[FIPS][libbeat] Use VM with FIPS provider to run libbeat fips tests by michel-laterman · Pull Request #45199 · elastic/beats

michel-laterman · 2025-07-04T15:30:48Z

Proposed commit message

Use VM with FIPS provider to run libbeat fips tests.

This is meant to unblock #45158

Disruptive User Impact

N/A

github-actions · 2025-07-04T15:30:58Z

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

elasticmachine · 2025-07-04T15:31:06Z

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

mergify · 2025-07-04T15:31:23Z

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @michel-laterman? 🙏.
For such, you'll need to label your PR with:

The upcoming major version of the Elastic Stack
The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit
backport-active-all is the label that automatically backports to all active branches.
backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

michel-laterman · 2025-07-10T19:13:03Z

Looks like there is an issue on the new VM when running python3

>> python test: Unit Testing
--
  | No version is set for command python3
  | Consider adding one of the following versions in your config file at
  | python 3.10.9
  | python 3.9.13

michel-laterman · 2025-07-14T13:59:17Z

python keystore tests are failing; i think this is expected as we don't currently support keystore for FIPS binaries; i'll make a change to the pipelines to only run the go unit tests on the VM that has a FIPS provider

michel-laterman · 2025-07-14T15:19:08Z

buildkite test this

michel-laterman · 2025-07-16T18:37:05Z

@v1v, can you please re-review?

Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com>

…45199) * Use VM with FIPS provider to run libbeat fips tests * Add GOEXPERIMENT=systemcrypto * use FIPS VM image for Beats * Update .buildkite/libbeat/pipeline.libbeat.yml * Apply suggestions from code review Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> * Only run requirefips unit tests on VM with provider * Remove env var * Add ASDF_PYTHON_VERSION * Change python version, use VM family * Revert change to VM image name * libbeat provisioner VM only runs Go unit tests * Switch to imagePrefix * Apply suggestions from code review Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> --------- Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> (cherry picked from commit ba3fc29)

…45199) (#45429) * Use VM with FIPS provider to run libbeat fips tests * Add GOEXPERIMENT=systemcrypto * use FIPS VM image for Beats * Update .buildkite/libbeat/pipeline.libbeat.yml * Apply suggestions from code review * Only run requirefips unit tests on VM with provider * Remove env var * Add ASDF_PYTHON_VERSION * Change python version, use VM family * Revert change to VM image name * libbeat provisioner VM only runs Go unit tests * Switch to imagePrefix * Apply suggestions from code review --------- (cherry picked from commit ba3fc29) Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com> Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com>

…45199) (#45434) * Use VM with FIPS provider to run libbeat fips tests * Add GOEXPERIMENT=systemcrypto * use FIPS VM image for Beats * Update .buildkite/libbeat/pipeline.libbeat.yml * Apply suggestions from code review * Only run requirefips unit tests on VM with provider * Remove env var * Add ASDF_PYTHON_VERSION * Change python version, use VM family * Revert change to VM image name * libbeat provisioner VM only runs Go unit tests * Switch to imagePrefix * Apply suggestions from code review --------- (cherry picked from commit ba3fc29) Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com> Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com>

Use VM with FIPS provider to run libbeat fips tests

a818099

michel-laterman requested a review from ycombinator July 4, 2025 15:30

michel-laterman requested review from a team as code owners July 4, 2025 15:30

botelastic Bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 4, 2025

michel-laterman added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Jul 4, 2025

botelastic Bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jul 4, 2025

michel-laterman added needs_team Indicates that the issue/PR needs a Team:* label backport-8.19 Automated backport to the 8.19 branch labels Jul 4, 2025

botelastic Bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jul 4, 2025

mergify Bot assigned michel-laterman Jul 4, 2025

michel-laterman added the technical debt label Jul 4, 2025

Add GOEXPERIMENT=systemcrypto

9efb392

michel-laterman commented Jul 4, 2025

View reviewed changes

Comment thread .buildkite/libbeat/pipeline.libbeat.yml Outdated

ycombinator mentioned this pull request Jul 7, 2025

[FIPS] Test that libbeat ES client will not connect to ES with invalid TLS certificate #45158

