2018-07-24 10:44:26 -04:00
|
|
|
import java.nio.file.Path
|
|
|
|
import java.nio.file.Paths
|
|
|
|
import java.nio.file.Files
|
|
|
|
|
|
|
|
apply plugin: 'elasticsearch.vagrantsupport'
|
|
|
|
apply plugin: 'elasticsearch.standalone-rest-test'
|
|
|
|
apply plugin: 'elasticsearch.rest-test'
|
|
|
|
|
|
|
|
dependencies {
|
2018-07-25 00:14:19 -04:00
|
|
|
testCompile project(path: xpackModule('core'), configuration: 'shadow')
|
2018-07-24 10:44:26 -04:00
|
|
|
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
|
|
|
testCompile project(path: xpackModule('security'), configuration: 'testArtifacts')
|
|
|
|
}
|
|
|
|
|
|
|
|
// MIT Kerberos Vagrant Testing Fixture
|
|
|
|
String box = "krb5kdc"
|
|
|
|
Map<String,String> vagrantEnvVars = [
|
|
|
|
'VAGRANT_CWD' : "${project(':test:fixtures:krb5kdc-fixture').projectDir}",
|
|
|
|
'VAGRANT_VAGRANTFILE' : 'Vagrantfile',
|
|
|
|
'VAGRANT_PROJECT_DIR' : "${project(':test:fixtures:krb5kdc-fixture').projectDir}"
|
|
|
|
]
|
|
|
|
|
|
|
|
task krb5kdcUpdate(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
|
|
|
|
command 'box'
|
|
|
|
subcommand 'update'
|
|
|
|
boxName box
|
|
|
|
environmentVars vagrantEnvVars
|
|
|
|
dependsOn "vagrantCheckVersion", "virtualboxCheckVersion"
|
|
|
|
}
|
|
|
|
|
|
|
|
task krb5kdcFixture(type: org.elasticsearch.gradle.test.VagrantFixture) {
|
|
|
|
command 'up'
|
|
|
|
args '--provision', '--provider', 'virtualbox'
|
|
|
|
boxName box
|
|
|
|
environmentVars vagrantEnvVars
|
|
|
|
dependsOn krb5kdcUpdate
|
|
|
|
}
|
|
|
|
|
2018-07-31 22:57:33 -04:00
|
|
|
// lazily resolve to avoid any slowdowns from DNS lookups prior to when we need this value
|
|
|
|
Object httpPrincipal = new Object() {
|
|
|
|
@Override
|
|
|
|
String toString() {
|
|
|
|
InetAddress resolvedAddress = InetAddress.getByName('127.0.0.1')
|
2018-08-06 09:51:43 -04:00
|
|
|
return "HTTP/" + resolvedAddress.getCanonicalHostName()
|
2018-07-31 22:57:33 -04:00
|
|
|
}
|
|
|
|
}
|
2018-07-24 10:44:26 -04:00
|
|
|
|
|
|
|
String realm = "BUILD.ELASTIC.CO"
|
|
|
|
|
2018-07-31 22:57:33 -04:00
|
|
|
task 'addPrincipal#peppa'(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
|
|
|
|
command 'ssh'
|
|
|
|
args '--command', "sudo bash /vagrant/src/main/resources/provision/addprinc.sh peppa "
|
|
|
|
boxName box
|
|
|
|
environmentVars vagrantEnvVars
|
|
|
|
dependsOn krb5kdcFixture
|
|
|
|
}
|
|
|
|
|
|
|
|
task 'addPrincipal#george'(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
|
|
|
|
command 'ssh'
|
|
|
|
args '--command', "sudo bash /vagrant/src/main/resources/provision/addprinc.sh george dino"
|
|
|
|
boxName box
|
|
|
|
environmentVars vagrantEnvVars
|
|
|
|
dependsOn krb5kdcFixture
|
|
|
|
}
|
|
|
|
|
|
|
|
task 'addPrincipal#HTTP'(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
|
|
|
|
command 'ssh'
|
|
|
|
args '--command', "sudo bash /vagrant/src/main/resources/provision/addprinc.sh $httpPrincipal"
|
|
|
|
boxName box
|
|
|
|
environmentVars vagrantEnvVars
|
|
|
|
dependsOn krb5kdcFixture
|
2018-07-24 10:44:26 -04:00
|
|
|
}
|
|
|
|
|
2018-07-31 22:57:33 -04:00
|
|
|
task krb5AddPrincipals { dependsOn krb5kdcFixture, 'addPrincipal#peppa', 'addPrincipal#george', 'addPrincipal#HTTP' }
|
|
|
|
|
2018-07-24 10:44:26 -04:00
|
|
|
def generatedResources = "$buildDir/generated-resources/keytabs"
|
|
|
|
task copyKeytabToGeneratedResources(type: Copy) {
|
|
|
|
