Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pki test certs expired #97756

Closed
rjernst opened this issue Jul 18, 2023 · 4 comments · Fixed by #97766
Closed

Pki test certs expired #97756

rjernst opened this issue Jul 18, 2023 · 4 comments · Fixed by #97766
Assignees
@jakelandis
Labels
:Security/Security Security issues without another label Team:Security Meta label for security team >test-failure Triaged test failures from CI

Comments

@rjernst
Copy link
Member

rjernst commented Jul 18, 2023

CI Link

https://gradle-enterprise.elastic.co/s/jze725jpxi7ki/console-log?task=:x-pack:plugin:security:internalClusterTest

Repro line

./gradlew ':x-pack:plugin:security:internalClusterTest' --tests "org.elasticsearch.xpack.security.authc.pki.PkiAuthDelegationIntegTests.testDelegateThenAuthenticate" -Dtests.seed=F5EC1FEFFC2FC08B -Dtests.locale=en-GB -Dtests.timezone=SystemV/PST8PDT -Druntime.java=20

Does it reproduce?

Yes

Applicable branches

main

Failure history

No response

Failure excerpt

The pki integ test began failing today. Looking at the certs the test uses, they are all expired:

❯ openssl x509 -enddate -noout -in testClient.crt
notAfter=Jul 18 13:33:41 2023 GMT
❯ openssl x509 -enddate -noout -in testIntermediateCA.crt
notAfter=Jul 18 13:32:34 2023 GMT
❯ openssl x509 -enddate -noout -in testRootCA.crt
notAfter=Jul 18 13:32:20 2023 GMT
@rjernst rjernst added >test-failure Triaged test failures from CI :Security/Security Security issues without another label labels Jul 18, 2023
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Jul 18, 2023
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

rjernst added a commit to rjernst/elasticsearch that referenced this issue Jul 18, 2023
@rjernst
Muting pki tests until expired test certs are regenerated
007494d 
see elastic#97756
@rjernst rjernst mentioned this issue Jul 18, 2023
Merged
elasticsearchmachine pushed a commit that referenced this issue Jul 18, 2023
@rjernst
Muting pki tests until expired test certs are regenerated (#97757)
2ee4bd4 
see #97756
@mark-vieira mark-vieira mentioned this issue Jul 18, 2023
Closed
@mark-vieira
Copy link
Contributor

Not sure if this test is using the same certs but I hit a similar error on 7.17: https://gradle-enterprise.elastic.co/s/qgvxjj7ajxu6u/tests/:client:rest-high-level:asyncJavaRestTest/org.elasticsearch.client.documentation.SecurityDocumentationIT/testDelegatePkiAuthentication?top-execution=1

mark-vieira pushed a commit that referenced this issue Jul 18, 2023
@rjernst @mark-vieira
Muting pki tests until expired test certs are regenerated (#97757)
627ed6b 
see #97756
mark-vieira pushed a commit that referenced this issue Jul 18, 2023
@rjernst @mark-vieira
Muting pki tests until expired test certs are regenerated (#97757)
86564d3 
see #97756
@mark-vieira
Copy link
Contributor

FYI, I cherry-picked the test mute to 8.8 and 8.9 branches as well.

@jakelandis jakelandis self-assigned this Jul 18, 2023
@jakelandis jakelandis mentioned this issue Jul 18, 2023
Merged
@jakelandis
Copy link
Contributor

jakelandis commented Jul 18, 2023
edited
Loading

Not sure if this test is using the same certs but I hit a similar error on 7.17

It is likely the same root cause but failing on a test suite that no longer exists in 8.x. I will backport the fix to 7.x as well.

mark-vieira pushed a commit that referenced this issue Jul 18, 2023
@rjernst @mark-vieira
Muting pki tests until expired test certs are regenerated (#97757)
b526892 
see #97756
@kingherc kingherc mentioned this issue Jul 19, 2023
Closed
jakelandis added a commit that referenced this issue Jul 26, 2023
@jakelandis
Update certs for PKI tests and re-enable tests (#97766)
13e48d7 
The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: #97756
jakelandis added a commit to jakelandis/elasticsearch that referenced this issue Jul 26, 2023
@jakelandis
Update certs for PKI tests and re-enable tests (elastic#97766)
f789c27 
The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: elastic#97756
jakelandis added a commit to jakelandis/elasticsearch that referenced this issue Jul 26, 2023
@jakelandis
Update certs for PKI tests and re-enable tests (elastic#97766)
0f22b6c 
The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: elastic#97756
jakelandis added a commit that referenced this issue Jul 27, 2023
@jakelandis
[8.9] Update certs for PKI tests and re-enable tests (#97766) (#97989)
f95263e 
The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: #97756
elasticsearchmachine pushed a commit that referenced this issue Jul 27, 2023
@jakelandis
[7.17] Update certs for PKI tests and re-enable tests (#97766) (#97988)
2e2f3ad 
* Update certs for PKI tests and re-enable tests (#97766)

The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: #97756

* precommit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jakelandis jakelandis

Labels
:Security/Security Security issues without another label Team:Security Meta label for security team >test-failure Triaged test failures from CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update certs for PKI tests and re-enable tests jakelandis/elasticsearch
4 participants
@rjernst @jakelandis @mark-vieira @elasticsearchmachine