From 39e2741ae0367c9ffcb834083ae208f038a7eaf7 Mon Sep 17 00:00:00 2001 From: michel-laterman Date: Fri, 21 Mar 2025 10:42:44 -0700 Subject: [PATCH 01/10] Add buildkite step to run unit tests that require fips provider Add a buildkite step that runs FIPS=true make test-unit as these tests require msft/go and a FIPS provider. --- .buildkite/pipeline.yml | 13 +++++++++++++ .buildkite/scripts/common.sh | 14 +++++++++++++- .buildkite/scripts/fips_provider_test.sh | 13 +++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100755 .buildkite/scripts/fips_provider_test.sh diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index d5598128c..8e6e18f47 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -98,6 +98,19 @@ steps: - build/*.xml - build/coverage*.out + - label: ":smartbear-testexecute: Run FIPS Provider tests" + key: provider-test-fips + command: ".buildkite/scripts/fips_provider_test.sh" + agents: + provider: "aws" + imagePrefix: "elasticcloud-fips-ubuntu-2204-amd64-dev-jammyf-" + diskSizeGb: 100 + instanceType: m5.large + artifact_paths: + - build/*.xml + - build/coverage*.out + + - label: ":smartbear-testexecute: Run unit tests: MacOS 13" key: unit-test-macos-13 command: ".buildkite/scripts/unit_test.sh" diff --git a/.buildkite/scripts/common.sh b/.buildkite/scripts/common.sh index a90016aba..659b02753 100755 --- a/.buildkite/scripts/common.sh +++ b/.buildkite/scripts/common.sh @@ -51,6 +51,18 @@ with_go() { export PATH="${PATH}:$(go env GOPATH):$(go env GOPATH)/bin" } +with_msft_go() { + echo "Setting up microsoft/go" + create_workspace + check_platform_architeture + MSFT_DOWNLOAD_URL=https://aka.ms/golang/release/latest/go$(cat .go-version)-1.${platform_type}-${arch_type}.tar.gz + retry 5 $(curl -sL -o - $MSFT_DOWNLOAD_URL | tar -xz -f - -C ${WORKSPACE}) + export PATH="${PATH}:${WORKSPACE}/go/bin" + go version + which go + export PATH="${PATH}:$(go env GOPATH):$(go env GOPATH)/bin" +} + with_docker_compose() { echo "Setting up the Docker-compose environment..." create_workspace @@ -160,4 +172,4 @@ cleanup() { echo "Deleting temporary files..." rm -rf ${WORKSPACE}/${TMP_FOLDER_TEMPLATE_BASE}.* echo "Done." -} \ No newline at end of file +} diff --git a/.buildkite/scripts/fips_provider_test.sh b/.buildkite/scripts/fips_provider_test.sh new file mode 100755 index 000000000..8db78496c --- /dev/null +++ b/.buildkite/scripts/fips_provider_test.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -euo pipefail + +source .buildkite/scripts/common.sh + +add_bin_path + +with_msft_go + +echo "Starting the provider tests..." +FIPS=true make test-unit junit-report + From c2f88c5e28dc8dd39ff6c3d94685fe6d5ae8d2ed Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 27 Mar 2025 12:33:52 +0100 Subject: [PATCH 02/10] Update .buildkite/pipeline.yml --- .buildkite/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 8e6e18f47..c469e4972 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -103,7 +103,7 @@ steps: command: ".buildkite/scripts/fips_provider_test.sh" agents: provider: "aws" - imagePrefix: "elasticcloud-fips-ubuntu-2204-amd64-dev-jammyf-" + imagePrefix: "platform-ingest-fleet-server-aws-linux-x86-64-fleet-server-ubuntu-2204-fips" diskSizeGb: 100 instanceType: m5.large artifact_paths: From 1bd62a6d3364001c749f49fa48648e0c8aa56407 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 27 Mar 2025 12:42:32 +0100 