OpenSearch/x-pack/qa/security-client-tests/build.gradle

apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test'

dependencies {
  testCompile project(path: xpackModule('core'), configuration: 'shadow')
  testCompile project(path: xpackProject('transport-client').path, configuration: 'runtime')
}

String outputDir = "${buildDir}/generated-resources/${project.name}"
task copyXPackPluginProps(type: Copy) {
  from project(xpackModule('core')).file('src/main/plugin-metadata')
  from project(xpackModule('core')).tasks.pluginProperties
  into outputDir
}
project.sourceSets.test.output.dir(outputDir, builtBy: copyXPackPluginProps)

integTestRunner {
  systemProperty 'tests.security.manager', 'false'
}

integTestCluster {
  setting 'xpack.security.enabled', 'true'
  setting 'xpack.ml.enabled', 'false'
  setting 'xpack.license.self_generated.type', 'trial'
  setupCommand 'setupDummyUser',
               'bin/elasticsearch-users', 'useradd', 'test_user', '-p', 'x-pack-test-password', '-r', 'superuser'
  setupCommand 'setupTransportClientUser',
               'bin/elasticsearch-users', 'useradd', 'transport', '-p', 'x-pack-test-password', '-r', 'transport_client'
  waitCondition = { node, ant ->
    File tmpFile = new File(node.cwd, 'wait.success')
    ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
            dest: tmpFile.toString(),
            username: 'test_user',
            password: 'x-pack-test-password',
            ignoreerrors: true,
            retries: 10)
    return tmpFile.exists()
  }
}
Switch from standalone-test to standalone-rest-test standalone-rest-test doesn't configure unit tests and for these integTest only projects that is what we want. Original commit: elastic/x-pack-elasticsearch@f576dfdfbbe8ddb901311ed94c03d84f9bf1bdd5 2017-01-04 14:27:53 -05:00			`apply plugin: 'elasticsearch.standalone-rest-test'`
Build: Add back shield client qa tests Original commit: elastic/x-pack-elasticsearch@6cecea3992aec994cbbfdbe992354168a7aecdab 2015-11-24 19:40:05 -05:00			`apply plugin: 'elasticsearch.rest-test'`

			`dependencies {`
Build: Shadow x-pack:protocol into x-pack:plugin:core (#32240) This bundles the x-pack:protocol project into the x-pack:plugin:core project because we'd like folks to consider it an implementation detail of our build rather than a separate artifact to be managed and depended on. It is now bundled into both x-pack:plugin:core and client:rest-high-level. To make this work I had to fix a few things. Firstly, I had to make PluginBuildPlugin work with the shadow plugin. In that case we have to bundle only the `shadow` dependencies and the shadow jar. Secondly, every reference to x-pack:plugin:core has to use the `shadow` configuration. Without that the reference is missing all of the un-shadowed dependencies. I tried to make it so that applying the shadow plugin automatically redefines the `default` configuration to mirror the `shadow` configuration which would allow us to use bare project references to the x-pack:plugin:core project but I couldn't make it work. It'd look like it works but then fail for transitive dependencies anyway. I think it is still a good thing to do but I don't have the willpower to do it now. Finally, I had to fix an issue where Eclipse and IntelliJ didn't properly reference shadowed transitive dependencies. Neither IDE supports shadowing natively so they have to reference the shadowed projects. We fix this by detecting `shadow` dependencies when in "Intellij mode" or "Eclipse mode" and adding `runtime` dependencies to the same target. This convinces IntelliJ and Eclipse to play nice. 2018-07-24 11:53:04 -04:00			`testCompile project(path: xpackModule('core'), configuration: 'shadow')`
Build: Replace references to x-pack-elasticsearch paths with helper methods (elastic/x-pack-elasticsearch#3748) In order to more easily integrate xpack once it moves into the elasticsearch repo, references to the existing x-pack-elasticsearch need to be reduced. This commit introduces a few helper "methods" available to any project within xpack (through gradle project extension properties, as closures). All refeerences to project paths now use these helper methods, except for those pertaining to bwc, which will be handled in a followup. Original commit: elastic/x-pack-elasticsearch@850668744c7188f3ca8d6ff561c99fbd8995288e 2018-01-27 00:48:30 -05:00			`testCompile project(path: xpackProject('transport-client').path, configuration: 'runtime')`
Build: Add back shield client qa tests Original commit: elastic/x-pack-elasticsearch@6cecea3992aec994cbbfdbe992354168a7aecdab 2015-11-24 19:40:05 -05:00			`}`

