Skip to content

[Test] Increase length of test password for FIPS #86948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2022
Merged

[Test] Increase length of test password for FIPS #86948

merged 1 commit into from
May 20, 2022

Conversation

@ywangd
Copy link
Member

@ywangd ywangd commented May 20, 2022
edited
Loading

Password must be at least 114 bits in FIPS mode. This PR fixes the password length
in the new ServerCliTests so it passes in FIPS mode.

Relates: #85758

PS: The test failed on my PR CI.

@ywangd
[Test] Increase length of test password for FIPS
09da382 
Password must be at least 114 bits. This PR fixes the password length in
the new ServerCliTests so it passes in FIPS mode.
@ywangd ywangd added >test Issues or PRs that are addressing/adding tests :Core/Infra/Core Core issues without another label v8.3.0 labels May 20, 2022
@ywangd ywangd requested a review from tvernum May 20, 2022 00:34
@elasticmachine elasticmachine added the Team:Core/Infra Meta label for core/infra team label May 20, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra (Team:Core/Infra)

tvernum
tvernum approved these changes May 20, 2022
View reviewed changes
Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM,
But I'm surprised the line above works. Password-less keystores shouldn't work in FIPS either.

@ywangd
Copy link
Member Author

ywangd commented May 20, 2022
edited
Loading

LGTM, But I'm surprised the line above works. Password-less keystores shouldn't work in FIPS either.

The test has logic to bypass manipulating keystore if the password is null or empty. It works in the sense that it does not try to test anything about keystore when there is no password. The test is just to ensure the command prompt sequence. So I didn't bother to do anything extra.

@ywangd ywangd added auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) :Security/FIPS Running ES in FIPS 140-2 mode labels May 20, 2022
@elasticmachine elasticmachine added the Team:Security Meta label for security team label May 20, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@ywangd
Copy link
Member Author

ywangd commented May 20, 2022

@elasticmachine run elasticsearch-ci/part-1-fips

@elasticsearchmachine elasticsearchmachine merged commit 74305b5 into elastic:master May 20, 2022
@ywangd ywangd deleted the server-cli-tests-fips branch May 20, 2022 01:34
@n1v0lg n1v0lg mentioned this pull request May 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

Assignees

No one assigned

Labels

auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) :Core/Infra/Core Core issues without another label :Security/FIPS Running ES in FIPS 140-2 mode Team:Core/Infra Meta label for core/infra team Team:Security Meta label for security team >test Issues or PRs that are addressing/adding tests v8.3.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ywangd @elasticmachine @tvernum @elasticsearchmachine