OpenSearch/qa/sql/security/build.gradle

67 lines
3.2 KiB
Groovy
Raw Normal View History

Move all sql integration tests into qa (elastic/x-pack-elasticsearch#2432) Builds on elastic/x-pack-elasticsearch#2403 to move all of sql's integration testing into qa modules with different running server configurations. The big advantage of this is that it allows us to test the cli and jdbc with security present. Creating a project that depends on both cli and jdbc and the server has some prickly jar hell issues because cli and jdbc package their dependencies in the jar. This works around it in a few days: 1. Include only a single copy of the JDBC dependencies with careful gradle work. 2. Do not include the CLI on the classpath at all and instead run it externally. I say "run it externally" rather than "fork it" because Elasticsearch tests aren't allowed to fork other processes. This is forbidden by seccomp on linux and seatbelt on osx and cannot be explicitly requested like additional security manager settings. So instead of forking the CLI process directly the tests interact with a test fixture that isn't bound by Elasticsearch's rules and *can* fork it. This forking of the CLI has a nice side effect: it forces us to make sure that things like security and connection strings other than `localhost:9200` work. The old test could and did work around missing features like that. The new tests cannot so I added the ability to set the connection string. Configuring usernames and passwords was also not supported but I did not add support for that, only created the failing test and marked it as `@AwaitsFix`. Original commit: elastic/x-pack-elasticsearch@560c6815e3e03306270a2affd758763f34613891
2017-09-21 09:58:52 -04:00
dependencies {
testCompile(project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')) {
transitive = false
}
}
integTestCluster {
// Setup auditing so we can use it in some tests
setting 'xpack.security.audit.enabled', 'true'
setting 'xpack.security.audit.outputs', '[logfile, index]'
// Only log the events we need so we don't have as much to sort through
setting 'xpack.security.audit.index.events.include', '[access_denied, access_granted]'
// Try and speed up audit logging without overwelming it
setting 'xpack.security.audit.index.flush_interval', '250ms'
// NOCOMMIT reenable after https://github.com/elastic/x-pack-elasticsearch/issues/2705 for lower overhead tests
// see the NOCOMMIT in RestSqlSecurityIT#cleanAuditLogs and revert to 1 minute once this is reenabled
// setting 'xpack.security.audit.index.settings.index.number_of_shards', '1'
// setting 'xpack.security.audit.index.settings.index.refresh_interval', '250ms'
// Setup roles used by tests
extraConfigFile 'x-pack/roles.yml', 'roles.yml'
/* Setup the one admin user that we run the tests as.
* Tests use "run as" to get different users. */
setupCommand 'setupUser#test_admin',
'bin/x-pack/users', 'useradd', 'test_admin', '-p', 'x-pack-test-password', '-r', 'superuser'
// Override the wait condition to work properly with security
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_admin',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
}
run {
// Enabled audit logging so we can test it
setting 'xpack.security.audit.enabled', 'true'
setting 'xpack.security.audit.outputs', '[logfile, index]'
// Only log the events we need so we don't have as much to sort through
setting 'xpack.security.audit.index.events.include', '[access_denied, access_granted]'
// Try and speed up audit logging without overwelming it
setting 'xpack.security.audit.index.flush_interval', '250ms'
// NOCOMMIT reenable after https://github.com/elastic/x-pack-elasticsearch/issues/2705 for lower overhead tests
// setting 'xpack.security.audit.index.settings.index.number_of_shards', '1'
// setting 'xpack.security.audit.index.settings.index.refresh_interval', '250ms'
// Setup roles used by tests
extraConfigFile 'x-pack/roles.yml', 'roles.yml'
/* Setup the one admin user that we run the tests as.
* Tests use "run as" to get different users. */
setupCommand 'setupUser#test_admin',
'bin/x-pack/users', 'useradd', 'test_admin', '-p', 'x-pack-test-password', '-r', 'superuser'
// Override the wait condition to work properly with security
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_admin',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
}