From d7dc93bbc858e327732462b3eaf70b5d499b68b3 Mon Sep 17 00:00:00 2001 From: Jake Landis Date: Thu, 13 Aug 2020 18:08:53 -0500 Subject: [PATCH] Fix the REST FIPS tests (#61001) Adds bouncycastle to classpath for tests and testclusters --- .../gradle/ElasticsearchTestBasePlugin.java | 4 ---- gradle/fips.gradle | 18 +++++++++++++----- plugins/ingest-attachment/build.gradle | 2 +- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/buildSrc/src/main/java/org/elasticsearch/gradle/ElasticsearchTestBasePlugin.java b/buildSrc/src/main/java/org/elasticsearch/gradle/ElasticsearchTestBasePlugin.java index a1113ed4dc346..a999db98fa47c 100644 --- a/buildSrc/src/main/java/org/elasticsearch/gradle/ElasticsearchTestBasePlugin.java +++ b/buildSrc/src/main/java/org/elasticsearch/gradle/ElasticsearchTestBasePlugin.java @@ -92,10 +92,6 @@ public void execute(Task t) { test.systemProperty("java.locale.providers", "SPI,COMPAT"); } }); - if (BuildParams.isInFipsJvm()) { - project.getDependencies().add("testRuntimeOnly", "org.bouncycastle:bc-fips:1.0.1"); - project.getDependencies().add("testRuntimeOnly", "org.bouncycastle:bctls-fips:1.0.9"); - } test.getJvmArgumentProviders().add(nonInputProperties); test.getExtensions().add("nonInputProperties", nonInputProperties); diff --git a/gradle/fips.gradle b/gradle/fips.gradle index 586b4f53c2405..9f74ea64e104f 100644 --- a/gradle/fips.gradle +++ b/gradle/fips.gradle @@ -6,13 +6,15 @@ import org.elasticsearch.gradle.testclusters.ElasticsearchCluster // Common config when running with a FIPS-140 runtime JVM if (BuildParams.inFipsJvm) { - allprojects { File fipsResourcesDir = new File(project.buildDir, 'fips-resources') File fipsSecurity = new File(fipsResourcesDir, 'fips_java.security') File fipsPolicy = new File(fipsResourcesDir, 'fips_java.policy') File fipsTrustStore = new File(fipsResourcesDir, 'cacerts.bcfks') - pluginManager.withPlugin('elasticsearch.java') { + def bcFips = dependencies.create('org.bouncycastle:bc-fips:1.0.1') + def bcTlsFips = dependencies.create('org.bouncycastle:bctls-fips:1.0.9') + + pluginManager.withPlugin('java') { TaskProvider fipsResourcesTask = project.tasks.register('fipsResources', ExportElasticsearchBuildResourcesTask) fipsResourcesTask.configure { outputDir = fipsResourcesDir @@ -21,14 +23,20 @@ if (BuildParams.inFipsJvm) { copy 'cacerts.bcfks' } + project.afterEvaluate { + def extraFipsJars = configurations.detachedConfiguration(bcFips, bcTlsFips) + // ensure that bouncycastle is on classpath for the all of test types, must happen in evaluateAfter since the rest tests explicitly + // set the class path to help maintain pure black box testing, and here we are adding to that classpath + tasks.withType(Test).configureEach { Test test -> + test.setClasspath(test.getClasspath().plus(extraFipsJars)) + } + } pluginManager.withPlugin("elasticsearch.testclusters") { afterEvaluate { // This afterEvaluate hooks is required to avoid deprecated configuration resolution // This configuration can be removed once system modules are available - def extraFipsJars = configurations.detachedConfiguration(dependencies.create('org.bouncycastle:bc-fips:1.0.1'), - dependencies.create('org.bouncycastle:bctls-fips:1.0.9'), - ) + def extraFipsJars = configurations.detachedConfiguration(bcFips, bcTlsFips) testClusters.all { extraFipsJars.files.each { extraJarFile it diff --git a/plugins/ingest-attachment/build.gradle b/plugins/ingest-attachment/build.gradle index 2705100f71640..df22d03b03e90 100644 --- a/plugins/ingest-attachment/build.gradle +++ b/plugins/ingest-attachment/build.gradle @@ -104,6 +104,6 @@ if (BuildParams.inFipsJvm) { // rather than provide a long list of exclusions, disable the check on FIPS. jarHell.enabled = false test.enabled = false - integTest.enabled = false; + yamlRestTest.enabled = false; testingConventions.enabled = false; }