Tests: Use buildDir as base for generated-resources (#30191) This commit moves the generated-resources directory created by many qa projects into the build directory, so it is not seen as unknown files to git. 2018-04-26 18:36:14 -04:00			`String outputDir = "${buildDir}/generated-resources/${project.name}"`
security: ssl by default on the transport layer This commit adds the necessary changes to make SSL work on the transport layer by default. A large portion of the SSL configuration/settings was re-worked with this change. Some notable highlights include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and separate LDAP configuration. The following is a list of specific items addressed: * `SSLSettings` renamed to `SSLConfiguration` * `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null) * Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting. * We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting * LDAP realms can now have their own SSL configurations * HTTP can now have its own SSL configuration * SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names. * `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled` * added Bouncy Castle info to NOTICE * consolidated NOTICE and LICENSE files Closes elastic/elasticsearch#14 Closes elastic/elasticsearch#34 Closes elastic/elasticsearch#1483 Closes elastic/elasticsearch#1933 Addresses security portion of elastic/elasticsearch#673 Original commit: elastic/x-pack-elasticsearch@7c359db90bbea93110f3824ede82c09eafcd2f79 2016-04-12 09:19:07 -04:00			`task copyXPackPluginProps(type: Copy) {`
Build: Replace references to x-pack-elasticsearch paths with helper methods (elastic/x-pack-elasticsearch#3748) In order to more easily integrate xpack once it moves into the elasticsearch repo, references to the existing x-pack-elasticsearch need to be reduced. This commit introduces a few helper "methods" available to any project within xpack (through gradle project extension properties, as closures). All refeerences to project paths now use these helper methods, except for those pertaining to bwc, which will be handled in a followup. Original commit: elastic/x-pack-elasticsearch@850668744c7188f3ca8d6ff561c99fbd8995288e 2018-01-27 00:48:30 -05:00			`from project(xpackModule('core')).file('src/main/plugin-metadata')`
			`from project(xpackModule('core')).tasks.pluginProperties`
security: ssl by default on the transport layer This commit adds the necessary changes to make SSL work on the transport layer by default. A large portion of the SSL configuration/settings was re-worked with this change. Some notable highlights include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and separate LDAP configuration. The following is a list of specific items addressed: * `SSLSettings` renamed to `SSLConfiguration` * `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null) * Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting. * We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting * LDAP realms can now have their own SSL configurations * HTTP can now have its own SSL configuration * SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names. * `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled` * added Bouncy Castle info to NOTICE * consolidated NOTICE and LICENSE files Closes elastic/elasticsearch#14 Closes elastic/elasticsearch#34 Closes elastic/elasticsearch#1483 Closes elastic/elasticsearch#1933 Addresses security portion of elastic/elasticsearch#673 Original commit: elastic/x-pack-elasticsearch@7c359db90bbea93110f3824ede82c09eafcd2f79 2016-04-12 09:19:07 -04:00			`into outputDir`
			`}`
			`project.sourceSets.test.output.dir(outputDir, builtBy: copyXPackPluginProps)`

Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`integTestRunner {`
test: do not use security manager for client tests Original commit: elastic/x-pack-elasticsearch@1200a1b757ce0c07eccfaac88a4751a1c0966289 2016-12-21 14:46:18 -05:00			`systemProperty 'tests.security.manager', 'false'`
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`}`

