add a test fips command

.github/workflows/publish-release.yml

@@ -56,7 +56,7 @@ jobs:
       - name: Bundle library
         run: yarn build
       - name: Create standalone binary
-        run: yarn dist-standalone -t node14-linux-x64 -o datadog-ci_linux-x64
+        run: yarn dist-standalone -t node18-linux-x64 -o datadog-ci_linux-x64
       - name: Remove dist folder to check that binary can stand alone
         run: |
           rm -rf dist
@@ -96,7 +96,7 @@ jobs:
       - name: Bundle library
         run: yarn build
       - name: Create standalone binary
-        run: yarn dist-standalone -t node14-linux-arm64 -o datadog-ci_linux-arm64
+        run: yarn dist-standalone -t node18-linux-arm64 -o datadog-ci_linux-arm64
       - name: Remove dist folder to check that binary can stand alone
         run: |
           rm -rf dist
@@ -132,7 +132,7 @@ jobs:
       - name: Bundle library
         run: yarn build:win
       - name: Create standalone binary
-        run: yarn dist-standalone -t node14-win-x64 -o datadog-ci_win-x64
+        run: yarn dist-standalone -t node18-win-x64 -o datadog-ci_win-x64
       - name: Remove dist folder to check that binary can stand alone
         run: |
           rm dist -r
@@ -170,7 +170,7 @@ jobs:
       - name: Bundle library
         run: yarn build
       - name: Create standalone binary
-        run: yarn dist-standalone -t node14-macos-x64 -o datadog-ci_darwin-x64
+        run: yarn dist-standalone -t node18-macos-x64 -o datadog-ci_darwin-x64
       - name: Remove dist folder to check that binary can stand alone
         run: |
           rm -rf dist
@@ -206,7 +206,7 @@ jobs:
       - name: Bundle library
         run: yarn build
       - name: Create standalone binary
-        run: yarn dist-standalone -t node14-macos-arm64 -o datadog-ci_darwin-arm64
+        run: yarn dist-standalone -t node18-macos-arm64 -o datadog-ci_darwin-arm64
       - name: Remove dist folder to check that binary can stand alone
         run: |
           rm -rf dist

package.json

@@ -143,7 +143,7 @@
     "eslint-plugin-prefer-arrow": "^1.2.3",
     "eslint-plugin-prettier": "4.0.0",
     "jest": "29.6.2",
-    "pkg": "5.5.2",
+    "pkg": "5.8.1",
     "prettier": "2.0.5",
     "proxy": "^2.1.1",
     "ts-jest": "29.1.1",

src/commands/synthetics/__tests__/cli.test.ts

@@ -29,6 +29,8 @@ test('all option flags are supported', async () => {
     'failOnMissingTests',
     'failOnTimeout',
     'files',
+    'fips',
+    'fipsIgnoreError',
     'jUnitReport',
     'mobileApplicationVersion',
     'mobileApplicationVersionFilePath',
@@ -62,6 +64,8 @@ describe('run-test', () => {
       const overrideEnv = {
         DATADOG_API_KEY: 'fake_api_key',
         DATADOG_APP_KEY: 'fake_app_key',
+        DATADOG_FIPS: 'true',
+        DATADOG_FIPS_IGNORE_ERROR: 'true',
         DATADOG_SITE: 'datadoghq.eu',
         DATADOG_SUBDOMAIN: 'custom',
         DATADOG_SYNTHETICS_BATCH_TIMEOUT: '1',
@@ -153,6 +157,8 @@ describe('run-test', () => {
         failOnMissingTests: toBoolean(overrideEnv.DATADOG_SYNTHETICS_FAIL_ON_MISSING_TESTS),
         failOnTimeout: toBoolean(overrideEnv.DATADOG_SYNTHETICS_FAIL_ON_TIMEOUT),
         files: overrideEnv.DATADOG_SYNTHETICS_FILES.split(';'),
+        fipsEnabled: true,
+        fipsIgnoreError: true,
         jUnitReport: overrideEnv.DATADOG_SYNTHETICS_JUNIT_REPORT,
         publicIds: overrideEnv.DATADOG_SYNTHETICS_PUBLIC_IDS.split(';'),
         selectiveRerun: toBoolean(overrideEnv.DATADOG_SYNTHETICS_SELECTIVE_RERUN),
@@ -223,6 +229,8 @@ describe('run-test', () => {
         failOnMissingTests: true,
         failOnTimeout: false,
         files: ['my-new-file'],
+        fipsEnabled: true,
+        fipsIgnoreError: true,
         // TODO SYNTH-12989: Clean up deprecated `global` in favor of `defaultTestOverrides`
         global: {
           allowInsecureCertificates: true,
@@ -288,6 +296,8 @@ describe('run-test', () => {
         failOnMissingTests: true,
         failOnTimeout: false,
         files: ['new-file'],
+        fipsEnabled: true,
+        fipsIgnoreError: true,
         jUnitReport: 'junit-report.xml',
         mobileApplicationVersionFilePath: './path/to/application.apk',
         pollingTimeout: 2,
@@ -345,6 +355,8 @@ describe('run-test', () => {
       command['failOnMissingTests'] = overrideCLI.failOnMissingTests
       command['failOnTimeout'] = overrideCLI.failOnTimeout
       command['files'] = overrideCLI.files
+      command['fipsEnabled'] = overrideCLI.fipsEnabled
+      command['fipsIgnoreError'] = overrideCLI.fipsIgnoreError
       command['jUnitReport'] = overrideCLI.jUnitReport
       command['mobileApplicationVersion'] = defaultTestOverrides.mobileApplicationVersion
       command['mobileApplicationVersionFilePath'] = overrideCLI.mobileApplicationVersionFilePath
@@ -436,6 +448,8 @@ describe('run-test', () => {
         failOnMissingTests: true,
         failOnTimeout: false,
         files: ['new-file'],
+        fipsEnabled: true,
+        fipsIgnoreError: true,
         jUnitReport: 'junit-report.xml',
         pollingTimeout: 2,
         publicIds: ['ran-dom-id2'],
@@ -500,6 +514,8 @@ describe('run-test', () => {
         failOnMissingTests: true,
         failOnTimeout: false,
         files: ['new-file'],
+        fipsEnabled: true,
+        fipsIgnoreError: true,
         jUnitReport: 'junit-report.xml',
         publicIds: ['ran-dom-id2'],
         pollingTimeout: 1,
@@ -562,7 +578,7 @@ describe('run-test', () => {
     //
     // (config file < ENV < CLI < test file) => execute tests
 