Subject: [PATCH 03/10] Update .buildkite/pipeline.yml --- .buildkite/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index c469e4972..c612a4f1b 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -103,7 +103,7 @@ steps: command: ".buildkite/scripts/fips_provider_test.sh" agents: provider: "aws" - imagePrefix: "platform-ingest-fleet-server-aws-linux-x86-64-fleet-server-ubuntu-2204-fips" + imagePrefix: "platform-ingest-fleet-server-ubuntu-2204-fips" diskSizeGb: 100 instanceType: m5.large artifact_paths: From 194fc5e10d39a0c1f0f2b71b68806a09725babfb Mon Sep 17 00:00:00 2001 From: michel-laterman Date: Thu, 27 Mar 2025 10:42:36 -0600 Subject: [PATCH 04/10] Add FIPS local build step --- .buildkite/pipeline.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index c612a4f1b..bf0678437 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -30,6 +30,16 @@ steps: cpu: "8" memory: "4G" + - label: ":building_construction: Run local FIPS build" + key: make-local-fips + command: ".buildkite/scripts/local_build.sh" + agents: + image: "${GO_AGENT_IMAGE}" + cpu: "8" + memory: "4G" + env: + FIPS: "true" + - label: ":building_construction: Run local build: MacOS" key: make-local-macos command: ".buildkite/scripts/local_build.sh" From 5e9f69ca31a22603430a4bfe5a1d819bfb290550 Mon Sep 17 00:00:00 2001 From: michel-laterman Date: Thu, 27 Mar 2025 11:07:58 -0600 Subject: [PATCH 05/10] microsfot/go provisioning echo --- .buildkite/scripts/common.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.buildkite/scripts/common.sh b/.buildkite/scripts/common.sh index 659b02753..c47e3de7f 100755 --- a/.buildkite/scripts/common.sh +++ b/.buildkite/scripts/common.sh @@ -58,6 +58,7 @@ with_msft_go() { MSFT_DOWNLOAD_URL=https://aka.ms/golang/release/latest/go$(cat .go-version)-1.${platform_type}-${arch_type}.tar.gz retry 5 $(curl -sL -o - $MSFT_DOWNLOAD_URL | tar -xz -f - -C ${WORKSPACE}) export PATH="${PATH}:${WORKSPACE}/go/bin" + echo "microsoft/go in ${WORKSPACE}" go version which go export PATH="${PATH}:$(go env GOPATH):$(go env GOPATH)/bin" From aca844230eba9c01ecc5621005b3634c303556a9 Mon Sep 17 00:00:00 2001 From: michel-laterman Date: Thu, 27 Mar 2025 11:21:09 -0600 Subject: [PATCH 06/10] Prepend microsoft/go dir to path --- .buildkite/scripts/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/scripts/common.sh b/.buildkite/scripts/common.sh index c47e3de7f..af186ac5d 100755 --- a/.buildkite/scripts/common.sh +++ b/.buildkite/scripts/common.sh @@ -57,7 +57,7 @@ with_msft_go() { check_platform_architeture MSFT_DOWNLOAD_URL=https://aka.ms/golang/release/latest/go$(cat .go-version)-1.${platform_type}-${arch_type}.tar.gz retry 5 $(curl -sL -o - $MSFT_DOWNLOAD_URL | tar -xz -f - -C ${WORKSPACE}) - export PATH="${PATH}:${WORKSPACE}/go/bin" + export PATH="${WORKSPACE}/go/bin:${PATH}" echo "microsoft/go in ${WORKSPACE}" go version which go From abf808fd1bc34219026136511423d1ef895b1ea6 Mon Sep 17 00:00:00 2001 From: michel-laterman Date: Thu, 27 Mar 2025 11:36:06 -0600 Subject: [PATCH 07/10] Remove extra path --- .buildkite/scripts/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/scripts/common.sh b/.buildkite/scripts/common.sh index af186ac5d..dc18c3863 100755 --- a/.buildkite/scripts/common.sh +++ b/.buildkite/scripts/common.sh @@ -61,7 +61,7 @@ with_msft_go() { echo "microsoft/go in ${WORKSPACE}" go version which go - export