honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/qa/reindex-tests-with-security/build.gradle

55 lines
2.4 KiB
Groovy
Raw Normal View History

[7.x] Introduce type-safe and consistent pattern for handling build globals (#48818) This commit introduces a consistent, and type-safe manner for handling global build parameters through out our build logic. Primarily this replaces the existing usages of extra properties with static accessors. It also introduces and explicit API for initialization and mutation of any such parameters, as well as better error handling for uninitialized or eager access of parameter values. Closes #42042
2019-11-01 14:33:11 -04:00
import org.elasticsearch.gradle.info.BuildParams
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
apply plugin: 'elasticsearch.testclusters'
Switch from standalone-test to standalone-rest-test standalone-rest-test doesn't configure unit tests and for these integTest only projects that is what we want. Original commit: elastic/x-pack-elasticsearch@f576dfdfbbe8ddb901311ed94c03d84f9bf1bdd5
2017-01-04 14:27:53 -05:00
apply plugin: 'elasticsearch.standalone-rest-test'
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0
2016-03-08 17:15:40 -05:00
apply plugin: 'elasticsearch.rest-test'
dependencies {
Build: Rework shadow plugin configuration (#32409) This reworks how we configure the `shadow` plugin in the build. The major change is that we no longer bundle dependencies in the `compile` configuration, instead we bundle dependencies in the new `bundle` configuration. This feels more right because it is a little more "opt in" rather than "opt out" and the name of the `bundle` configuration is a little more obvious. As an neat side effect of this, the `runtimeElements` configuration used when one project depends on another now contains exactly the dependencies needed to run the project so you no longer need to reference projects that use the shadow plugin like this: ``` testCompile project(path: ':client:rest-high-level', configuration: 'shadow') ``` You can instead use the much more normal: ``` testCompile "org.elasticsearch.client:elasticsearch-rest-high-level-client:${version}" ```
2018-08-21 20:03:28 -04:00
testCompile project(path: xpackModule('core'), configuration: 'default')
Build: Replace references to x-pack-elasticsearch paths with helper methods (elastic/x-pack-elasticsearch#3748) In order to more easily integrate xpack once it moves into the elasticsearch repo, references to the existing x-pack-elasticsearch need to be reduced. This commit introduces a few helper "methods" available to any project within xpack (through gradle project extension properties, as closures). All refeerences to project paths now use these helper methods, except for those pertaining to bwc, which will be handled in a followup. Original commit: elastic/x-pack-elasticsearch@850668744c7188f3ca8d6ff561c99fbd8995288e
2018-01-27 00:48:30 -05:00
testCompile project(path: xpackModule('security'), configuration: 'testArtifacts')
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
Security: add tests for delete and update by query Original commit: elastic/x-pack-elasticsearch@e85877d03f4ed9148cd9931e942653138e31fe48
2016-08-11 13:28:36 -04:00
testCompile project(path: ':modules:reindex')
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0
2016-03-08 17:15:40 -05:00
}
Enable SSL in reindex with security QA tests (#37600) Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Relates: #37527
2019-01-31 04:59:50 -05:00
forbiddenPatterns {
Apply 2-space indent to all gradle scripts (#49071) Backport of #48849. Update `.editorconfig` to make the Java settings the default for all files, and then apply a 2-space indent to all `*.gradle` files. Then reformat all the files.
2019-11-14 06:01:23 -05:00
exclude '**/*.key'
exclude '**/*.pem'
exclude '**/*.p12'
exclude '**/*.jks'
Enable SSL in reindex with security QA tests (#37600) Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Relates: #37527
2019-01-31 04:59:50 -05:00
}
File caFile = project.file('src/test/resources/ssl/ca.p12')
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
testClusters.integTest {
Convert testclusters to use distro download plugin (#44253) (#44362) Test clusters currently has its own set of logic for dealing with finding different versions of Elasticsearch, downloading them, and extracting them. This commit converts testclusters to use the DistributionDownloadPlugin.
2019-07-15 20:53:05 -04:00
testDistribution = 'DEFAULT'
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5
2017-02-22 03:56:52 -05:00
// Whitelist reindexing from the local node so we can test it.
