Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v24.2.x] [CORE-7851] Adjust cipher strings to include ECDSA ciphers #24209

Merged
merged 2 commits into from
Nov 20, 2024
Merged

[v24.2.x] [CORE-7851] Adjust cipher strings to include ECDSA ciphers #24209

merged 2 commits into from
Nov 20, 2024

Conversation

michael-redpanda
Copy link
Contributor

@michael-redpanda michael-redpanda commented Nov 20, 2024
edited
Loading

Backport of PR #24191

Fixes: CORE-8274
Fixes: #24207

@michael-redpanda
config/tls: Updated TLS cipher string to include ECDSA ciphers
3f4eaf8 
This was a miss when #19792 landed.  Only RSA based cipher strings were
included in the list.  This wasn't caught because our integration tests
only use RSA based certificates.  Also this may have taken some time for
customers to find as this bug didn't effect TLSv1.3.

Signed-off-by: Michael Boquard <michael@redpanda.com>
(cherry picked from commit f0c141b)
@michael-redpanda michael-redpanda added this to the v24.2.x-next milestone Nov 20, 2024
@michael-redpanda michael-redpanda added the kind/backport PRs targeting a stable branch label Nov 20, 2024
@michael-redpanda michael-redpanda self-assigned this Nov 20, 2024
@michael-redpanda michael-redpanda marked this pull request as ready for review November 20, 2024 16:56
@michael-redpanda
Copy link
Contributor Author

Conflict in tls.py because upstream has some PKCS#12 support and v24.2 does not

@vbotbuildovich
Copy link
Collaborator

vbotbuildovich commented Nov 20, 2024
edited
Loading

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58365#01934acd-42ab-499a-a545-f6dbfb5674b2:

"rptest.tests.audit_log_test.AuditLogTestInvalidConfigMTLS.test_invalid_config_mtls"
"rptest.tests.redpanda_oauth_test.RedpandaOIDCTlsTest.test_init"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=False.authn_method=mtls_identity.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=False.authn_method=sasl.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=None.authn_method=mtls_identity.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=None.authn_method=sasl.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=True.authn_method=mtls_identity.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=True.authn_method=sasl.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=False.authn_method=mtls_identity.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=False.authn_method=sasl.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=None.authn_method=mtls_identity.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=None.authn_method=sasl.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=True.authn_method=mtls_identity.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=True.authn_method=sasl.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_mtls_principal.rules=RULE.O=Redpanda.CN=.1.L.fail=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_mtls_principal.rules=RULE.O=Redpanda.CN=.redpanda.service.admin.admin.1.RULE.O=.CN=.1.fail=True"
"rptest.tests.crl_test.CertificateRevocationTest.test_kafka"
"rptest.tests.crl_test.CertificateRevocationTest.test_sr_client"
"rptest.tests.pandaproxy_test.PandaProxyMTLSTest.test_mtls"
"rptest.tests.rpk_registry_test.RpkRegistryTest.test_produce_consume_proto"
"rptest.tests.rpk_registry_test.RpkRegistryTest.test_registry_subject"
"rptest.tests.rpk_start_test.RpkRedpandaStartTest.test_rpc_tls_start"
"rptest.tests.tls_metrics_test.TLSMetricsTest.test_metrics"
"rptest.tests.tls_metrics_test.TLSMetricsTestExpiring.test_detect_expired_cert"

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58365#01934acd-42a6-4241-9e4f-c558dfb76151:

