honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/plugin/build.gradle

157 lines
6.2 KiB
Groovy
Raw Normal View History

Test: use TLS for plugin integ tests Original commit: elastic/x-pack-elasticsearch@99971d72566b85a3a04314f908089a8ce3048a2d
2017-09-14 17:57:28 -04:00
import org.elasticsearch.gradle.LoggedExec
Add check for feature aware implementations (#31081) This commit adds a check that any class in X-Pack that is a feature aware custom also implements the appropriate mix-in interface in X-Pack. These interfaces provide a default implementation of FeatureAware#getRequiredFeature that returns that x-pack is the required feature. By implementing this interface, this gives a consistent way for X-Pack feature aware customs to return the appopriate required feature and this check enforces that all such feature aware customs return the appropriate required feature.
2018-06-05 19:56:22 -04:00
import org.elasticsearch.gradle.plugin.PluginBuildPlugin
Enforce Java version The Elastic Secrets vault is served via HTTPS with a Let's Encrypt certificate. The root certificate that cross-signed the Let's Encrypt certificates were not trusted by the JDK until 8u101. This commit adds a version check at the start of the build to make it clear the cause of the underlying issue, and what the fix is. Relates elastic/x-pack-elasticsearch#541 Original commit: elastic/x-pack-elasticsearch@6bf8076cb669c41901b91938447999d4d5844bf6
2017-02-11 12:12:26 -05:00
import org.elasticsearch.gradle.test.NodeInfo
Watcher: Add JIRA action (elastic/elasticsearch#4014) closes elastic/elasticsearch#493 Original commit: elastic/x-pack-elasticsearch@6b7387d3e4c1d5d3a62a72b782fda4a378e055f1
2016-11-21 04:52:55 -05:00
Moved directories around Original commit: elastic/x-pack-elasticsearch@2018bb5f9fe306e67418627851b2d712d6fcba8c
2016-09-29 06:03:14 -04:00
import java.nio.charset.StandardCharsets
Build: Turn on license header checks This is dependent on elastic/elasticsearchelastic/elasticsearch#19589. It also fixes the existing files that either were missing the license header or had the open source license header. Original commit: elastic/x-pack-elasticsearch@2642c20381ddfecd6d602ad8426f197ba4e4f002
2016-07-25 20:09:54 -04:00
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
apply plugin: 'elasticsearch.testclusters'
Make xpack modules instead of a meta plugin (#30589) This commit removes xpack from being a meta-plugin-as-a-module. It also fixes a couple tests which were missing task dependencies, which failed once the gradle execution order changed.
2018-05-16 18:35:57 -04:00
apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test'
Moved directories around Original commit: elastic/x-pack-elasticsearch@2018bb5f9fe306e67418627851b2d712d6fcba8c
2016-09-29 06:03:14 -04:00
Build: Remove x-pack-api jar (elastic/x-pack-elasticsearch#3864) The api jar was added for xpack extensions. However, extensions have been removed in favor of using SPI, and the individual xpack jars like core and security are published to enable this. This commit removes the api jar, and switches the transport client to use the core jar (which the api jar was just a rename of). Original commit: elastic/x-pack-elasticsearch@58e069e66ca4712aa842f59195e78815319c0d37
2018-02-07 22:21:43 -05:00
archivesBaseName = 'x-pack'
Moved directories around Original commit: elastic/x-pack-elasticsearch@2018bb5f9fe306e67418627851b2d712d6fcba8c
2016-09-29 06:03:14 -04:00
Split up xpack plugins into their own modules (elastic/x-pack-elasticsearch#3643) Thanks to some great work by a bunch of amazing people, the chuck norris xpack split is a go! Original commit: elastic/x-pack-elasticsearch@dad98e28f4043f805907af2ad441908f64ca6c70
2018-01-20 00:30:17 -05:00
dependencies {
Build: Replace references to x-pack-elasticsearch paths with helper methods (elastic/x-pack-elasticsearch#3748) In order to more easily integrate xpack once it moves into the elasticsearch repo, references to the existing x-pack-elasticsearch need to be reduced. This commit introduces a few helper "methods" available to any project within xpack (through gradle project extension properties, as closures). All refeerences to project paths now use these helper methods, except for those pertaining to bwc, which will be handled in a followup. Original commit: elastic/x-pack-elasticsearch@850668744c7188f3ca8d6ff561c99fbd8995288e