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
extraConfigFile 'http.key', file('src/test/resources/ssl/http.key')
extraConfigFile 'http.crt', file('src/test/resources/ssl/http.crt')
Enable SSL in reindex with security QA tests (#37600) Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Relates: #37527
2019-01-31 04:59:50 -05:00
extraConfigFile 'ca.p12', caFile
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5
2017-02-22 03:56:52 -05:00
setting 'reindex.remote.whitelist', '127.0.0.1:*'
Disable security for trial licenses by default (elastic/x-pack-elasticsearch#4120) This change disables security for trial licenses unless security is explicitly enabled in the settings. This is done to facilitate users getting started and not having to deal with some of the complexities involved in getting security configured. In order to do this and avoid disabling security for existing users that have gold or platinum licenses, we have to disable security after cluster formation so that the license can be retrieved. relates elastic/x-pack-elasticsearch#4078 Original commit: elastic/x-pack-elasticsearch@96bdb889fc74d4871c43df71354a21549cc53a3e
2018-03-21 23:09:44 -04:00
setting 'xpack.security.enabled', 'true'
[TEST] Disable ml in qa modules where necessary Original commit: elastic/x-pack-elasticsearch@bb311b44d7289ec94b62a1f10d64a51c20d40b49
2017-03-02 12:01:05 -05:00
setting 'xpack.ml.enabled', 'false'
Default to basic license at startup (elastic/x-pack-elasticsearch#3878) This is related to elastic/x-pack-elasticsearch#3877. This commit modifies the license settings to default to self generating a basic license. Original commit: elastic/x-pack-elasticsearch@cd6ee8e06f17c213544ae1c06cfe8ebfa85b9f68
2018-02-12 14:57:04 -05:00
setting 'xpack.license.self_generated.type', 'trial'
Enable SSL in reindex with security QA tests (#37600) Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Relates: #37527
2019-01-31 04:59:50 -05:00
setting 'xpack.security.http.ssl.enabled', 'true'
setting 'xpack.security.http.ssl.certificate', 'http.crt'
setting 'xpack.security.http.ssl.key', 'http.key'
setting 'xpack.security.http.ssl.key_passphrase', 'http-password'
setting 'reindex.ssl.truststore.path', 'ca.p12'
setting 'reindex.ssl.truststore.password', 'password'
Update ciphers for TLSv1.3 and JDK11 if available (#42082) This commit updates the default ciphers and TLS protocols that are used when the runtime JDK supports them. New cipher support has been introduced in JDK 11 and 12 along with performance fixes for AES GCM. The ciphers are ordered with PFS ciphers being most preferred, then AEAD ciphers, and finally those with mainstream hardware support. When available stronger encryption is preferred for a given cipher. This is a backport of #41385 and #41808. There are known JDK bugs with TLSv1.3 that have been fixed in various versions. These are: 1. The JDK's bundled HttpsServer will endless loop under JDK11 and JDK 12.0 (Fixed in 12.0.1) based on the way the Apache HttpClient performs a close (half close). 2. In all versions of JDK 11 and 12, the HttpsServer will endless loop when certificates are not trusted or another handshake error occurs. An email has been sent to the openjdk security-dev list and #38646 is open to track this. 3. In JDK 11.0.2 and prior there is a race condition with session resumption that leads to handshake errors when multiple concurrent handshakes are going on between the same client and server. This bug does not appear when client authentication is in use. This is JDK-8213202, which was fixed in 11.0.3 and 12.0. 4. In JDK 11.0.2 and prior there is a bug where resumed TLS sessions do not retain peer certificate information. This is JDK-8212885. The way these issues are addressed is that the current java version is checked and used to determine the supported protocols for tests that provoke these issues.
2019-05-20 09:45:36 -04:00
// Workaround for JDK-8212885
Refactor global build info plugin to leverage JavaInstallationRegistry (#54026) This commit removes the configuration time vs execution time distinction with regards to certain BuildParms properties. Because of the cost of determining Java versions for configuration JDK locations we deferred this until execution time. This had two main downsides. First, we had to implement all this build logic in tasks, which required a bunch of additional plumbing and complexity. Second, because some information wasn't known during configuration time, we had to nest any build logic that depended on this in awkward callbacks. We now defer to the JavaInstallationRegistry recently added in Gradle. This utility uses a much more efficient method for probing Java installations vs our jrunscript implementation. This, combined with some optimizations to avoid probing the current JVM as well as deferring some evaluation via Providers when probing installations for BWC builds we can maintain effectively the same configuration time performance while removing a bunch of complexity and runtime cost (snapshotting inputs for the GenerateGlobalBuildInfoTask was very expensive). The end result should be a much more responsive build execution in almost all scenarios. (cherry picked from commit ecdbd37f2e0f0447ed574b306adb64c19adc3ce1)
2020-03-23 18:30:10 -04:00
if (BuildParams.runtimeJavaVersion.isJava12Compatible() == false) {
setting 'reindex.ssl.supported_protocols', 'TLSv1.2'
Update ciphers for TLSv1.3 and JDK11 if available (#42082) This commit updates the default ciphers and TLS protocols that are used when the runtime JDK supports them. New cipher support has been introduced in JDK 11 and 12 along with performance fixes for AES GCM. The ciphers are ordered with PFS ciphers being most preferred, then AEAD ciphers, and finally those with mainstream hardware support. When available stronger encryption is preferred for a given cipher. This is a backport of #41385 and #41808. There are known JDK bugs with TLSv1.3 that have been fixed in various versions. These are: 1. The JDK's bundled HttpsServer will endless loop under JDK11 and JDK 12.0 (Fixed in 12.0.1) based on the way the Apache HttpClient performs a close (half close). 2. In all versions of JDK 11 and 12, the HttpsServer will endless loop when certificates are not trusted or another handshake error occurs. An email has been sent to the openjdk security-dev list and #38646 is open to track this. 3. In JDK 11.0.2 and prior there is a race condition with session resumption that leads to handshake errors when multiple concurrent handshakes are going on between the same client and server. This bug does not appear when client authentication is in use. This is JDK-8213202, which was fixed in 11.0.3 and 12.0. 4. In JDK 11.0.2 and prior there is a bug where resumed TLS sessions do not retain peer certificate information. This is JDK-8212885. The way these issues are addressed is that the current java version is checked and used to determine the supported protocols for tests that provoke these issues.
2019-05-20 09:45:36 -04:00
}
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
extraConfigFile 'roles.yml', file('roles.yml')
user username: "test_admin", password: 'x-pack-test-password', role: "superuser"
user username: "powerful_user", password: 'x-pack-test-password', role: "superuser"
user username: "minimal_user", password: 'x-pack-test-password', role: "minimal"
user username: "minimal_with_task_user", password: 'x-pack-test-password', role: "minimal_with_task"
user username: "readonly_user", password: 'x-pack-test-password', role: "readonly"
user username: "dest_only_user", password: 'x-pack-test-password', role: "dest_only"
user username: "can_not_see_hidden_docs_user", password: 'x-pack-test-password', role: "can_not_see_hidden_docs"
user username: "can_not_see_hidden_fields_user", password: 'x-pack-test-password', role: "can_not_see_hidden_fields"
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0
2016-03-08 17:15:40 -05:00
}