-    describe('override precedence - config file < ENV < CLI < test file', () => {
+    describe('override precedence - [config file < ENV < CLI < test file]', () => {
       const configFile = {
         apiKey: 'config_file_api_key',
         appKey: 'config_file_app_key',
@@ -598,6 +614,8 @@ describe('run-test', () => {
         failOnMissingTests: false,
         failOnTimeout: false,
         files: ['from_config_file.json'],
+        fipsEnabled: false,
+        fipsIgnoreError: false,
         // TODO SYNTH-12989: Clean up deprecated `global` in favor of `defaultTestOverrides`
         global: {},
         jUnitReport: 'junit-report-from-config-file.xml',
@@ -622,6 +640,8 @@ describe('run-test', () => {
         const overrideEnv = {
           DATADOG_API_KEY: 'env_api_key',
           DATADOG_APP_KEY: 'env_app_key',
+          DATADOG_FIPS: 'true',
+          DATADOG_FIPS_IGNORE_ERROR: 'true',
           DATADOG_SITE: 'us5.datadoghq.com',
           DATADOG_SUBDOMAIN: 'subdomain_from_env',
           DATADOG_SYNTHETICS_BATCH_TIMEOUT: '1',
@@ -714,6 +734,8 @@ describe('run-test', () => {
           failOnMissingTests: toBoolean(overrideEnv.DATADOG_SYNTHETICS_FAIL_ON_MISSING_TESTS),
           failOnTimeout: toBoolean(overrideEnv.DATADOG_SYNTHETICS_FAIL_ON_TIMEOUT),
           files: overrideEnv.DATADOG_SYNTHETICS_FILES?.split(';'),
+          fipsEnabled: toBoolean(overrideEnv.DATADOG_FIPS),
+          fipsIgnoreError: toBoolean(overrideEnv.DATADOG_FIPS_IGNORE_ERROR),
           jUnitReport: overrideEnv.DATADOG_SYNTHETICS_JUNIT_REPORT,
           publicIds: overrideEnv.DATADOG_SYNTHETICS_PUBLIC_IDS?.split(';'),
           selectiveRerun: toBoolean(overrideEnv.DATADOG_SYNTHETICS_SELECTIVE_RERUN),
@@ -754,6 +776,8 @@ describe('run-test', () => {
           failOnMissingTests: true,
           failOnTimeout: true,
           files: ['new-file-from-cli'],
+          fipsEnabled: true,
+          fipsIgnoreError: true,
           jUnitReport: 'junit-report-from-cli.xml',
           mobileApplicationVersionFilePath: './path/to/application-from-cli.apk',
           pollingTimeout: 10,
@@ -815,6 +839,8 @@ describe('run-test', () => {
         command['failOnMissingTests'] = overrideCLI.failOnMissingTests
         command['failOnTimeout'] = overrideCLI.failOnTimeout
         command['files'] = overrideCLI.files
+        command['fipsEnabled'] = overrideCLI.fipsEnabled
+        command['fipsIgnoreError'] = overrideCLI.fipsIgnoreError
         command['jUnitReport'] = overrideCLI.jUnitReport
         command['mobileApplicationVersion'] = defaultTestOverrides.mobileApplicationVersion
         command['mobileApplicationVersionFilePath'] = overrideCLI.mobileApplicationVersionFilePath
@@ -881,6 +907,8 @@ describe('run-test', () => {
         const overrideEnv = {
           DATADOG_API_KEY: 'env_api_key',
           DATADOG_APP_KEY: 'env_app_key',
+          DATADOG_FIPS: 'false',
+          DATADOG_FIPS_IGNORE_ERROR: 'false',
           DATADOG_SITE: 'us5.datadoghq.com',
           DATADOG_SYNTHETICS_CONFIG_PATH: 'path/to/config_from_env.json',
           DATADOG_SUBDOMAIN: 'subdomain_from_env',
@@ -932,6 +960,8 @@ describe('run-test', () => {
           failOnMissingTests: false,
           failOnTimeout: false,
           files: ['file-from-cli-1;file-from-cli-2'],
+          fipsEnabled: true,
+          fipsIgnoreError: true,
           jUnitReport: 'junit-report-from-cli.xml',
           mobileApplicationVersionFilePath: './path/to/application-from-cli.apk',
           pollingTimeout: 10,
@@ -995,6 +1025,8 @@ describe('run-test', () => {
         command['failOnMissingTests'] = overrideCLI.failOnMissingTests
         command['failOnTimeout'] = overrideCLI.failOnTimeout
         command['files'] = overrideCLI.files
+        command['fipsEnabled'] = overrideCLI.fipsEnabled
+        command['fipsIgnoreError'] = overrideCLI.fipsIgnoreError
         command['jUnitReport'] = overrideCLI.jUnitReport
         command['mobileApplicationVersion'] = defaultTestOverrides.mobileApplicationVersion
         command['mobileApplicationVersionFilePath'] = overrideCLI.mobileApplicationVersionFilePath

src/commands/synthetics/__tests__/config-fixtures/config-with-all-keys.json

@@ -8,6 +8,8 @@
   "failOnMissingTests": true,
   "failOnTimeout": false,
   "files": ["my-new-file"],
+  "fipsEnabled": true,
+  "fipsIgnoreError": true,
   "jUnitReport": "junit-report.xml",
   "global": {
     "allowInsecureCertificates": true,

src/commands/synthetics/__tests__/fixtures.ts

@@ -76,6 +76,8 @@ export const ciConfig: RunTestsCommandConfig = {
   failOnMissingTests: false,
   failOnTimeout: true,
   files: [],
+  fipsEnabled: false,
+  fipsIgnoreError: false,
   jUnitReport: '',
   global: {},
   defaultTestOverrides: {},

src/commands/synthetics/__tests__/run-tests-lib.test.ts

@@ -62,6 +62,8 @@ describe('run-test', () => {
           failOnMissingTests: false,
           failOnTimeout: true,
           files: ['{,!(node_modules)/**/}*.synthetics.json'],
+          fipsEnabled: false,
+          fipsIgnoreError: false,
           global: {}, // deprecated
           locations: [], // deprecated
           pollingTimeout: 2 * 60 * 1000,
@@ -90,6 +92,8 @@ describe('run-test', () => {
           failOnMissingTests: false,
           failOnTimeout: true,
           files: ['{,!(node_modules)/**/}*.synthetics.json'],
+          fipsEnabled: false,
+          fipsIgnoreError: false,
           // TODO SYNTH-12989: Clean up deprecated `global` and `locations`
           global: {},
           locations: [],

src/commands/synthetics/interfaces.ts

@@ -497,6 +497,8 @@ export interface RunTestsCommandConfig extends SyntheticsCIConfig {
   failOnMissingTests: boolean
   failOnTimeout: boolean
   files: string[]
+  fipsEnabled: boolean
+  fipsIgnoreError: boolean
   // TODO SYNTH-12989: Clean up deprecated `global` in favor of `defaultTestOverrides`
   /** @deprecated This property is deprecated, please use `defaultTestOverrides` instead. */
   global?: UserConfigOverride

src/commands/synthetics/run-tests-command.ts

@@ -2,6 +2,7 @@ import {Command, Option} from 'clipanion'
 import deepExtend from 'deep-extend'
 import terminalLink from 'terminal-link'
 