2018-01-27 00:48:30 -05:00
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
Fix LDAP Authc connections deadlock (elastic/x-pack-elasticsearch#2587) Do not execute bind on on the LDAP reader thread Each LDAP connection has a single associated thread, executing the handlers for async requests; this is managed by the LDAP library. The bind operation is blocking for the connection. It is a deadlock to call bind, if on the LDAP reader thread for the same connection, because waiting for the bind response blocks the thread processing responses (for this connection). This will execute the bind operation (and the subsequent runnable) on a thread pool after checking for the conflict above. Closes: elastic/x-pack-elasticsearch#2570, elastic/x-pack-elasticsearch#2620 Original commit: elastic/x-pack-elasticsearch@404a3d873782c590a9043ae08c45db0b463968cd
2017-10-09 06:06:12 -04:00
}
Add check for feature aware implementations (#31081) This commit adds a check that any class in X-Pack that is a feature aware custom also implements the appropriate mix-in interface in X-Pack. These interfaces provide a default implementation of FeatureAware#getRequiredFeature that returns that x-pack is the required feature. By implementing this interface, this gives a consistent way for X-Pack feature aware customs to return the appopriate required feature and this check enforces that all such feature aware customs return the appropriate required feature.
2018-06-05 19:56:22 -04:00
subprojects {
afterEvaluate {
if (project.plugins.hasPlugin(PluginBuildPlugin)) {
// see the root Gradle file for additional logic regarding this configuration
project.configurations.create('featureAwarePlugin')
project.dependencies.add('featureAwarePlugin', project.configurations.compileClasspath)
[Backport] Remove dependency substitutions 7.x (#42866) * Remove unnecessary usage of Gradle dependency substitution rules (#42773) (cherry picked from commit 12d583dbf6f7d44f00aa365e34fc7e937c3c61f7)
2019-06-04 16:50:23 -04:00
project.dependencies.add('featureAwarePlugin', project(':x-pack:test:feature-aware'))
Add check for feature aware implementations (#31081) This commit adds a check that any class in X-Pack that is a feature aware custom also implements the appropriate mix-in interface in X-Pack. These interfaces provide a default implementation of FeatureAware#getRequiredFeature that returns that x-pack is the required feature. By implementing this interface, this gives a consistent way for X-Pack feature aware customs to return the appopriate required feature and this check enforces that all such feature aware customs return the appropriate required feature.
2018-06-05 19:56:22 -04:00
project.dependencies.add('featureAwarePlugin', project.sourceSets.main.output.getClassesDirs())
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
File successMarker = file("$buildDir/markers/featureAware")
task featureAwareCheck(type: LoggedExec) {
Add check for feature aware implementations (#31081) This commit adds a check that any class in X-Pack that is a feature aware custom also implements the appropriate mix-in interface in X-Pack. These interfaces provide a default implementation of FeatureAware#getRequiredFeature that returns that x-pack is the required feature. By implementing this interface, this gives a consistent way for X-Pack feature aware customs to return the appopriate required feature and this check enforces that all such feature aware customs return the appropriate required feature.
2018-06-05 19:56:22 -04:00
description = "Runs FeatureAwareCheck on main classes."
dependsOn project.configurations.featureAwarePlugin
outputs.file(successMarker)
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
executable = "${project.runtimeJavaHome}/bin/java"
Add check for feature aware implementations (#31081) This commit adds a check that any class in X-Pack that is a feature aware custom also implements the appropriate mix-in interface in X-Pack. These interfaces provide a default implementation of FeatureAware#getRequiredFeature that returns that x-pack is the required feature. By implementing this interface, this gives a consistent way for X-Pack feature aware customs to return the appopriate required feature and this check enforces that all such feature aware customs return the appropriate required feature.