"rptest.tests.rpk_registry_test.RpkRegistryTest.test_registry_mode"
"rptest.tests.redpanda_oauth_test.RedpandaOIDCTlsTest.test_admin_revoke"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=False.authn_method=None.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=False.authn_method=none.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=None.authn_method=None.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=None.authn_method=none.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=True.authn_method=none.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=True.authn_method=None.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=False.authn_method=None.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=False.authn_method=none.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=None.authn_method=None.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=None.authn_method=none.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=True.authn_method=None.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=True.authn_method=none.client_auth=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_mtls_principal.rules=RULE.O=Redpanda.CN=.admin.redpanda.service.admin.1.RULE.O=Redpanda.CN=.1.L.fail=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_security_feature_migration.authn_method=sasl"
"rptest.tests.crl_test.CertificateRevocationTest.test_pp_api"
"rptest.tests.rpk_registry_test.RpkRegistryTest.test_produce_consume_avro"
"rptest.tests.rpk_start_test.RpkRedpandaStartTest.test_rpc_tls_enable"
"rptest.tests.schema_registry_test.SchemaRegistryMTLSTest.test_mtls"
"rptest.tests.tls_metrics_test.TLSMetricsTest.test_expiry_reload"
"rptest.tests.tls_metrics_test.TLSMetricsTest.test_services"

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58365#01934acd-42ae-4a1d-b228-007f90c97180:

"rptest.tests.rpk_registry_test.RpkRegistryTest.test_registry_compatibility_level"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=False.authn_method=mtls_identity.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=False.authn_method=sasl.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=None.authn_method=mtls_identity.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=None.authn_method=sasl.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=True.authn_method=mtls_identity.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=True.authn_method=sasl.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=False.authn_method=mtls_identity.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=False.authn_method=sasl.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=None.authn_method=mtls_identity.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=None.authn_method=sasl.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=True.authn_method=mtls_identity.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=True.authn_method=sasl.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_mtls_principal.rules=RULE.O=Redpanda.CN=.1.U.fail=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_security_feature_migration.authn_method=mtls_identity"
"rptest.tests.redpanda_oauth_test.RedpandaOIDCTlsTest.test_admin_invalidate_keys"
"rptest.tests.crl_test.CertificateRevocationTest.test_noncogent"
"rptest.tests.pandaproxy_test.PandaProxyMTLSTest.test_mtls_urllib"
"rptest.tests.schema_registry_test.SchemaRegistryMTLSAndBasicAuthTest.test_mtls_and_basic_auth"
"rptest.tests.tls_metrics_test.TLSMetricsTest.test_crc32c"
"rptest.tests.tls_metrics_test.TLSMetricsTest.test_public_metrics"

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58365#01934acd-42a9-4cbb-b54f-22795522537b:

"rptest.tests.audit_log_test.AuditLogTestKafkaTlsApi.test_mtls"
"rptest.tests.redpanda_oauth_test.RedpandaOIDCTlsTest.test_admin_whoami"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=False.authn_method=None.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=False.authn_method=none.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=None.authn_method=None.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=None.authn_method=none.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=True.authn_method=None.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=False.enable_authz=True.authn_method=none.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=False.authn_method=None.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=False.authn_method=none.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=None.authn_method=None.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=None.authn_method=none.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=True.authn_method=None.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_describe_acls.use_tls=True.use_sasl=True.enable_authz=True.authn_method=none.client_auth=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_mtls_principal.rules=DEFAULT.fail=True"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_mtls_principal.rules=RULE.O=Redpanda.CN=.cluster_describe.redpanda.service.admin.admin.1.fail=False"
"rptest.tests.acls_test.AccessControlListTestUpgrade.test_upgrade_sasl"
"rptest.tests.crl_test.CertificateRevocationTest.test_rpc"
"rptest.tests.pandaproxy_test.PandaProxyMTLSAndBasicAuthTest.test_mtls_and_basic_auth"
"rptest.tests.rpk_registry_test.RpkRegistryTest.test_produce_consume_json"
"rptest.tests.rpk_registry_test.RpkRegistryTest.test_registry_schema"
"rptest.tests.tls_metrics_test.TLSMetricsTest.test_labels"
"rptest.tests.tls_metrics_test.TLSMetricsTestChain.test_cert_chain_metrics"

