Skip to content

Temporarily have FIPS integration tests spin up deployments in Production CFT environment#50005

Merged
ycombinator merged 1 commit intoelastic:mainfrom
ycombinator:redirect-fips-tests-to-prod-cft
Apr 8, 2026
Merged

Temporarily have FIPS integration tests spin up deployments in Production CFT environment#50005
ycombinator merged 1 commit intoelastic:mainfrom
ycombinator:redirect-fips-tests-to-prod-cft

Conversation

@ycombinator
Copy link
Copy Markdown
Contributor

@ycombinator ycombinator commented Apr 8, 2026

Proposed commit message

This PR temporarily creates ECH deployments for the FIPS integration testing Buildkite pipelines (x-pack/filebeat and x-pack/metricbeat) in the Production CFT ESS environment (as opposed to the Staging GovCloud ESS environment).

The FIPS ECH integration tests are currently failing because the step where deployments are provisioned in GovCloud Staging is consistently failing due to an ongoing incident in that environment. This change should be reverted once FRH Staging is healthy again.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works. Where relevant, I have used the stresstest.sh script to run them under stress conditions and race detector to verify their stability.
  • I have added an entry in ./changelog/fragments using the changelog tool.

Disruptive User Impact

None. CI-only change.

@ycombinator
Temporarily redirect FIPS ECH tests to Production CFT
27426e8 
FRH Staging is currently unable to provision deployments, causing the
x-pack/{filebeat,metricbeat} FIPS ECH integration tests to fail. This
temporarily points those pipelines at the Production CFT environment
until the incident is resolved. Revert once FRH Staging is healthy.
@ycombinator ycombinator added release-note:skip The PR should be ignored when processing the changelog Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team labels Apr 8, 2026
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Apr 8, 2026

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

1 similar comment
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Apr 8, 2026

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 8, 2026
@ycombinator ycombinator requested a review from a team as a code owner April 8, 2026 15:12
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Apr 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

🤖 GitHub comments

Just comment with:

  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

@ycombinator ycombinator marked this pull request as draft April 8, 2026 15:13
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Apr 8, 2026

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @ycombinator? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit
  • backport-active-all is the label that automatically backports to all active branches.
  • backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
  • backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

@ycombinator ycombinator marked this pull request as ready for review April 8, 2026 16:47
@ycombinator ycombinator enabled auto-merge (squash) April 8, 2026 16:47
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 8, 2026

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a6fd4162-5d46-423e-9340-a097245c5ecc

📥 Commits

Reviewing files that changed from the base of the PR and between 06d9717 and 27426e8.

📒 Files selected for processing (2)
  • .buildkite/x-pack/pipeline.xpack.filebeat.yml
  • .buildkite/x-pack/pipeline.xpack.metricbeat.yml
📝 Walkthrough

Walkthrough

The "FIPS ECH Integration Tests" step in both Filebeat and Metricbeat Buildkite pipeline files is reconfigured to use production infrastructure instead of staging. AWS-specific environment variables (EC_ENDPOINT, TF_VAR_ech_region: us-gov-east-1, and TF_VAR_deployment_template_id) are commented out, replaced with TF_VAR_ech_region: gcp-us-west2. The Vault Secrets plugin path for the ECH API key is updated from a staging path (platform-ingest-ec-staging-gov) to a production path (platform-ingest-ec-prod), while the apiKey field-to-environment variable mapping remains unchanged.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • 🛠️ Update Documentation: Commit on current branch
  • 🛠️ Update Documentation: Create PR

Comment @coderabbitai help to get the list of available commands and usage tips.

@ycombinator ycombinator merged commit 08e091f into elastic:main Apr 8, 2026
53 of 58 checks passed
@ycombinator ycombinator added the backport-active-all Automated backport with mergify to all the active branches label Apr 8, 2026
@ycombinator ycombinator deleted the redirect-fips-tests-to-prod-cft branch April 8, 2026 18:13
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

@Mergifyio backport 8.19 9.3 9.4

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Apr 8, 2026
edited
Loading

backport 8.19 9.3 9.4

✅ Backports have been created

Details
  • Backport to branch 8.19 completed

No pull request needed: No commits between 8.19 and mergify/bp/8.19/pr-50005

mergify bot pushed a commit that referenced this pull request Apr 8, 2026
@ycombinator @mergify
Temporarily redirect FIPS ECH tests to Production CFT (#50005)
0e8fa22 
FRH Staging is currently unable to provision deployments, causing the
x-pack/{filebeat,metricbeat} FIPS ECH integration tests to fail. This
temporarily points those pipelines at the Production CFT environment
until the incident is resolved. Revert once FRH Staging is healthy.

(cherry picked from commit 08e091f)
@mergify mergify bot mentioned this pull request Apr 8, 2026
Merged
6 tasks
mergify bot pushed a commit that referenced this pull request Apr 8, 2026
@ycombinator @mergify
Temporarily redirect FIPS ECH tests to Production CFT (#50005)
79d7317 
FRH Staging is currently unable to provision deployments, causing the
x-pack/{filebeat,metricbeat} FIPS ECH integration tests to fail. This
temporarily points those pipelines at the Production CFT environment
until the incident is resolved. Revert once FRH Staging is healthy.

(cherry picked from commit 08e091f)
@mergify mergify bot mentioned this pull request Apr 8, 2026
Merged
6 tasks
ycombinator added a commit that referenced this pull request Apr 8, 2026
@mergify @ycombinator
Temporarily redirect FIPS ECH tests to Production CFT (#50005) (#50012)
84140f0 
FRH Staging is currently unable to provision deployments, causing the
x-pack/{filebeat,metricbeat} FIPS ECH integration tests to fail. This
temporarily points those pipelines at the Production CFT environment
until the incident is resolved. Revert once FRH Staging is healthy.

(cherry picked from commit 08e091f)

Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
ycombinator added a commit that referenced this pull request Apr 8, 2026
@mergify @ycombinator
Temporarily redirect FIPS ECH tests to Production CFT (#50005) (#50011)
864dcd7 
FRH Staging is currently unable to provision deployments, causing the
x-pack/{filebeat,metricbeat} FIPS ECH integration tests to fail. This
temporarily points those pipelines at the Production CFT environment
until the incident is resolved. Revert once FRH Staging is healthy.

(cherry picked from commit 08e091f)

Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@v1v v1v v1v approved these changes

@cmacknz cmacknz cmacknz approved these changes

@pierrehilbert pierrehilbert Awaiting requested review from pierrehilbert

Assignees

@ycombinator ycombinator

Labels

backport-active-all Automated backport with mergify to all the active branches release-note:skip The PR should be ignored when processing the changelog Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ycombinator @elasticmachine @v1v @cmacknz