Split 8.x TLS min version tests for FIPS

Author: michel-laterman

internal/pkg/config/config_fips_test.go

@@ -0,0 +1,30 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+//go:build !integration && requirefips
+
+package config
+
+import (
+	"crypto/tls"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/elastic/elastic-agent-libs/transport/tlscommon"
+)
+
+func TestTLSDefaults(t *testing.T) {
+	c, err := LoadFile(filepath.Join("testdata", "tls.yml"))
+	require.NoError(t, err)
+	require.NotNil(t, c.Output.Elasticsearch.TLS)
+
+	common, err := tlscommon.LoadTLSConfig(c.Output.Elasticsearch.TLS)
+	require.NoError(t, err)
+	cfg := common.ToConfig()
+	assert.Equal(t, uint16(tls.VersionTLS12), cfg.MinVersion)
+	assert.Equal(t, uint16(tls.VersionTLS13), cfg.MaxVersion)
+}

internal/pkg/config/config_nofips_test.go

@@ -0,0 +1,42 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+//go:build !integration && !requirefips
+
+package config
+
+import (
+	"crypto/tls"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/elastic/elastic-agent-libs/transport/tlscommon"
+)
+
+func TestTLSDefaults(t *testing.T) {
+	c, err := LoadFile(filepath.Join("testdata", "tls.yml"))
+	require.NoError(t, err)
+	require.NotNil(t, c.Output.Elasticsearch.TLS)
+
+	common, err := tlscommon.LoadTLSConfig(c.Output.Elasticsearch.TLS)
+	require.NoError(t, err)
+	cfg := common.ToConfig()
+	assert.Equal(t, uint16(tls.VersionTLS11), cfg.MinVersion)
+	assert.Equal(t, uint16(tls.VersionTLS13), cfg.MaxVersion)
+}
+
+func TestTLS10(t *testing.T) {
+	c, err := LoadFile(filepath.Join("testdata", "tls10.yml"))
+	require.NoError(t, err)
+	require.NotNil(t, c.Output.Elasticsearch.TLS)
+
+	common, err := tlscommon.LoadTLSConfig(c.Output.Elasticsearch.TLS)
+	require.NoError(t, err)
+	cfg := common.ToConfig()
+	assert.Equal(t, uint16(tls.VersionTLS10), cfg.MinVersion)
+	assert.Equal(t, uint16(tls.VersionTLS10), cfg.MaxVersion)
+}

internal/pkg/config/config_test.go

@@ -7,13 +7,11 @@
 package config
 
 import (
-	"crypto/tls"
 	"path/filepath"
 	"sync/atomic"
 	"testing"
 	"time"
 
-	"github.com/elastic/elastic-agent-libs/transport/tlscommon"
 	testlog "github.com/elastic/fleet-server/v7/internal/pkg/testing/log"
 
 	"github.com/gofrs/uuid"
@@ -630,27 +628,3 @@ func TestDeprecationWarnings(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, uint64(3), logCount.Load(), "Expected 3 log messages")
 }
-
-func TestTLSDefaults(t *testing.T) {
-	c, err := LoadFile(filepath.Join("testdata", "tls.yml"))
-	require.NoError(t, err)
-	require.NotNil(t, c.Output.Elasticsearch.TLS)
-
-	common, err := tlscommon.LoadTLSConfig(c.Output.Elasticsearch.TLS)
-	require.NoError(t, err)
-	cfg := common.ToConfig()
-	assert.Equal(t, uint16(tls.VersionTLS11), cfg.MinVersion)
-	assert.Equal(t, uint16(tls.VersionTLS13), cfg.MaxVersion)
-}
-
-func TestTLS10(t *testing.T) {
-	c, err := LoadFile(filepath.Join("testdata", "tls10.yml"))
-	require.NoError(t, err)
-	require.NotNil(t, c.Output.Elasticsearch.TLS)
-
-	common, err := tlscommon.LoadTLSConfig(c.Output.Elasticsearch.TLS)
-	require.NoError(t, err)
-	cfg := common.ToConfig()
-	assert.Equal(t, uint16(tls.VersionTLS10), cfg.MinVersion)
-	assert.Equal(t, uint16(tls.VersionTLS10), cfg.MaxVersion)
-}