
Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]>
Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]>
Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]> # Conflicts: # server/src/main/java/org/opensearch/common/Randomness.java
beanuwave
force-pushed
the
fips_build_tooling
branch
from
3a74481 to
36da087
Compare
|
❌ Gradle check result for 36da087: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
beanuwave
force-pushed
the
fips_build_tooling
branch
from
36da087 to
9452133
Compare
|
❌ Gradle check result for 9452133: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
…er#removeNonCompliantFipsProviders Signed-off-by: Igonin <[email protected]> Co-authored-by: Benny Goerzig <[email protected]> Co-authored-by: Karsten Schnitter <[email protected]> Co-authored-by: Kai Sternad <[email protected]>
beanuwave
force-pushed
the
fips_build_tooling
branch
from
9452133 to
278f287
Compare
Description
Provides the additional build tooling to test & build OS in FIPS JVM with
-Pcrypto.standard=FIPS-140-3or the (deprecated)-Ptests.fips.enabled=trueparameter. Code changes required to run successfully in FIPS mode are not included in this commit, they will be addressed in separate upcoming PRs.Note:
The codecov report may appear inaccurate. Tests for the new
Randomnesslogic exist but are only executed when the build is run with the new FIPS parameters enabled.Related Issues
RFC
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.