honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/qa/reindex-tests-with-security/build.gradle

56 lines
2.5 KiB
Groovy
Raw Normal View History

[7.x] Introduce type-safe and consistent pattern for handling build globals (#48818) This commit introduces a consistent, and type-safe manner for handling global build parameters through out our build logic. Primarily this replaces the existing usages of extra properties with static accessors. It also introduces and explicit API for initialization and mutation of any such parameters, as well as better error handling for uninitialized or eager access of parameter values. Closes #42042
2019-11-01 14:33:11 -04:00
import org.elasticsearch.gradle.info.BuildParams
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
apply plugin: 'elasticsearch.testclusters'
Switch from standalone-test to standalone-rest-test standalone-rest-test doesn't configure unit tests and for these integTest only projects that is what we want. Original commit: elastic/x-pack-elasticsearch@f576dfdfbbe8ddb901311ed94c03d84f9bf1bdd5
2017-01-04 14:27:53 -05:00
apply plugin: 'elasticsearch.standalone-rest-test'
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0
2016-03-08 17:15:40 -05:00
apply plugin: 'elasticsearch.rest-test'
7.x - Create plugin for yamlTest task (#56841) (#59090) This commit creates a new Gradle plugin to provide a separate task name and source set for running YAML based REST tests. The only project converted to use the new plugin in this PR is distribution/archives/integ-test-zip. For which the testing has been moved to :rest-api-spec since it makes the most sense and it avoids a small but awkward change to the distribution plugin. The remaining cases in modules, plugins, and x-pack will be handled in followups. This plugin is distinctly different from the plugin introduced in #55896 since the YAML REST tests are intended to be black box tests over HTTP. As such they should not (by default) have access to the classpath for that which they are testing. The YAML based REST tests will be moved to separate source sets (yamlRestTest). The which source is the target for the test resources is dependent on if this new plugin is applied. If it is not applied, it will default to the test source set. Further, this introduces a breaking change for plugin developers that use the YAML testing framework. They will now need to either use the new source set and matching task, or configure the rest resources to use the old "test" source set that matches the old integTest task. (The former should be preferred). As part of this change (which is also breaking for plugin developers) the rest resources plugin has been removed from the build plugin and now requires either explicit application or application via the new YAML REST test plugin. Plugin developers should be able to fix the breaking changes to the YAML tests by adding apply plugin: 'elasticsearch.yaml-rest-test' and moving the YAML tests under a yamlRestTest folder (instead of test)
2020-07-06 15:16:26 -04:00
apply plugin: 'elasticsearch.rest-resources'
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0
2016-03-08 17:15:40 -05:00
dependencies {
Remove deprecated usage of testCompile configuration (#57921) (#58083) * Remove usage of deprecated testCompile configuration * Replace testCompile usage by testImplementation * Make testImplementation non transitive by default (as we did for testCompile) * Update CONTRIBUTING about using testImplementation for test dependencies * Fail on testCompile configuration usage
2020-06-14 16:30:44 -04:00
testImplementation project(path: xpackModule('core'), configuration: 'default')
testImplementation project(path: xpackModule('security'), configuration: 'testArtifacts')
testImplementation project(path: xpackModule('core'), configuration: 'testArtifacts')
testImplementation project(path: ':modules:reindex')
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0
2016-03-08 17:15:40 -05:00
}
Enable SSL in reindex with security QA tests (#37600) Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Relates: #37527
2019-01-31 04:59:50 -05:00
forbiddenPatterns {
Apply 2-space indent to all gradle scripts (#49071) Backport of #48849. Update `.editorconfig` to make the Java settings the default for all files, and then apply a 2-space indent to all `*.gradle` files. Then reformat all the files.