			`integTestCluster {`
Disable security for trial licenses by default (elastic/x-pack-elasticsearch#4120) This change disables security for trial licenses unless security is explicitly enabled in the settings. This is done to facilitate users getting started and not having to deal with some of the complexities involved in getting security configured. In order to do this and avoid disabling security for existing users that have gold or platinum licenses, we have to disable security after cluster formation so that the license can be retrieved. relates elastic/x-pack-elasticsearch#4078 Original commit: elastic/x-pack-elasticsearch@96bdb889fc74d4871c43df71354a21549cc53a3e 2018-03-21 23:09:44 -04:00			`setting 'xpack.security.enabled', 'true'`
[TEST] Disable ml in qa modules where necessary Original commit: elastic/x-pack-elasticsearch@bb311b44d7289ec94b62a1f10d64a51c20d40b49 2017-03-02 12:01:05 -05:00			`setting 'xpack.ml.enabled', 'false'`
Default to basic license at startup (elastic/x-pack-elasticsearch#3878) This is related to elastic/x-pack-elasticsearch#3877. This commit modifies the license settings to default to self generating a basic license. Original commit: elastic/x-pack-elasticsearch@cd6ee8e06f17c213544ae1c06cfe8ebfa85b9f68 2018-02-12 14:57:04 -05:00			`setting 'xpack.license.self_generated.type', 'trial'`
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`setupCommand 'setupDummyUser',`
Rename users This commit renames users to elasticsearch-users. 2018-04-11 11:36:12 -04:00			`'bin/elasticsearch-users', 'useradd', 'test_user', '-p', 'x-pack-test-password', '-r', 'superuser'`
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`setupCommand 'setupTransportClientUser',`
Rename users This commit renames users to elasticsearch-users. 2018-04-11 11:36:12 -04:00			`'bin/elasticsearch-users', 'useradd', 'transport', '-p', 'x-pack-test-password', '-r', 'transport_client'`
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`waitCondition = { node, ant ->`
			`File tmpFile = new File(node.cwd, 'wait.success')`
Tests: Add cluster health check to xpack integ wait conditions (elastic/x-pack-elasticsearch#740) The wait condition used for integ tests by default calls the cluster health api with wait_for_nodes nd wait_for_status. However, xpack overrides the wait condition to add auth, but most of these conditions still looked at the root ES url, which means the tests are susceptible to race conditions with the check and node startup. This change modifies the url for the authenticated wait condtion to check the health api, with the appropriate wait_for_nodes and wait_for_status. Original commit: elastic/x-pack-elasticsearch@0b23ef528fb32a9d9778c0bdd543b55d22378f60 2017-03-15 13:23:26 -04:00			`ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",`
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`dest: tmpFile.toString(),`
			`username: 'test_user',`
Remove default passwords from reserved users (elastic/x-pack-elasticsearch#1665) This is related to elastic/x-pack-elasticsearch#1217. This PR removes the default password of "changeme" from the reserved users. This PR adds special behavior for authenticating the reserved users. No ReservedRealm user can be authenticated until its password is set. The one exception to this is the elastic user. The elastic user can be authenticated with an empty password if the action is a rest request originating from localhost. In this scenario where an elastic user is authenticated with a default password, it will have metadata indicating that it is in setup mode. An elastic user in setup mode is only authorized to execute a change password request. Original commit: elastic/x-pack-elasticsearch@e1e101a2377c1424a2baa831a49b15ff9d3772c6 2017-06-29 16:27:57 -04:00			`password: 'x-pack-test-password',`
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5 2017-02-22 03:56:52 -05:00			`ignoreerrors: true,`
			`retries: 10)`
			`return tmpFile.exists()`
Build: Add back shield client qa tests Original commit: elastic/x-pack-elasticsearch@6cecea3992aec994cbbfdbe992354168a7aecdab 2015-11-24 19:40:05 -05:00			`}`
			`}`