@vbotbuildovich
Copy link
Collaborator

vbotbuildovich commented Nov 20, 2024
edited
Loading

Retry command for Build#58365

please wait until all jobs are finished before running the slash command

/ci-repeat 1
tests/rptest/tests/audit_log_test.py::AuditLogTestInvalidConfigMTLS.test_invalid_config_mtls
tests/rptest/tests/redpanda_oauth_test.py::RedpandaOIDCTlsTest.test_init
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":false,"enable_authz":false,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":false,"enable_authz":false,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":false,"enable_authz":null,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":false,"enable_authz":null,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":false,"enable_authz":true,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":false,"enable_authz":true,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":false,"enable_authz":false,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":false,"enable_authz":false,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":false,"enable_authz":null,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":false,"enable_authz":null,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":false,"enable_authz":true,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":false,"enable_authz":true,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_mtls_principal@{"fail":false,"rules":"RULE:^O=Redpanda,CN=(.*?)$/$1/L"}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_mtls_principal@{"fail":true,"rules":"RULE:^O=Redpanda,CN=(redpanda.service.admin|admin)$/$1/, RULE:^O=([^,]+),CN=(.*?)$/$1/"}
tests/rptest/tests/crl_test.py::CertificateRevocationTest.test_kafka
tests/rptest/tests/crl_test.py::CertificateRevocationTest.test_sr_client
tests/rptest/tests/pandaproxy_test.py::PandaProxyMTLSTest.test_mtls
tests/rptest/tests/rpk_registry_test.py::RpkRegistryTest.test_produce_consume_proto
tests/rptest/tests/rpk_registry_test.py::RpkRegistryTest.test_registry_subject
tests/rptest/tests/rpk_start_test.py::RpkRedpandaStartTest.test_rpc_tls_start
tests/rptest/tests/tls_metrics_test.py::TLSMetricsTest.test_metrics
tests/rptest/tests/tls_metrics_test.py::TLSMetricsTestExpiring.test_detect_expired_cert
tests/rptest/tests/rpk_registry_test.py::RpkRegistryTest.test_registry_mode
tests/rptest/tests/redpanda_oauth_test.py::RedpandaOIDCTlsTest.test_admin_revoke
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":false,"enable_authz":false,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":false,"enable_authz":false,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":false,"enable_authz":null,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":false,"enable_authz":null,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":false,"enable_authz":true,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":false,"enable_authz":true,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":false,"enable_authz":false,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":false,"enable_authz":false,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":false,"enable_authz":null,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":false,"enable_authz":null,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":false,"enable_authz":true,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":false,"enable_authz":true,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_mtls_principal@{"fail":true,"rules":"RULE:^O=Redpanda,CN=(admin|redpanda.service.admin)$/$1/, RULE:^O=Redpanda,CN=()$/$1/L"}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_security_feature_migration@{"authn_method":"sasl"}
tests/rptest/tests/crl_test.py::CertificateRevocationTest.test_pp_api
tests/rptest/tests/rpk_registry_test.py::RpkRegistryTest.test_produce_consume_avro
tests/rptest/tests/rpk_start_test.py::RpkRedpandaStartTest.test_rpc_tls_enable
tests/rptest/tests/schema_registry_test.py::SchemaRegistryMTLSTest.test_mtls
tests/rptest/tests/tls_metrics_test.py::TLSMetricsTest.test_expiry_reload
tests/rptest/tests/tls_metrics_test.py::TLSMetricsTest.test_services
tests/rptest/tests/rpk_registry_test.py::RpkRegistryTest.test_registry_compatibility_level
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":true,"enable_authz":false,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":true,"enable_authz":false,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":true,"enable_authz":null,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":true,"enable_authz":null,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":true,"enable_authz":true,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":true,"enable_authz":true,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":true,"enable_authz":false,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":true,"enable_authz":false,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":true,"enable_authz":null,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":true,"enable_authz":null,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"mtls_identity","client_auth":true,"enable_authz":true,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"sasl","client_auth":true,"enable_authz":true,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_mtls_principal@{"fail":true,"rules":"RULE:^O=Redpanda,CN=(.*?)$/$1/U"}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_security_feature_migration@{"authn_method":"mtls_identity"}
tests/rptest/tests/redpanda_oauth_test.py::RedpandaOIDCTlsTest.test_admin_invalidate_keys
tests/rptest/tests/crl_test.py::CertificateRevocationTest.test_noncogent
tests/rptest/tests/pandaproxy_test.py::PandaProxyMTLSTest.test_mtls_urllib
tests/rptest/tests/schema_registry_test.py::SchemaRegistryMTLSAndBasicAuthTest.test_mtls_and_basic_auth
tests/rptest/tests/tls_metrics_test.py::TLSMetricsTest.test_crc32c
tests/rptest/tests/tls_metrics_test.py::TLSMetricsTest.test_public_metrics
tests/rptest/tests/audit_log_test.py::AuditLogTestKafkaTlsApi.test_mtls
tests/rptest/tests/redpanda_oauth_test.py::RedpandaOIDCTlsTest.test_admin_whoami
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":true,"enable_authz":false,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":true,"enable_authz":false,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":true,"enable_authz":null,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":true,"enable_authz":null,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":true,"enable_authz":true,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":true,"enable_authz":true,"use_sasl":false,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":true,"enable_authz":false,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":true,"enable_authz":false,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":true,"enable_authz":null,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":true,"enable_authz":null,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":null,"client_auth":true,"enable_authz":true,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_describe_acls@{"authn_method":"none","client_auth":true,"enable_authz":true,"use_sasl":true,"use_tls":true}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_mtls_principal@{"fail":true,"rules":"DEFAULT"}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_mtls_principal@{"fail":false,"rules":"RULE:^O=Redpanda,CN=(cluster_describe|redpanda.service.admin|admin)$/$1/"}
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_upgrade_sasl
tests/rptest/tests/crl_test.py::CertificateRevocationTest.test_rpc
tests/rptest/tests/pandaproxy_test.py::PandaProxyMTLSAndBasicAuthTest.test_mtls_and_basic_auth
tests/rptest/tests/rpk_registry_test.py::RpkRegistryTest.test_produce_consume_json
tests/rptest/tests/rpk_registry_test.py::RpkRegistryTest.test_registry_schema
tests/rptest/tests/tls_metrics_test.py::TLSMetricsTest.test_labels
tests/rptest/tests/tls_metrics_test.py::TLSMetricsTestChain.test_cert_chain_metrics