Path peppaKeytab = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("keytabs").resolve("peppa.keytab").toAbsolutePath()
|
|
|
|
from peppaKeytab;
|
|
|
|
into generatedResources
|
|
|
|
dependsOn krb5AddPrincipals
|
|
|
|
}
|
|
|
|
|
|
|
|
integTestCluster {
|
2018-07-31 22:57:33 -04:00
|
|
|
// force localhost IPv4 otherwise it is a chicken and egg problem where we need the keytab for the hostname when starting the cluster
|
|
|
|
// but do not know the exact address that is first in the http ports file
|
|
|
|
setting 'http.host', '127.0.0.1'
|
2018-07-24 10:44:26 -04:00
|
|
|
setting 'xpack.license.self_generated.type', 'trial'
|
|
|
|
setting 'xpack.security.enabled', 'true'
|
|
|
|
setting 'xpack.security.authc.realms.file.type', 'file'
|
|
|
|
setting 'xpack.security.authc.realms.file.order', '0'
|
|
|
|
setting 'xpack.ml.enabled', 'false'
|
|
|
|
setting 'xpack.security.audit.enabled', 'true'
|
|
|
|
// Kerberos realm
|
|
|
|
setting 'xpack.security.authc.realms.kerberos.type', 'kerberos'
|
|
|
|
setting 'xpack.security.authc.realms.kerberos.order', '1'
|
|
|
|
setting 'xpack.security.authc.realms.kerberos.keytab.path', 'es.keytab'
|
|
|
|
setting 'xpack.security.authc.realms.kerberos.krb.debug', 'true'
|
|
|
|
setting 'xpack.security.authc.realms.kerberos.remove_realm_name', 'false'
|
|
|
|
|
|
|
|
Path krb5conf = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("conf").resolve("krb5.conf").toAbsolutePath()
|
|
|
|
String jvmArgsStr = " -Djava.security.krb5.conf=${krb5conf}" + " -Dsun.security.krb5.debug=true"
|
|
|
|
jvmArgs jvmArgsStr
|
2018-07-31 22:57:33 -04:00
|
|
|
Path esKeytab = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("keytabs")
|
|
|
|
.resolve("$httpPrincipal".replace('/', '_') + ".keytab").toAbsolutePath()
|
2018-07-24 10:44:26 -04:00
|
|
|
extraConfigFile("es.keytab", "${esKeytab}")
|
|
|
|
|
|
|
|
setupCommand 'setupTestAdmin',
|
|
|
|
'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser"
|
|
|
|
|
|
|
|
waitCondition = { node, ant ->
|
|
|
|
File tmpFile = new File(node.cwd, 'wait.success')
|
|
|
|
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
|
|
|
|
dest: tmpFile.toString(),
|
|
|
|
username: 'test_admin',
|
|
|
|
password: 'x-pack-test-password',
|
|
|
|
ignoreerrors: true,
|
|
|
|
retries: 10)
|
|
|
|
return tmpFile.exists()
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
integTestRunner {
|
|
|
|
Path peppaKeytab = Paths.get("${project.buildDir}", "generated-resources", "keytabs", "peppa.keytab")
|
|
|
|
systemProperty 'test.userkt', "peppa@${realm}"
|
|
|
|
systemProperty 'test.userkt.keytab', "${peppaKeytab}"
|
|
|
|
systemProperty 'test.userpwd', "george@${realm}"
|
|
|
|
systemProperty 'test.userpwd.password', "dino"
|
|
|
|
systemProperty 'tests.security.manager', 'true'
|
|
|
|
Path krb5conf = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("conf").resolve("krb5.conf").toAbsolutePath()
|
|
|
|
List jvmargs = ["-Djava.security.krb5.conf=${krb5conf}","-Dsun.security.krb5.debug=true"]
|
|
|
|
jvmArgs jvmargs
|
|
|
|
}
|
|
|
|
|
|
|
|
if (project.rootProject.vagrantSupported == false) {
|
|
|
|
integTest.enabled = false
|
|
|
|
} else {
|
2018-07-26 22:01:52 -04:00
|
|
|
project.sourceSets.test.output.dir(generatedResources)
|
2018-07-24 10:44:26 -04:00
|
|
|
integTestCluster.dependsOn krb5AddPrincipals, krb5kdcFixture, copyKeytabToGeneratedResources
|
|
|
|
integTest.finalizedBy project(':test:fixtures:krb5kdc-fixture').halt
|
|
|
|
}
|