Make fips work

n1v0lg · Jan 10, 2024 · e568a53 · e568a53
1 parent 52da6fd
commit e568a53
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 31 deletions.
diff --git a/...est/java/org/elasticsearch/xpack/remotecluster/AbstractRemoteClusterSecurityTestCase.java b/...est/java/org/elasticsearch/xpack/remotecluster/AbstractRemoteClusterSecurityTestCase.java
@@ -53,8 +53,10 @@ public abstract class AbstractRemoteClusterSecurityTestCase extends ESRestTestCa
     protected static final String REMOTE_TRANSFORM_USER = "remote_transform_user";
     protected static final String REMOTE_SEARCH_ROLE = "remote_search";
     protected static final String REMOTE_CLUSTER_ALIAS = "my_remote_cluster";
+    private static final String KEYSTORE_PASSWORD = "keystore-password";
 
     protected static LocalClusterConfigProvider commonClusterConfig = cluster -> cluster.module("analysis-common")
+        .keystorePassword(KEYSTORE_PASSWORD)
         .setting("xpack.license.self_generated.type", "trial")
         .setting("xpack.security.enabled", "true")
         .setting("xpack.security.authc.token.enabled", "true")
@@ -216,7 +218,9 @@ protected void removeRemoteClusterCredentials(String clusterAlias, MutableSettin
 
     @SuppressWarnings("unchecked")
     private void reloadSecureSettings() throws IOException {
-        final Response reloadResponse = adminClient().performRequest(new Request("POST", "/_nodes/reload_secure_settings"));
+        final Request request = new Request("POST", "/_nodes/reload_secure_settings");
+        request.setJsonEntity("{\"secure_settings_password\":\"" + KEYSTORE_PASSWORD + "\"}");
+        final Response reloadResponse = adminClient().performRequest(request);
         assertOK(reloadResponse);
         final Map<String, Object> map = entityAsMap(reloadResponse);
         assertThat(map.get("nodes"), instanceOf(Map.class));

diff --git a/...tTest/java/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityCcrMigrationIT.java b/...tTest/java/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityCcrMigrationIT.java
@@ -22,7 +22,6 @@
 import org.elasticsearch.test.cluster.ElasticsearchCluster;
 import org.elasticsearch.test.cluster.MutableSettingsProvider;
 import org.elasticsearch.test.rest.ObjectPath;
-import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.rules.RuleChain;
 import org.junit.rules.TestRule;
@@ -45,15 +44,6 @@
 @TestCaseOrdering(AnnotationTestOrdering.class)
 public class RemoteClusterSecurityCcrMigrationIT extends AbstractRemoteClusterSecurityTestCase {
 
-    @BeforeClass
-    public static void disableInFips() {
-        assumeFalse(
-            "Cannot run in FIPS mode since the keystore will be password protected and sending a password in the reload"
-                + "settings api call, requires TLS to be configured for the transport layer",
-            inFipsJvm()
-        );
-    }
-
     private static final String CCR_USER = "ccr_user";
     private static final String CCR_USER_ROLE = "ccr_user_role";
     private static final AtomicInteger DOC_COUNTER = new AtomicInteger(0);

diff --git a/...a/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityReloadCredentialsRestIT.java b/...a/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityReloadCredentialsRestIT.java
@@ -21,7 +21,6 @@
 import org.elasticsearch.test.cluster.util.resource.Resource;
 import org.junit.After;
 import org.junit.Before;
-import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.rules.RuleChain;
 import org.junit.rules.TestRule;
@@ -40,15 +39,6 @@
 @TimeoutSuite(millis = 10 * TimeUnits.MINUTE)
 public class RemoteClusterSecurityReloadCredentialsRestIT extends AbstractRemoteClusterSecurityTestCase {
 
-    @BeforeClass
-    public static void disableInFips() {
-        assumeFalse(
-            "Cannot run in FIPS mode since the keystore will be password protected and sending a password in the reload"
-                + "settings api call, requires TLS to be configured for the transport layer",
-            inFipsJvm()
-        );
-    }
-
     private static final MutableSettingsProvider keystoreSettings = new MutableSettingsProvider();
 
     static {

diff --git a/...java/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityTransformMigrationIT.java b/...java/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityTransformMigrationIT.java
@@ -19,7 +19,6 @@
 import org.elasticsearch.test.cluster.ElasticsearchCluster;
 import org.elasticsearch.test.cluster.MutableSettingsProvider;
 import org.elasticsearch.test.rest.ObjectPath;
-import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.rules.RuleChain;
 import org.junit.rules.TestRule;
@@ -36,15 +35,6 @@
 @TestCaseOrdering(AnnotationTestOrdering.class)
 public class RemoteClusterSecurityTransformMigrationIT extends AbstractRemoteClusterSecurityTestCase {
 
-    @BeforeClass
-    public static void disableInFips() {
-        assumeFalse(
-            "Cannot run in FIPS mode since the keystore will be password protected and sending a password in the reload"
-                + "settings api call, requires TLS to be configured for the transport layer",
-            inFipsJvm()
-        );
-    }
-
     private static final String TRANSFORM_USER = REMOTE_TRANSFORM_USER;
     private static final String TRANSFORM_USER_ROLE = "transform_user_role";
     private static final MutableSettingsProvider keystoreSettings = new MutableSettingsProvider();