Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement/5039 remove x crypto fips #7072

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Enhancement/5039 remove x crypto fips #7072

wants to merge 7 commits into from

Conversation

kaanyalti
Copy link
Contributor

@kaanyalti kaanyalti commented Feb 28, 2025
edited
Loading

  • Enhancement

What does this PR do?

Removes x/crypto usage

Why is it important?

We need to move away from using x/crypto for fips compliance

Checklist

  • I have read and understood the pull request guidelines of this project.
  • My code follows the style guidelines of this project
  • [ ] I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • [ ] I have added an integration test or an E2E test

Disruptive User Impact

None

How to test this PR locally

Ci tests should be enough

Related issues

@mergify Mergify
Copy link
Contributor

mergify bot commented Feb 28, 2025

This pull request does not have a backport label. Could you fix it @kaanyalti? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-./d./d is the label that automatically backports to the 8./d branch. /d is the digit
  • backport-active-all is the label that automatically backports to all active branches.
  • backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
  • backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

kruskall
kruskall reviewed Feb 28, 2025
View reviewed changes
go.mod Outdated
@@ -1,6 +1,6 @@
module github.com/elastic/elastic-agent

go 1.23.6
go 1.24.0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can't bump to 1.24 yet :(

#6932 (review)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I should set this PR as blocked because it does depend on 1.24

@kaanyalti kaanyalti force-pushed the enhancement/5039_remove_x_crypto_fips branch from 65d0fb3 to 8e74a0a Compare March 1, 2025 08:35
@kaanyalti kaanyalti marked this pull request as ready for review March 1, 2025 08:36
@kaanyalti kaanyalti requested a review from a team as a code owner March 1, 2025 08:36
@kaanyalti kaanyalti requested review from swiatekm and pchila March 1, 2025 08:36
@kaanyalti
Copy link
Contributor Author

Blocked until go version can be bumped up to 1.24

@kaanyalti kaanyalti marked this pull request as draft March 1, 2025 08:36
@kaanyalti kaanyalti force-pushed the enhancement/5039_remove_x_crypto_fips branch from df255d7 to 8d17eea Compare March 5, 2025 23:16
@kaanyalti kaanyalti mentioned this pull request Mar 6, 2025
Closed
1 task
@kaanyalti kaanyalti force-pushed the enhancement/5039_remove_x_crypto_fips branch from 8d17eea to ecea4ae Compare March 6, 2025 18:26
@kaanyalti
Copy link
Contributor Author

unblocked, go version bumped is merged

@kaanyalti kaanyalti marked this pull request as ready for review March 6, 2025 18:29
kruskall
kruskall approved these changes Mar 6, 2025
View reviewed changes
Copy link
Member

@kruskall kruskall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

just a minor question for the agent team

changelog/fragments/1740817861-remove-some-x-crypto-usage.yaml
kind: enhancement

# Change summary; a 80ish characters long description of the change.
summary: Replaces x/crypto/pbkdf2 with the stdlib pbkdf2. Bumps go version to 1.24. Bumps beats version to commit cd883f511c3c
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need a changelog ? This shouldn't be user-facing 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right, added it without thinking, removing it right away

kruskall
kruskall reviewed Mar 6, 2025
View reviewed changes
go.mod
@@ -13,10 +13,10 @@ require (
github.com/docker/docker v27.5.1+incompatible
github.com/docker/go-units v0.5.0
github.com/dolmen-go/contextio v0.0.0-20200217195037-68fc5150bcd5
github.com/elastic/beats/v7 v7.0.0-alpha2.0.20250218044933-ef79280d53a2
github.com/elastic/beats/v7 v7.0.0-alpha2.0.20250305185131-1db044487726
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah also, beats bump can't be backported (each branch targets a different branch). You might want to leave the bump out to make the PR easier to backport 🙂

Copy link
Contributor Author

@kaanyalti kaanyalti Mar 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense, I'll move the beats version bump to another PR

@elasticmachine
Copy link
Contributor

elasticmachine commented Mar 6, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @kaanyalti

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
70.6% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Mar 7, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

simitt
simitt approved these changes Mar 7, 2025
View reviewed changes
Copy link
Contributor

@simitt simitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

swiatekm
swiatekm reviewed Mar 7, 2025
View reviewed changes
go.mod
github.com/elastic/elastic-agent-autodiscover v0.9.0
github.com/elastic/elastic-agent-client/v7 v7.17.1
github.com/elastic/elastic-agent-libs v0.18.8
github.com/elastic/elastic-agent-libs v0.18.9-0.20250305191329-ed5e3c2bdf69
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0.18.9 is out now, so we can use it here instead of a dev version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swiatekm swiatekm swiatekm left review comments

@kruskall kruskall kruskall approved these changes

@simitt simitt simitt approved these changes

@pchila pchila Awaiting requested review from pchila pchila is a code owner automatically assigned from elastic/elastic-agent-control-plane

At least 1 approving review is required to merge this pull request.

Assignees

@kaanyalti kaanyalti

Labels
Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kaanyalti @elasticmachine @simitt @swiatekm @kruskall @pierrehilbert