Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update certs for PKI tests and re-enable tests #97766

Merged
merged 5 commits into from
Jul 26, 2023
Merged

Update certs for PKI tests and re-enable tests #97766

merged 5 commits into from
Jul 26, 2023

Conversation

jakelandis
Copy link
Contributor

@jakelandis jakelandis commented Jul 18, 2023
edited
Loading

The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: #97756

@jakelandis jakelandis added >test Issues or PRs that are addressing/adding tests :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) auto-backport-and-merge v8.9.1 v8.8.3 labels Jul 18, 2023
@github-actions
Copy link
Contributor

Documentation preview:

@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine elasticsearchmachine added Team:Security Meta label for security team v8.10.0 labels Jul 18, 2023
@jakelandis jakelandis mentioned this pull request Jul 18, 2023
Closed
@jakelandis
Copy link
Contributor Author

@elasticsearchmachine run elasticsearch-ci/part-1-fips

(error was environmental: java.lang.OutOfMemoryError: Requested array size exceeds VM limit)

@jakelandis
Copy link
Contributor Author

hmm... failed twice with ./gradlew ':test:external-modules:test-die-with-dignity:javaRestTest' --tests "org.elasticsearch.qa.die_with_dignity.DieWithDignityIT.testDieWithDignity" -Dtests.fips.enabled=true and fails locally. Updated branch to ensure I don't have a stale base , but the changes over at #97734 are prime suspect as test was rewritten yesterday and fips mode was not enabled.

@jakelandis
Copy link
Contributor Author

The FIPs test issue will be fixed once #97776 is merged.

@rjernst rjernst added v7.17.13 and removed v7.17.12 labels Jul 21, 2023
albertzaharovits
albertzaharovits approved these changes Jul 26, 2023
View reviewed changes
Copy link
Contributor

@albertzaharovits albertzaharovits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
It won't surprise me if some JDK's TLS implementation won't validate certs expiring too far into the future. But if CI is good nothing to worry about.

@jakelandis jakelandis merged commit 13e48d7 into elastic:main Jul 26, 2023
@jakelandis jakelandis deleted the update_pki_certs branch July 26, 2023 18:20
@jakelandis jakelandis removed the v8.8.3 label Jul 26, 2023
This was referenced Jul 26, 2023
Merged
Merged
jakelandis added a commit to jakelandis/elasticsearch that referenced this pull request Jul 26, 2023
@jakelandis
Update certs for PKI tests and re-enable tests (elastic#97766)
f789c27 
The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: elastic#97756
jakelandis added a commit to jakelandis/elasticsearch that referenced this pull request Jul 26, 2023
@jakelandis
Update certs for PKI tests and re-enable tests (elastic#97766)
0f22b6c 
The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: elastic#97756
jakelandis added a commit that referenced this pull request Jul 27, 2023
@jakelandis
[8.9] Update certs for PKI tests and re-enable tests (#97766) (#97989)
f95263e 
The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: #97756
elasticsearchmachine pushed a commit that referenced this pull request Jul 27, 2023
@jakelandis
[7.17] Update certs for PKI tests and re-enable tests (#97766) (#97988)
2e2f3ad 
* Update certs for PKI tests and re-enable tests (#97766)

The certs for the PKI tests expired and the test was muted.
This commit follows the instructions in the read to update the certs and unmutes the test.
The certs will now expire 20 years from now.

fixes: #97756

* precommit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@n1v0lg n1v0lg n1v0lg approved these changes

@albertzaharovits albertzaharovits albertzaharovits approved these changes

Assignees
No one assigned
Labels
:Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team >test Issues or PRs that are addressing/adding tests v7.17.13 v8.9.1 v8.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pki test certs expired
5 participants
@jakelandis @elasticsearchmachine @albertzaharovits @n1v0lg @rjernst