2019-11-14 06:01:23 -05:00
exclude '**/*.key'
exclude '**/*.pem'
exclude '**/*.p12'
exclude '**/*.jks'
Enable SSL in reindex with security QA tests (#37600) Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Relates: #37527
2019-01-31 04:59:50 -05:00
}
File caFile = project.file('src/test/resources/ssl/ca.p12')
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
testClusters.integTest {
Convert testclusters to use distro download plugin (#44253) (#44362) Test clusters currently has its own set of logic for dealing with finding different versions of Elasticsearch, downloading them, and extracting them. This commit converts testclusters to use the DistributionDownloadPlugin.
2019-07-15 20:53:05 -04:00
testDistribution = 'DEFAULT'
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5
2017-02-22 03:56:52 -05:00
// Whitelist reindexing from the local node so we can test it.
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
extraConfigFile 'http.key', file('src/test/resources/ssl/http.key')
extraConfigFile 'http.crt', file('src/test/resources/ssl/http.crt')
Enable SSL in reindex with security QA tests (#37600) Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Relates: #37527
2019-01-31 04:59:50 -05:00
extraConfigFile 'ca.p12', caFile
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5
2017-02-22 03:56:52 -05:00
setting 'reindex.remote.whitelist', '127.0.0.1:*'
Disable security for trial licenses by default (elastic/x-pack-elasticsearch#4120) This change disables security for trial licenses unless security is explicitly enabled in the settings. This is done to facilitate users getting started and not having to deal with some of the complexities involved in getting security configured. In order to do this and avoid disabling security for existing users that have gold or platinum licenses, we have to disable security after cluster formation so that the license can be retrieved. relates elastic/x-pack-elasticsearch#4078 Original commit: elastic/x-pack-elasticsearch@96bdb889fc74d4871c43df71354a21549cc53a3e
2018-03-21 23:09:44 -04:00
setting 'xpack.security.enabled', 'true'
[TEST] Disable ml in qa modules where necessary Original commit: elastic/x-pack-elasticsearch@bb311b44d7289ec94b62a1f10d64a51c20d40b49
2017-03-02 12:01:05 -05:00
setting 'xpack.ml.enabled', 'false'
Default to basic license at startup (elastic/x-pack-elasticsearch#3878) This is related to elastic/x-pack-elasticsearch#3877. This commit modifies the license settings to default to self generating a basic license. Original commit: elastic/x-pack-elasticsearch@cd6ee8e06f17c213544ae1c06cfe8ebfa85b9f68
2018-02-12 14:57:04 -05:00
setting 'xpack.license.self_generated.type', 'trial'
Enable SSL in reindex with security QA tests (#37600) Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Relates: #37527
2019-01-31 04:59:50 -05:00
setting 'xpack.security.http.ssl.enabled', 'true'
setting 'xpack.security.http.ssl.certificate', 'http.crt'
setting 'xpack.security.http.ssl.key', 'http.key'
setting 'xpack.security.http.ssl.key_passphrase', 'http-password'
setting 'reindex.ssl.truststore.path', 'ca.p12'
setting 'reindex.ssl.truststore.password', 'password'
Update ciphers for TLSv1.3 and JDK11 if available (#42082) This commit updates the default ciphers and TLS protocols that are used when the runtime JDK supports them. New cipher support has been introduced in JDK 11 and 12 along with performance fixes for AES GCM. The ciphers are ordered with PFS ciphers being most preferred, then AEAD ciphers, and finally those with mainstream hardware support. When available stronger encryption is preferred for a given cipher. This is a backport of #41385 and #41808. There are known JDK bugs with TLSv1.3 that have been fixed in various versions. These are: 1. The JDK's bundled HttpsServer will endless loop under JDK11 and JDK 12.0 (Fixed in 12.0.1) based on the way the Apache HttpClient performs a close (half close). 2. In all versions of JDK 11 and 12, the HttpsServer will endless loop when certificates are not trusted or another handshake error occurs. An email has been sent to the openjdk security-dev list and #38646 is open to track this. 3. In JDK 11.0.2 and prior there is a race condition with session resumption that leads to handshake errors when multiple concurrent handshakes are going on between the same client and server. This bug does not appear when client authentication is in use. This is JDK-8213202, which was fixed in 11.0.3 and 12.0. 4. In JDK 11.0.2 and prior there is a bug where resumed TLS sessions do not retain peer certificate information. This is JDK-8212885. The way these issues are addressed is that the current java version is checked and used to determine the supported protocols for tests that provoke these issues.