@michael-redpanda
dt: Allow selecting key type for certificates in DT tests
0967f6a 
This change permits users of the TLSCertManager to select which type of
key to use in certificates.  If one isn't selected, a random one is
chosen, in the hope this increases our test coverage over time.

Additionally, the tls_version_test has been updated to test both ECDSA
and RSA based certificates.

Signed-off-by: Michael Boquard <michael@redpanda.com>
(cherry picked from commit 1760e8d)
@michael-redpanda michael-redpanda force-pushed the manual-backport-24191-v24.2.x-406 branch from 57f8e28 to 0967f6a Compare November 20, 2024 20:11
@michael-redpanda
Copy link
Contributor Author

Force push 0967f6a:

  • Added missing import for random

@vbotbuildovich
Copy link
Collaborator

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/58392#01934b77-7754-48e7-8054-65796aba191c

@michael-redpanda michael-redpanda merged commit 27cae87 into v24.2.x Nov 20, 2024
17 checks passed
@michael-redpanda michael-redpanda deleted the manual-backport-24191-v24.2.x-406 branch November 20, 2024 23:12
@piyushredpanda piyushredpanda modified the milestones: v24.2.x-next, v24.2.12 Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BenPope BenPope BenPope approved these changes

@oleiman oleiman Awaiting requested review from oleiman

@pgellert pgellert Awaiting requested review from pgellert

Assignees

@michael-redpanda michael-redpanda

Labels
area/redpanda kind/backport PRs targeting a stable branch
Projects
None yet
Milestone
v24.2.12
Development

Successfully merging this pull request may close these issues.
5 participants
@michael-redpanda @vbotbuildovich @BenPope @pgellert @piyushredpanda