Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increase minio secret key length for FIPS #10518

Merged
merged 1 commit into from
Aug 30, 2024
Merged

Increase minio secret key length for FIPS #10518

merged 1 commit into from
Aug 30, 2024

Conversation

showuon
Copy link
Member

@showuon showuon commented Aug 29, 2024
edited
Loading

Type of change

Select the type of your PR

  • Enhancement / new feature

Description

We disabled FIPS test for tiered storage system test because of the issue: Aiven-Open/tiered-storage-for-apache-kafka#573 . After investigation, I found it's because the secret key length we set is too short, which is not compatible with FIPS compliance. After increasing the secret key size, the test passes.

Checklist

Please go through this checklist and make sure all applicable tasks have been done

  • Write tests
  • [V] Make sure all tests pass
  • Update documentation
  • Check RBAC rights for Kubernetes / OpenShift roles
  • Try your changes from Pod inside your Kubernetes and OpenShift cluster, not just locally
  • Reference relevant issue(s) and close them after merging
  • Update CHANGELOG.md
  • Supply screenshots for visual changes, such as Grafana dashboards

@scholzj scholzj added this to the 0.44.0 milestone Aug 29, 2024
@scholzj scholzj requested review from Frawless and im-konge August 29, 2024 12:30
im-konge
im-konge approved these changes Aug 29, 2024
View reviewed changes
Copy link
Member

@im-konge im-konge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I guess that the issue in Aiven Tiered Storage plugin should be closed?

@scholzj
Copy link
Member

scholzj commented Aug 29, 2024

/azp run build

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@scholzj
Copy link
Member

scholzj commented Aug 29, 2024

/azp run regression

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@showuon
Copy link
Member Author

showuon commented Aug 30, 2024

I guess that the issue in Aiven Tiered Storage plugin should be closed?

No, I'd like to test FIPS support in real AWS S3. Will leave comment in the Aiven's issue when completed.

@showuon
Copy link
Member Author

showuon commented Aug 30, 2024

I guess that the issue in Aiven Tiered Storage plugin should be closed?

No, I'd like to test FIPS support in real AWS S3. Will leave comment in the Aiven's issue when completed.

OK, I've confirmed the openshift cluster with FIPS enabled can upload log segment to AWS S3, and read from S3 without error. I'll leave a comment in the Aiven's issue. Thanks.

@im-konge
Copy link
Member

@showuon thanks a lot for the investigation and fixup! 🙂

@scholzj scholzj merged commit f3b8493 into strimzi:main Aug 30, 2024
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Frawless Frawless Frawless approved these changes

@im-konge im-konge im-konge approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.44.0
Development

Successfully merging this pull request may close these issues.
4 participants
@showuon @scholzj @im-konge @Frawless