PATH="${PATH}:$(go env GOPATH):$(go env GOPATH)/bin" + export PATH="${PATH}:$(go env GOPATH)/bin" } with_docker_compose() { From 8bb3c5e36951132edcf81253c4ca63feadcfe187 Mon Sep 17 00:00:00 2001 From: michel-laterman Date: Thu, 27 Mar 2025 11:52:21 -0600 Subject: [PATCH 08/10] Move FIPS to env --- .buildkite/pipeline.yml | 2 ++ .buildkite/scripts/fips_provider_test.sh | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index bf0678437..fd551981c 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -111,6 +111,8 @@ steps: - label: ":smartbear-testexecute: Run FIPS Provider tests" key: provider-test-fips command: ".buildkite/scripts/fips_provider_test.sh" + env: + FIPS: "true" agents: provider: "aws" imagePrefix: "platform-ingest-fleet-server-ubuntu-2204-fips" diff --git a/.buildkite/scripts/fips_provider_test.sh b/.buildkite/scripts/fips_provider_test.sh index 8db78496c..625a7f7ad 100755 --- a/.buildkite/scripts/fips_provider_test.sh +++ b/.buildkite/scripts/fips_provider_test.sh @@ -8,6 +8,6 @@ add_bin_path with_msft_go -echo "Starting the provider tests..." -FIPS=true make test-unit junit-report +echo "Starting the provider enabled tests..." +make test-unit junit-report From b1ab6751fda3cf1ba87cd7e87e6570dc85d22cad Mon Sep 17 00:00:00 2001 From: michel-laterman Date: Thu, 27 Mar 2025 12:10:09 -0600 Subject: [PATCH 09/10] Get latest release of microsoft/go --- .buildkite/scripts/common.sh | 2 +- Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.buildkite/scripts/common.sh b/.buildkite/scripts/common.sh index dc18c3863..920452348 100755 --- a/.buildkite/scripts/common.sh +++ b/.buildkite/scripts/common.sh @@ -55,7 +55,7 @@ with_msft_go() { echo "Setting up microsoft/go" create_workspace check_platform_architeture - MSFT_DOWNLOAD_URL=https://aka.ms/golang/release/latest/go$(cat .go-version)-1.${platform_type}-${arch_type}.tar.gz + MSFT_DOWNLOAD_URL=https://aka.ms/golang/release/latest/go$(cat .go-version).${platform_type}-${arch_type}.tar.gz retry 5 $(curl -sL -o - $MSFT_DOWNLOAD_URL | tar -xz -f - -C ${WORKSPACE}) export PATH="${WORKSPACE}/go/bin:${PATH}" echo "microsoft/go in ${WORKSPACE}" diff --git a/Makefile b/Makefile index 281c96684..efed90cc6 100644 --- a/Makefile +++ b/Makefile @@ -127,7 +127,7 @@ else $(eval ARCH := amd64) endif ifeq "${FIPS}" "true" - $(eval DOWNLOAD_URL := https://aka.ms/golang/release/latest/go${GO_VERSION}-1.linux-${ARCH}.tar.gz) + $(eval DOWNLOAD_URL := https://aka.ms/golang/release/latest/go${GO_VERSION}.linux-${ARCH}.tar.gz) else $(eval DOWNLOAD_URL := https://go.dev/dl/go${GO_VERSION}.linux-${ARCH}.tar.gz) endif From dbf1c2cab1c1451a689f94c703dc27a300d98b7e Mon Sep 17 00:00:00 2001 From: michel-laterman Date: Mon, 31 Mar 2025 15:23:53 -0600 Subject: [PATCH 10/10] Fix issue with cert subjectID generation --- internal/pkg/testing/certs/certs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/pkg/testing/certs/certs.go b/internal/pkg/testing/certs/certs.go index 8b4bd2af5..25dc384e2 100644 --- a/internal/pkg/testing/certs/certs.go +++ b/internal/pkg/testing/certs/certs.go @@ -95,7 +95,7 @@ func GenCA(t *testing.T) tls.Certificate { t.Fatalf("fail to generate RSA key: %v", err) } - ca.SubjectKeyId = generateSubjectKeyID(caKey) + ca.SubjectKeyId = generateSubjectKeyID(caKey.Public()) caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caKey.PublicKey, caKey) if err != nil {