Fix the REST FIPS tests (#61001)

Adds bouncycastle to classpath for tests and testclusters
elastic · Aug 13, 2020 · d7dc93b · d7dc93b
1 parent 5f222a3
commit d7dc93b
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 10 deletions.
diff --git a/buildSrc/src/main/java/org/elasticsearch/gradle/ElasticsearchTestBasePlugin.java b/buildSrc/src/main/java/org/elasticsearch/gradle/ElasticsearchTestBasePlugin.java
@@ -92,10 +92,6 @@ public void execute(Task t) {
                     test.systemProperty("java.locale.providers", "SPI,COMPAT");
                 }
             });
-            if (BuildParams.isInFipsJvm()) {
-                project.getDependencies().add("testRuntimeOnly", "org.bouncycastle:bc-fips:1.0.1");
-                project.getDependencies().add("testRuntimeOnly", "org.bouncycastle:bctls-fips:1.0.9");
-            }
             test.getJvmArgumentProviders().add(nonInputProperties);
             test.getExtensions().add("nonInputProperties", nonInputProperties);
 

diff --git a/gradle/fips.gradle b/gradle/fips.gradle
@@ -6,13 +6,15 @@ import org.elasticsearch.gradle.testclusters.ElasticsearchCluster
 // Common config when running with a FIPS-140 runtime JVM
 if (BuildParams.inFipsJvm) {
 
-
   allprojects {
     File fipsResourcesDir = new File(project.buildDir, 'fips-resources')
     File fipsSecurity = new File(fipsResourcesDir, 'fips_java.security')
     File fipsPolicy = new File(fipsResourcesDir, 'fips_java.policy')
     File fipsTrustStore = new File(fipsResourcesDir, 'cacerts.bcfks')
-    pluginManager.withPlugin('elasticsearch.java') {
+    def bcFips = dependencies.create('org.bouncycastle:bc-fips:1.0.1')
+    def bcTlsFips = dependencies.create('org.bouncycastle:bctls-fips:1.0.9')
+
+    pluginManager.withPlugin('java') {
       TaskProvider<ExportElasticsearchBuildResourcesTask> fipsResourcesTask = project.tasks.register('fipsResources', ExportElasticsearchBuildResourcesTask)
       fipsResourcesTask.configure {
         outputDir = fipsResourcesDir
@@ -21,14 +23,20 @@ if (BuildParams.inFipsJvm) {
         copy 'cacerts.bcfks'
       }
 
+      project.afterEvaluate {
+        def extraFipsJars = configurations.detachedConfiguration(bcFips, bcTlsFips)
+        // ensure that bouncycastle is on classpath for the all of test types, must happen in evaluateAfter since the rest tests explicitly
+        // set the class path to help maintain pure black box testing, and here we are adding to that classpath
+        tasks.withType(Test).configureEach { Test test ->
+          test.setClasspath(test.getClasspath().plus(extraFipsJars))
+        }
+      }
 
       pluginManager.withPlugin("elasticsearch.testclusters") {
         afterEvaluate {
           // This afterEvaluate hooks is required to avoid deprecated configuration resolution
           // This configuration can be removed once system modules are available
-          def extraFipsJars = configurations.detachedConfiguration(dependencies.create('org.bouncycastle:bc-fips:1.0.1'),
-                  dependencies.create('org.bouncycastle:bctls-fips:1.0.9'),
-          )
+          def extraFipsJars = configurations.detachedConfiguration(bcFips, bcTlsFips)
           testClusters.all {
             extraFipsJars.files.each {
               extraJarFile it

diff --git a/plugins/ingest-attachment/build.gradle b/plugins/ingest-attachment/build.gradle
@@ -104,6 +104,6 @@ if (BuildParams.inFipsJvm) {
   // rather than provide a long list of exclusions, disable the check on FIPS.
   jarHell.enabled = false
   test.enabled = false
-  integTest.enabled = false;
+  yamlRestTest.enabled = false;
   testingConventions.enabled = false;
 }