OpenSearch/qa/security-example-realm/build.gradle

import org.elasticsearch.gradle.MavenFilteringHack
import org.elasticsearch.gradle.VersionProperties

apply plugin: 'elasticsearch.build'

dependencies {
  provided "org.elasticsearch:elasticsearch:${versions.elasticsearch}"
  provided project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')

  testCompile "org.elasticsearch.test:framework:${project.versions.elasticsearch}"
  testCompile project(path: ':x-pack-elasticsearch:transport-client', configuration: 'runtime')
}

Map generateSubstitutions() {
  def stringSnap = { version ->
    if (version.endsWith("-SNAPSHOT")) {
      return version.substring(0, version.length() - 9)
    }
    return version
  }
  return [
    'version': stringSnap(version),
    'xpack.version': stringSnap(VersionProperties.elasticsearch),
    'java.version': targetCompatibility as String
  ]
}

String outputDir = "generated-resources/${project.name}"
task copyXPackPluginProps(type: Copy) {
  from project(':x-pack-elasticsearch:plugin').file('src/main/plugin-metadata')
  from project(':x-pack-elasticsearch:plugin').tasks.pluginProperties
  into outputDir
}
project.sourceSets.test.output.dir(outputDir, builtBy: copyXPackPluginProps)

processResources {
  MavenFilteringHack.filter(it, generateSubstitutions())
}

task buildZip(type:Zip, dependsOn: [jar]) {
  from 'build/resources/main/x-pack-extension-descriptor.properties'
  from 'build/resources/main/x-pack-extension-security.policy'
  from project.jar
}

task integTest(type: org.elasticsearch.gradle.test.RestIntegTestTask, dependsOn: buildZip) {
  mustRunAfter precommit
}

integTestRunner {
  systemProperty 'tests.security.manager', 'false'
}
integTestCluster {
  plugin ':x-pack-elasticsearch:plugin'
  setting 'xpack.security.authc.realms.custom.order', '0'
  setting 'xpack.security.authc.realms.custom.type', 'custom'
  setting 'xpack.security.authc.realms.custom.filtered_setting', 'should be filtered'
  setting 'xpack.security.authc.realms.esusers.order', '1'
  setting 'xpack.security.authc.realms.esusers.type', 'file'