Merged

6 tasks

v1v reviewed Jul 10, 2025

View reviewed changes

Comment thread .buildkite/libbeat/pipeline.libbeat.yml Outdated

use FIPS VM image for Beats

9a5e35c

v1v mentioned this pull request Jul 10, 2025

fix: asdf issues with updatecli in the tool-versions #45286

Merged

6 tasks

v1v reviewed Jul 10, 2025

View reviewed changes

Comment thread .buildkite/libbeat/pipeline.libbeat.yml Outdated

v1v added 2 commits July 10, 2025 14:51

Update .buildkite/libbeat/pipeline.libbeat.yml

069c32e

Merge branch 'main' into use-fips-provider

75d91c1

v1v reviewed Jul 10, 2025

View reviewed changes

Comment thread .buildkite/libbeat/pipeline.libbeat.yml Outdated

Comment thread .buildkite/libbeat/pipeline.libbeat.yml Outdated

Remove env var

a9d156b

Add ASDF_PYTHON_VERSION

92ced20

v1v reviewed Jul 10, 2025

View reviewed changes

Comment thread .buildkite/libbeat/pipeline.libbeat.yml Outdated

michel-laterman added 2 commits July 11, 2025 09:39

Change python version, use VM family

22a527e

Revert change to VM image name

ec45eb0

michel-laterman added 2 commits July 14, 2025 08:40

libbeat provisioner VM only runs Go unit tests

ebeddfc

Merge branch 'main' into use-fips-provider

6a2bf21

michel-laterman requested a review from v1v July 14, 2025 15:19

michel-laterman and others added 2 commits July 15, 2025 09:35

Merge branch 'main' into use-fips-provider

44022f5

Switch to imagePrefix

39d14bf

v1v reviewed Jul 16, 2025

View reviewed changes

Comment thread .buildkite/libbeat/pipeline.libbeat.yml Outdated

Comment thread .buildkite/libbeat/pipeline.libbeat.yml Outdated

Apply suggestions from code review

5b607de

Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com>

michel-laterman requested a review from v1v July 16, 2025 23:25

Merge branch 'main' into use-fips-provider

3de8f71

v1v approved these changes Jul 17, 2025

View reviewed changes

michel-laterman merged commit ba3fc29 into elastic:main Jul 17, 2025
21 checks passed

mergify Bot mentioned this pull request Jul 17, 2025

[8.19](backport #45199) [FIPS][libbeat] Use VM with FIPS provider to run libbeat fips tests #45429

Merged

michel-laterman added the backport-9.1 Automated backport to the 9.1 branch label Jul 17, 2025

mergify Bot mentioned this pull request Jul 17, 2025

[9.1](backport #45199) [FIPS][libbeat] Use VM with FIPS provider to run libbeat fips tests #45434

Merged

This was referenced Jul 28, 2025

[8.19](backport #45158) [FIPS] Test that libbeat ES client will not connect to ES with invalid TLS certificate #45595

Merged

[9.1](backport #45158) [FIPS] Test that libbeat ES client will not connect to ES with invalid TLS certificate #45596

Merged

github-actions Bot mentioned this pull request Apr 22, 2026

FIPS Integration Tests not compatible with current Git SSH keys #50269

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FIPS][libbeat] Use VM with FIPS provider to run libbeat fips tests#45199

[FIPS][libbeat] Use VM with FIPS provider to run libbeat fips tests#45199
michel-laterman merged 17 commits into
elastic:mainfrom
michel-laterman:use-fips-provider

michel-laterman commented Jul 4, 2025

Uh oh!

github-actions Bot commented Jul 4, 2025

Uh oh!

elasticmachine commented Jul 4, 2025

Uh oh!

mergify Bot commented Jul 4, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

michel-laterman commented Jul 10, 2025

Uh oh!

Uh oh!

michel-laterman commented Jul 14, 2025

Uh oh!

michel-laterman commented Jul 14, 2025

Uh oh!

michel-laterman commented Jul 16, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

michel-laterman commented Jul 4, 2025

Proposed commit message

Disruptive User Impact

Uh oh!

github-actions Bot commented Jul 4, 2025

🤖 GitHub comments

Uh oh!

elasticmachine commented Jul 4, 2025

Uh oh!

mergify Bot commented Jul 4, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

michel-laterman commented Jul 10, 2025

Uh oh!

Uh oh!

michel-laterman commented Jul 14, 2025

Uh oh!

michel-laterman commented Jul 14, 2025

Uh oh!

michel-laterman commented Jul 16, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants