From 895c7f1af4193bba0ca0364f9fadfb5475749d67 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 17 Sep 2025 08:58:04 -0700 Subject: [PATCH 1/4] Have FIPS integration tests spin up deployments in Production CFT environment --- .buildkite/bk.integration-fips.pipeline.yml | 32 ++++++++++++--------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/.buildkite/bk.integration-fips.pipeline.yml b/.buildkite/bk.integration-fips.pipeline.yml index 1aa4352c96a..467f4c5a9f7 100644 --- a/.buildkite/bk.integration-fips.pipeline.yml +++ b/.buildkite/bk.integration-fips.pipeline.yml @@ -12,20 +12,24 @@ env: # This section is used to define the plugins that will be used in the pipeline. # See https://buildkite.com/docs/pipelines/integrations/plugins/using#using-yaml-anchors-with-plugins common: - - vault_ec_key_staging_frh_gov: &vault_ec_key_staging_frh_gov +# - vault_ec_key_staging_frh_gov: &vault_ec_key_staging_frh_gov +# elastic/vault-secrets#v0.1.0: +# path: "kv/ci-shared/platform-ingest/platform-ingest-ec-staging-gov" +# field: "apiKey" +# env_var: "EC_API_KEY" + - vault_ec_key_prod: &vault_ec_key_prod elastic/vault-secrets#v0.1.0: - path: "kv/ci-shared/platform-ingest/platform-ingest-ec-staging-gov" + path: "kv/ci-shared/platform-ingest/platform-ingest-ec-prod" field: "apiKey" env_var: "EC_API_KEY" - steps: - label: Start ESS stack for FIPS integration tests key: integration-fips-ess env: FIPS: "true" - EC_ENDPOINT: "https://api.staging.elastic-gov.com" - ESS_REGION: "us-gov-east-1" - TF_VAR_deployment_template_id: "aws-general-purpose" +# EC_ENDPOINT: "https://api.staging.elastic-gov.com" +# ESS_REGION: "us-gov-east-1" +# TF_VAR_deployment_template_id: "aws-general-purpose" TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" TF_VAR_docker_images_name_suffix: "-fips" command: | @@ -37,7 +41,7 @@ steps: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" useCustomGlobalHooks: true plugins: - - *vault_ec_key_staging_frh_gov + - *vault_ec_key_prod - group: "fips:Stateful:Ubuntu" key: integration-tests-ubuntu-fips @@ -65,7 +69,7 @@ steps: image: "${IMAGE_UBUNTU_X86_64_FIPS}" instanceType: "m5.2xlarge" plugins: - - *vault_ec_key_staging_frh_gov + - *vault_ec_key_prod matrix: setup: sudo: @@ -95,7 +99,7 @@ steps: image: "${IMAGE_UBUNTU_ARM64_FIPS}" instanceType: "m6g.2xlarge" plugins: - - *vault_ec_key_staging_frh_gov + - *vault_ec_key_prod matrix: setup: sudo: @@ -122,16 +126,16 @@ steps: image: "${IMAGE_UBUNTU_X86_64_FIPS}" instanceType: "m5.2xlarge" plugins: - - *vault_ec_key_staging_frh_gov + - *vault_ec_key_prod - label: ESS FIPS stack cleanup depends_on: - integration-tests-ubuntu-fips env: FIPS: "true" - EC_ENDPOINT: "https://api.staging.elastic-gov.com" - ESS_REGION: "us-gov-east-1" - TF_VAR_deployment_template_id: "aws-general-purpose" +# EC_ENDPOINT: "https://api.staging.elastic-gov.com" +# ESS_REGION: "us-gov-east-1" +# TF_VAR_deployment_template_id: "aws-general-purpose" TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" TF_VAR_docker_images_name_suffix: "-fips" allow_dependency_failure: true @@ -143,7 +147,7 @@ steps: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" useCustomGlobalHooks: true plugins: - - *vault_ec_key_staging_frh_gov + - *vault_ec_key_prod - label: Aggregate test reports depends_on: From 2c6b4add940f69367a11435b2c54627d01689013 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 17 Sep 2025 09:59:42 -0700 Subject: [PATCH 2/4] Add explanatory comment --- .buildkite/bk.integration-fips.pipeline.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.buildkite/bk.integration-fips.pipeline.yml b/.buildkite/bk.integration-fips.pipeline.yml index 467f4c5a9f7..a94b3b7a2c2 100644 --- a/.buildkite/bk.integration-fips.pipeline.yml +++ b/.buildkite/bk.integration-fips.pipeline.yml @@ -12,6 +12,10 @@ env: # This section is used to define the plugins that will be used in the pipeline. # See https://buildkite.com/docs/pipelines/integrations/plugins/using#using-yaml-anchors-with-plugins common: +# We are temporarily using the Production CFT environment API key instead of the +# Staging GovCloud one. This is being done until issues with creating deployments in +# Staging GovCloud are fixed. Once those are fixed, uncomment the `vault_ec_key_staging_frh_gov` +# section and delete the `vault_ec_key_prod` section below. # - vault_ec_key_staging_frh_gov: &vault_ec_key_staging_frh_gov # elastic/vault-secrets#v0.1.0: # path: "kv/ci-shared/platform-ingest/platform-ingest-ec-staging-gov" From ae0e89db9ac5c579c8a00e17be2c0783acf87526 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 17 Sep 2025 12:34:24 -0700 Subject: [PATCH 3/4] Run extended tests if FIPS integration tests pipeline changes --- .buildkite/pipeline.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 326e0c879c5..b7471b7f1a8 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -352,6 +352,7 @@ steps: - .buildkite/integration.pipeline.yml - .buildkite/bk.integration.pipeline.yml + - .buildkite/bk.integration-fips.pipeline.yml - .buildkite/pipeline.yml - .buildkite/scripts/ - .buildkite/hooks/ From 56f0fa41ec971f26fef6ea7d37008a5af7452699 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 17 Sep 2025 15:57:00 -0700 Subject: [PATCH 4/4] Revert "Run extended tests if FIPS integration tests pipeline changes" This reverts commit ae0e89db9ac5c579c8a00e17be2c0783acf87526. --- .buildkite/pipeline.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index b7471b7f1a8..326e0c879c5 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -352,7 +352,6 @@ steps: - .buildkite/integration.pipeline.yml - .buildkite/bk.integration.pipeline.yml - - .buildkite/bk.integration-fips.pipeline.yml - .buildkite/pipeline.yml - .buildkite/scripts/ - .buildkite/hooks/