  setupCommand 'setupDummyUser',
               'bin/x-pack/users', 'useradd', 'test_user', '-p', 'changeme', '-r', 'superuser'
  setupCommand 'installExtension',
                'bin/x-pack/extension', 'install', 'file:' + buildZip.archivePath
  waitCondition = { node, ant ->
    File tmpFile = new File(node.cwd, 'wait.success')
    ant.get(src: "http://${node.httpUri()}",
            dest: tmpFile.toString(),
            username: 'test_user',
            password: 'changeme',
            ignoreerrors: true,
            retries: 10)
    return tmpFile.exists()
  }
}
check.dependsOn integTest
Make xpack extensible: * Add XPackExtension: an api class (like Plugin in core) for what a x-pack extension can do. * Add XPackExtensionCli: a cli tool for adding, removing and listing extensions for x-pack. * Add XPackExtensionService: loading of jars from pluginsdir/x-pack/extensions, into child classloader. * Add bin/x-pack/extension script, similar to plugin cli, which installs an extension into pluginsdir/x-pack/extensions. * Add XPack extension integration test. Fixed elastic/elasticsearch#1515 Original commit: elastic/x-pack-elasticsearch@130ba03270b8c59faafc0b049a735005998a8392 2016-03-07 12:00:30 -05:00			`import org.elasticsearch.gradle.MavenFilteringHack`
			`import org.elasticsearch.gradle.VersionProperties`
re-enable shield example realm QA test Original commit: elastic/x-pack-elasticsearch@98fd46f3aa838bc54a9dc9c2c30ab1664929fa3a 2015-11-24 20:10:46 -05:00
Make xpack extensible: * Add XPackExtension: an api class (like Plugin in core) for what a x-pack extension can do. * Add XPackExtensionCli: a cli tool for adding, removing and listing extensions for x-pack. * Add XPackExtensionService: loading of jars from pluginsdir/x-pack/extensions, into child classloader. * Add bin/x-pack/extension script, similar to plugin cli, which installs an extension into pluginsdir/x-pack/extensions. * Add XPack extension integration test. Fixed elastic/elasticsearch#1515 Original commit: elastic/x-pack-elasticsearch@130ba03270b8c59faafc0b049a735005998a8392 2016-03-07 12:00:30 -05:00			`apply plugin: 'elasticsearch.build'`
re-enable shield example realm QA test Original commit: elastic/x-pack-elasticsearch@98fd46f3aa838bc54a9dc9c2c30ab1664929fa3a 2015-11-24 20:10:46 -05:00
			`dependencies {`
Make xpack extensible: * Add XPackExtension: an api class (like Plugin in core) for what a x-pack extension can do. * Add XPackExtensionCli: a cli tool for adding, removing and listing extensions for x-pack. * Add XPackExtensionService: loading of jars from pluginsdir/x-pack/extensions, into child classloader. * Add bin/x-pack/extension script, similar to plugin cli, which installs an extension into pluginsdir/x-pack/extensions. * Add XPack extension integration test. Fixed elastic/elasticsearch#1515 Original commit: elastic/x-pack-elasticsearch@130ba03270b8c59faafc0b049a735005998a8392 2016-03-07 12:00:30 -05:00			`provided "org.elasticsearch:elasticsearch:${versions.elasticsearch}"`
Rename x-pack project names to new names with split repo Original commit: elastic/x-pack-elasticsearch@5a908f5dcce10ba112c29702b94e46e69181bd12 2017-02-10 14:02:42 -05:00			`provided project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')`
add a PreBuiltXPackTransportClient This change adds a transport client that comes preconfigured with the same plugins as the PreBuiltTransportClient and also adds x-pack. Closes elastic/elasticsearch#2970 Original commit: elastic/x-pack-elasticsearch@bb60534bd494de6a7dc6152d1727972f5f451711 2016-08-31 11:48:26 -04:00
			`testCompile "org.elasticsearch.test:framework:${project.versions.elasticsearch}"`
Rename x-pack project names to new names with split repo Original commit: elastic/x-pack-elasticsearch@5a908f5dcce10ba112c29702b94e46e69181bd12 2017-02-10 14:02:42 -05:00			`testCompile project(path: ':x-pack-elasticsearch:transport-client', configuration: 'runtime')`
re-enable shield example realm QA test Original commit: elastic/x-pack-elasticsearch@98fd46f3aa838bc54a9dc9c2c30ab1664929fa3a 2015-11-24 20:10:46 -05:00			`}`