2019-05-20 09:45:36 -04:00
// Workaround for JDK-8212885
Refactor global build info plugin to leverage JavaInstallationRegistry (#54026) This commit removes the configuration time vs execution time distinction with regards to certain BuildParms properties. Because of the cost of determining Java versions for configuration JDK locations we deferred this until execution time. This had two main downsides. First, we had to implement all this build logic in tasks, which required a bunch of additional plumbing and complexity. Second, because some information wasn't known during configuration time, we had to nest any build logic that depended on this in awkward callbacks. We now defer to the JavaInstallationRegistry recently added in Gradle. This utility uses a much more efficient method for probing Java installations vs our jrunscript implementation. This, combined with some optimizations to avoid probing the current JVM as well as deferring some evaluation via Providers when probing installations for BWC builds we can maintain effectively the same configuration time performance while removing a bunch of complexity and runtime cost (snapshotting inputs for the GenerateGlobalBuildInfoTask was very expensive). The end result should be a much more responsive build execution in almost all scenarios. (cherry picked from commit ecdbd37f2e0f0447ed574b306adb64c19adc3ce1)
2020-03-23 18:30:10 -04:00
if (BuildParams.runtimeJavaVersion.isJava12Compatible() == false) {
setting 'reindex.ssl.supported_protocols', 'TLSv1.2'
Update ciphers for TLSv1.3 and JDK11 if available (#42082) This commit updates the default ciphers and TLS protocols that are used when the runtime JDK supports them. New cipher support has been introduced in JDK 11 and 12 along with performance fixes for AES GCM. The ciphers are ordered with PFS ciphers being most preferred, then AEAD ciphers, and finally those with mainstream hardware support. When available stronger encryption is preferred for a given cipher. This is a backport of #41385 and #41808. There are known JDK bugs with TLSv1.3 that have been fixed in various versions. These are: 1. The JDK's bundled HttpsServer will endless loop under JDK11 and JDK 12.0 (Fixed in 12.0.1) based on the way the Apache HttpClient performs a close (half close). 2. In all versions of JDK 11 and 12, the HttpsServer will endless loop when certificates are not trusted or another handshake error occurs. An email has been sent to the openjdk security-dev list and #38646 is open to track this. 3. In JDK 11.0.2 and prior there is a race condition with session resumption that leads to handshake errors when multiple concurrent handshakes are going on between the same client and server. This bug does not appear when client authentication is in use. This is JDK-8213202, which was fixed in 11.0.3 and 12.0. 4. In JDK 11.0.2 and prior there is a bug where resumed TLS sessions do not retain peer certificate information. This is JDK-8212885. The way these issues are addressed is that the current java version is checked and used to determine the supported protocols for tests that provoke these issues.
2019-05-20 09:45:36 -04:00
}
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
extraConfigFile 'roles.yml', file('roles.yml')
user username: "test_admin", password: 'x-pack-test-password', role: "superuser"
user username: "powerful_user", password: 'x-pack-test-password', role: "superuser"
user username: "minimal_user", password: 'x-pack-test-password', role: "minimal"
user username: "minimal_with_task_user", password: 'x-pack-test-password', role: "minimal_with_task"
user username: "readonly_user", password: 'x-pack-test-password', role: "readonly"
user username: "dest_only_user", password: 'x-pack-test-password', role: "dest_only"
user username: "can_not_see_hidden_docs_user", password: 'x-pack-test-password', role: "can_not_see_hidden_docs"
user username: "can_not_see_hidden_fields_user", password: 'x-pack-test-password', role: "can_not_see_hidden_fields"
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0
2016-03-08 17:15:40 -05:00
}