Enhancement/4811 fips to fips upgrade#7312
Merged
kaanyalti merged 11 commits intoelastic:mainfrom Mar 14, 2025
Merged
Conversation
Contributor
|
This pull request does not have a backport label. Could you fix it @kaanyalti? 🙏
|
jlind23
added
backport-8.x
kaanyalti
force-pushed
the
enhancement/4811_fips_to_fips_upgrade
branch
from
d07a634 to
01f3068
Compare
|
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsHistory
cc @kaanyalti |
pierrehilbert
added
the
Team:Elastic-Agent-Control-Plane
Contributor
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
swiatekm
approved these changes
Mar 14, 2025
mergify bot
pushed a commit
that referenced
this pull request
Mar 14, 2025
* Fix typo in error message * enhancement(4811): added fips in the package manifest * enhancement(4811): prelimenary commit to prepare for implementation * enhancement(4811): added fips to fips check for upgrades * enhancement(4811): update fips check * enhancment(4811): refactored upgrade version checks * enhancement(4811): added tests for checkUpgrade * enhancement(4811): added fips test case for sameReleaseVersion function * enhancement(4811): added changelog * enhancement(4811): remove unnecessary comment * enhancement(4811): remove comment --------- Co-authored-by: Pierre HILBERT <pierre.hilbert@elastic.co> (cherry picked from commit 5b45c94)
5 tasks
mergify bot
pushed a commit
that referenced
this pull request
Mar 14, 2025
* Fix typo in error message * enhancement(4811): added fips in the package manifest * enhancement(4811): prelimenary commit to prepare for implementation * enhancement(4811): added fips to fips check for upgrades * enhancement(4811): update fips check * enhancment(4811): refactored upgrade version checks * enhancement(4811): added tests for checkUpgrade * enhancement(4811): added fips test case for sameReleaseVersion function * enhancement(4811): added changelog * enhancement(4811): remove unnecessary comment * enhancement(4811): remove comment --------- Co-authored-by: Pierre HILBERT <pierre.hilbert@elastic.co> (cherry picked from commit 5b45c94)
5 tasks
simitt
reviewed
Mar 17, 2025
| var ( | ||
| ErrWatcherNotStarted = errors.New("watcher did not start in time") | ||
| ErrUpgradeSameVersion = errors.New("upgrade did not occur because it is the same version") | ||
| ErrFipsNotUpgradedToFips = errors.New("cannot upgrade from a fips compliant agent to a non-compliant one") |
Contributor
There was a problem hiding this comment.
The wording of the error should cover both cases:
(1) fips -> non-fips
(2) non-fips -> fips
In checkUpgrade it actually fails for both cases, but the error that will be logged would be confusing if someone tries to upgrade from non-fips to fips.
Also, we should be careful with wording and avoid fips compliant. I would suggest using a more neutral language, something along the lines of cannot switch fips mode when upgrading.
Author
There was a problem hiding this comment.
I'll create a PR to update the wording here
kaanyalti
pushed a commit
that referenced
this pull request
Mar 17, 2025
* Fix typo in error message * enhancement(4811): added fips in the package manifest * enhancement(4811): prelimenary commit to prepare for implementation * enhancement(4811): added fips to fips check for upgrades * enhancement(4811): update fips check * enhancment(4811): refactored upgrade version checks * enhancement(4811): added tests for checkUpgrade * enhancement(4811): added fips test case for sameReleaseVersion function * enhancement(4811): added changelog * enhancement(4811): remove unnecessary comment * enhancement(4811): remove comment --------- Co-authored-by: Pierre HILBERT <pierre.hilbert@elastic.co> (cherry picked from commit 5b45c94)
kaanyalti
pushed a commit
that referenced
this pull request
Mar 17, 2025
* Fix typo in error message * enhancement(4811): added fips in the package manifest * enhancement(4811): prelimenary commit to prepare for implementation * enhancement(4811): added fips to fips check for upgrades * enhancement(4811): update fips check * enhancment(4811): refactored upgrade version checks * enhancement(4811): added tests for checkUpgrade * enhancement(4811): added fips test case for sameReleaseVersion function * enhancement(4811): added changelog * enhancement(4811): remove unnecessary comment * enhancement(4811): remove comment --------- Co-authored-by: Pierre HILBERT <pierre.hilbert@elastic.co> (cherry picked from commit 5b45c94)
kaanyalti
pushed a commit
that referenced
this pull request
Mar 17, 2025
* Fix typo in error message * enhancement(4811): added fips in the package manifest * enhancement(4811): prelimenary commit to prepare for implementation * enhancement(4811): added fips to fips check for upgrades * enhancement(4811): update fips check * enhancment(4811): refactored upgrade version checks * enhancement(4811): added tests for checkUpgrade * enhancement(4811): added fips test case for sameReleaseVersion function * enhancement(4811): added changelog * enhancement(4811): remove unnecessary comment * enhancement(4811): remove comment --------- Co-authored-by: Pierre HILBERT <pierre.hilbert@elastic.co> (cherry picked from commit 5b45c94) Co-authored-by: Kaan Yalti <kaan.yalti@elastic.co>
kaanyalti
pushed a commit
that referenced
this pull request
Mar 17, 2025
* Fix typo in error message * enhancement(4811): added fips in the package manifest * enhancement(4811): prelimenary commit to prepare for implementation * enhancement(4811): added fips to fips check for upgrades * enhancement(4811): update fips check * enhancment(4811): refactored upgrade version checks * enhancement(4811): added tests for checkUpgrade * enhancement(4811): added fips test case for sameReleaseVersion function * enhancement(4811): added changelog * enhancement(4811): remove unnecessary comment * enhancement(4811): remove comment --------- Co-authored-by: Pierre HILBERT <pierre.hilbert@elastic.co> (cherry picked from commit 5b45c94) Co-authored-by: Kaan Yalti <kaan.yalti@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Updates the upgrade process to prevent fips to non-fips upgrades
Why is it important?
upgrading to non-fips agent is not going to be supported
Checklist
[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files./changelog/fragmentsusing the changelog tool[ ] I have added an integration test or an E2E testHow to test this PR locally
Related issues