Make xpack extensible: * Add XPackExtension: an api class (like Plugin in core) for what a x-pack extension can do. * Add XPackExtensionCli: a cli tool for adding, removing and listing extensions for x-pack. * Add XPackExtensionService: loading of jars from pluginsdir/x-pack/extensions, into child classloader. * Add bin/x-pack/extension script, similar to plugin cli, which installs an extension into pluginsdir/x-pack/extensions. * Add XPack extension integration test. Fixed elastic/elasticsearch#1515 Original commit: elastic/x-pack-elasticsearch@130ba03270b8c59faafc0b049a735005998a8392 2016-03-07 12:00:30 -05:00			`Map generateSubstitutions() {`
			`def stringSnap = { version ->`
			`if (version.endsWith("-SNAPSHOT")) {`
			`return version.substring(0, version.length() - 9)`
			`}`
			`return version`
			`}`
			`return [`
			`'version': stringSnap(version),`
			`'xpack.version': stringSnap(VersionProperties.elasticsearch),`
			`'java.version': targetCompatibility as String`
			`]`
			`}`
re-enable shield example realm QA test Original commit: elastic/x-pack-elasticsearch@98fd46f3aa838bc54a9dc9c2c30ab1664929fa3a 2015-11-24 20:10:46 -05:00
security: ssl by default on the transport layer This commit adds the necessary changes to make SSL work on the transport layer by default. A large portion of the SSL configuration/settings was re-worked with this change. Some notable highlights include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and separate LDAP configuration. The following is a list of specific items addressed: * `SSLSettings` renamed to `SSLConfiguration` * `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null) * Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting. * We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting * LDAP realms can now have their own SSL configurations * HTTP can now have its own SSL configuration * SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names. * `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled` * added Bouncy Castle info to NOTICE * consolidated NOTICE and LICENSE files Closes elastic/elasticsearch#14 Closes elastic/elasticsearch#34 Closes elastic/elasticsearch#1483 Closes elastic/elasticsearch#1933 Addresses security portion of elastic/elasticsearch#673 Original commit: elastic/x-pack-elasticsearch@7c359db90bbea93110f3824ede82c09eafcd2f79 2016-04-12 09:19:07 -04:00			`String outputDir = "generated-resources/${project.name}"`
			`task copyXPackPluginProps(type: Copy) {`
Rename x-pack project names to new names with split repo Original commit: elastic/x-pack-elasticsearch@5a908f5dcce10ba112c29702b94e46e69181bd12 2017-02-10 14:02:42 -05:00			`from project(':x-pack-elasticsearch:plugin').file('src/main/plugin-metadata')`
			`from project(':x-pack-elasticsearch:plugin').tasks.pluginProperties`
security: ssl by default on the transport layer This commit adds the necessary changes to make SSL work on the transport layer by default. A large portion of the SSL configuration/settings was re-worked with this change. Some notable highlights include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and separate LDAP configuration. The following is a list of specific items addressed: * `SSLSettings` renamed to `SSLConfiguration` * `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null) * Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting. * We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting * LDAP realms can now have their own SSL configurations * HTTP can now have its own SSL configuration * SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names. * `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled` * added Bouncy Castle info to NOTICE * consolidated NOTICE and LICENSE files Closes elastic/elasticsearch#14 Closes elastic/elasticsearch#34 Closes elastic/elasticsearch#1483 Closes elastic/elasticsearch#1933 Addresses security portion of elastic/elasticsearch#673 Original commit: elastic/x-pack-elasticsearch@7c359db90bbea93110f3824ede82c09eafcd2f79 2016-04-12 09:19:07 -04:00			`into outputDir`
			`}`
			`project.sourceSets.test.output.dir(outputDir, builtBy: copyXPackPluginProps)`

Make xpack extensible: * Add XPackExtension: an api class (like Plugin in core) for what a x-pack extension can do. * Add XPackExtensionCli: a cli tool for adding, removing and listing extensions for x-pack. * Add XPackExtensionService: loading of jars from pluginsdir/x-pack/extensions, into child classloader. * Add bin/x-pack/extension script, similar to plugin cli, which installs an extension into pluginsdir/x-pack/extensions. * Add XPack extension integration test. Fixed elastic/elasticsearch#1515 Original commit: elastic/x-pack-elasticsearch@130ba03270b8c59faafc0b049a735005998a8392 2016-03-07 12:00:30 -05:00			`processResources {`
			`MavenFilteringHack.filter(it, generateSubstitutions())`
			`}`