+import {enableFips, UnsupportedFipsError} from '../../helpers/fips'
 import {removeUndefinedValues, resolveConfigFromFile} from '../../helpers/utils'
 import * as validation from '../../helpers/validation'
 import {isValidDatadogSite} from '../../helpers/validation'
@@ -47,6 +48,8 @@ export const DEFAULT_COMMAND_CONFIG: RunTestsCommandConfig = {
   failOnMissingTests: false,
   failOnTimeout: true,
   files: [],
+  fipsEnabled: false,
+  fipsIgnoreError: false,
   // TODO SYNTH-12989: Clean up deprecated `global` in favor of `defaultTestOverrides`
   global: {},
   jUnitReport: '',
@@ -133,6 +136,13 @@ export class RunTestsCommand extends Command {
   private files = Option.Array('-f,--files', {
     description: `Glob pattern to detect Synthetic test ${$2('configuration files')}}.`,
   })
+  private fipsEnabled = Option.Boolean('--fips', {
+    description:
+      'Use a FIPS compliant crypto provider. Throws an error if no FIPS compliant crypto provider are available.',
+  })
+  private fipsIgnoreError = Option.Boolean('--fipsIgnoreError', {
+    description: `Prevent error when using the ${$1('--fips')} option.`,
+  })
   private mobileApplicationVersion = Option.String('--mobileApplicationVersion', {
     description: 'Override the default mobile application version to test a different version within Datadog.',
   })
@@ -187,6 +197,22 @@ export class RunTestsCommand extends Command {
       return 1
     }
 
+    if (this.config.fipsEnabled) {
+      try {
+        if (enableFips(this.config.fipsIgnoreError)) {
+          this.reporter.log('FIPS mode enabled.\n')
+        } else {
+          this.reporter.error('FIPS could not be enabled. The command will continue without FIPS mode.\n')
+        }
+      } catch (error) {
+        if (error instanceof UnsupportedFipsError) {
+          this.reporter.error('FIPS mode is not supported. Aborting.\n')
+
+          return toExitCode(getExitReason(this.config, {error}))
+        }
+      }
+    }
+
     if (this.config.jUnitReport) {
       reporters.push(
         new JUnitReporter({
@@ -277,6 +303,8 @@ export class RunTestsCommand extends Command {
         failOnMissingTests: toBoolean(process.env.DATADOG_SYNTHETICS_FAIL_ON_MISSING_TESTS),
         failOnTimeout: toBoolean(process.env.DATADOG_SYNTHETICS_FAIL_ON_TIMEOUT),
         files: process.env.DATADOG_SYNTHETICS_FILES?.split(';'),
+        fipsEnabled: toBoolean(process.env.DATADOG_FIPS),
+        fipsIgnoreError: toBoolean(process.env.DATADOG_FIPS_IGNORE_ERROR),
         jUnitReport: process.env.DATADOG_SYNTHETICS_JUNIT_REPORT,
         publicIds: process.env.DATADOG_SYNTHETICS_PUBLIC_IDS?.split(';'),
         selectiveRerun: toBoolean(process.env.DATADOG_SYNTHETICS_SELECTIVE_RERUN),
@@ -357,6 +385,8 @@ export class RunTestsCommand extends Command {
         failOnMissingTests: this.failOnMissingTests,
         failOnTimeout: this.failOnTimeout,
         files: this.files,
+        fipsEnabled: this.fipsEnabled,
+        fipsIgnoreError: this.fipsIgnoreError,
         jUnitReport: this.jUnitReport,
         publicIds: this.publicIds,
         selectiveRerun: this.selectiveRerun,

src/commands/synthetics/utils/public.ts

@@ -49,6 +49,7 @@ import {getTest} from '../test'
 import {Tunnel} from '../tunnel'
 
 import {getOverriddenExecutionRule, hasDefinedResult, isMobileTestWithOverride} from './internal'
+import { UnsupportedFipsError } from 'src/helpers/fips'
 
 const TEMPLATE_REGEX = /{{\s*([^{}]*?)\s*}}/g
 export const PUBLIC_ID_REGEX = /\b[a-z0-9]{3}-[a-z0-9]{3}-[a-z0-9]{3}\b/
@@ -812,6 +813,10 @@ export const getExitReason = (
   config: Pick<RunTestsCommandConfig, 'failOnCriticalErrors' | 'failOnMissingTests'>,
   {results, error}: {results?: Result[]; error?: unknown}
 ) => {
+  if (error instanceof UnsupportedFipsError) {
+    return 'fips-mode-not-supported'
+  }
+
   if (results?.some((result) => getResultOutcome(result) === ResultOutcome.Failed)) {
     return 'failing-tests'
   }