			`task buildZip(type:Zip, dependsOn: [jar]) {`
Elasticsearch: Rename plugin from 'xpack' to 'x-pack' This is just to be consistent with out naming, which is supposed to be `x-pack`. Closes elastic/elasticsearch#1759 Original commit: elastic/x-pack-elasticsearch@0697f7085513eac564aa68af98b7f3edb1f36785 2016-03-30 03:07:57 -04:00			`from 'build/resources/main/x-pack-extension-descriptor.properties'`
Add support for a policy file (x-pack-extension-security.policy) in an x-pack extension Fix elastic/elasticsearch#2094 Original commit: elastic/x-pack-elasticsearch@bc017064d03608a3d4edcfc454bfed597078ca66 2016-06-02 08:43:00 -04:00			`from 'build/resources/main/x-pack-extension-security.policy'`
Make xpack extensible: * Add XPackExtension: an api class (like Plugin in core) for what a x-pack extension can do. * Add XPackExtensionCli: a cli tool for adding, removing and listing extensions for x-pack. * Add XPackExtensionService: loading of jars from pluginsdir/x-pack/extensions, into child classloader. * Add bin/x-pack/extension script, similar to plugin cli, which installs an extension into pluginsdir/x-pack/extensions. * Add XPack extension integration test. Fixed elastic/elasticsearch#1515 Original commit: elastic/x-pack-elasticsearch@130ba03270b8c59faafc0b049a735005998a8392 2016-03-07 12:00:30 -05:00			`from project.jar`
			`}`

			`task integTest(type: org.elasticsearch.gradle.test.RestIntegTestTask, dependsOn: buildZip) {`
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`mustRunAfter precommit`
			`}`

			`integTestRunner {`
test: disable security manager for custom realm integration tests Original commit: elastic/x-pack-elasticsearch@4bcd7675b2d1f484ae0e9a1c04e0411eb0b234d3 2016-12-21 16:05:43 -05:00			`systemProperty 'tests.security.manager', 'false'`
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`}`
			`integTestCluster {`
			`plugin ':x-pack-elasticsearch:plugin'`
			`setting 'xpack.security.authc.realms.custom.order', '0'`
			`setting 'xpack.security.authc.realms.custom.type', 'custom'`
			`setting 'xpack.security.authc.realms.custom.filtered_setting', 'should be filtered'`
			`setting 'xpack.security.authc.realms.esusers.order', '1'`
			`setting 'xpack.security.authc.realms.esusers.type', 'file'`
re-enable shield example realm QA test Original commit: elastic/x-pack-elasticsearch@98fd46f3aa838bc54a9dc9c2c30ab1664929fa3a 2015-11-24 20:10:46 -05:00
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`setupCommand 'setupDummyUser',`
			`'bin/x-pack/users', 'useradd', 'test_user', '-p', 'changeme', '-r', 'superuser'`
			`setupCommand 'installExtension',`
			`'bin/x-pack/extension', 'install', 'file:' + buildZip.archivePath`
			`waitCondition = { node, ant ->`
			`File tmpFile = new File(node.cwd, 'wait.success')`
			`ant.get(src: "http://${node.httpUri()}",`
			`dest: tmpFile.toString(),`
			`username: 'test_user',`
			`password: 'changeme',`
			`ignoreerrors: true,`
			`retries: 10)`
			`return tmpFile.exists()`
re-enable shield example realm QA test Original commit: elastic/x-pack-elasticsearch@98fd46f3aa838bc54a9dc9c2c30ab1664929fa3a 2015-11-24 20:10:46 -05:00			`}`
			`}`
Make xpack extensible: * Add XPackExtension: an api class (like Plugin in core) for what a x-pack extension can do. * Add XPackExtensionCli: a cli tool for adding, removing and listing extensions for x-pack. * Add XPackExtensionService: loading of jars from pluginsdir/x-pack/extensions, into child classloader. * Add bin/x-pack/extension script, similar to plugin cli, which installs an extension into pluginsdir/x-pack/extensions. * Add XPack extension integration test. Fixed elastic/elasticsearch#1515 Original commit: elastic/x-pack-elasticsearch@130ba03270b8c59faafc0b049a735005998a8392 2016-03-07 12:00:30 -05:00			`check.dependsOn integTest`