2018-06-05 19:56:22 -04:00
// default to main class files if such a source set exists
final List files = []
if (project.sourceSets.findByName("main")) {
Fix gradle4.8 deprecation warnings (#31654) * remove explicit wrapper task It's created by Gradle and triggers a deprecation warning Simplify configuration * Upgrade shadow plugin to get rid of Gradle deprecation * Move compile configuration to base plugin Solves Gradle deprecation warning from earlier Gradle versions * Enable stable publishing in the Gradle build * Replace usage of deprecated property * bump Gradle version in build compare
2018-06-29 15:17:19 -04:00
files.add(project.sourceSets.main.output.classesDirs)
Add check for feature aware implementations (#31081) This commit adds a check that any class in X-Pack that is a feature aware custom also implements the appropriate mix-in interface in X-Pack. These interfaces provide a default implementation of FeatureAware#getRequiredFeature that returns that x-pack is the required feature. By implementing this interface, this gives a consistent way for X-Pack feature aware customs to return the appopriate required feature and this check enforces that all such feature aware customs return the appropriate required feature.
2018-06-05 19:56:22 -04:00
dependsOn project.tasks.classes
}
// filter out non-existent classes directories from empty source sets
final FileCollection classDirectories = project.files(files).filter { it.exists() }
Skip feature aware check on JDK 14 (#45928) ASM can not currently handle classes compiled with JDK 14. This commit skips these checks on JDK 14, for now.
2019-08-23 17:38:15 -04:00
onlyIf {
/*
* The latest version of ASM does not understand JDK 14. However, Gradle can not distinguish between JDK 13 and JDK 14 (treating
* anything above JDK 12 as JDK 13). So, to exclude JDK 14 until a newer version of ASM is available, we also have to exclude JDK
* 13. See https://github.com/elastic/elasticsearch/issues/45927.
*/
Integer.parseInt(project.runtimeJavaVersion.getMajorVersion()) < 13
}
Add check for feature aware implementations (#31081) This commit adds a check that any class in X-Pack that is a feature aware custom also implements the appropriate mix-in interface in X-Pack. These interfaces provide a default implementation of FeatureAware#getRequiredFeature that returns that x-pack is the required feature. By implementing this interface, this gives a consistent way for X-Pack feature aware customs to return the appopriate required feature and this check enforces that all such feature aware customs return the appropriate required feature.
2018-06-05 19:56:22 -04:00
doFirst {
SQL: Fix build on Java 10 Due to a runtime classpath clash, featureAware task was failing on JVMs higher than 1.8 (since the ASM version from Painless was used instead which does not recognized Java 9 or 10 bytecode) causing the task to fail. This commit excludes the ASM dependency (since it's not used by SQL itself).
2018-06-14 11:07:29 -04:00
args('-cp', project.configurations.featureAwarePlugin.asPath, 'org.elasticsearch.xpack.test.feature_aware.FeatureAwareCheck')
Add check for feature aware implementations (#31081) This commit adds a check that any class in X-Pack that is a feature aware custom also implements the appropriate mix-in interface in X-Pack. These interfaces provide a default implementation of FeatureAware#getRequiredFeature that returns that x-pack is the required feature. By implementing this interface, this gives a consistent way for X-Pack feature aware customs to return the appopriate required feature and this check enforces that all such feature aware customs return the appropriate required feature.
2018-06-05 19:56:22 -04:00
classDirectories.each { args it.getAbsolutePath() }
}
doLast {
successMarker.parentFile.mkdirs()
successMarker.setText("", 'UTF-8')
}
}
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
project.precommit.dependsOn featureAwareCheck
Add check for feature aware implementations (#31081) This commit adds a check that any class in X-Pack that is a feature aware custom also implements the appropriate mix-in interface in X-Pack. These interfaces provide a default implementation of FeatureAware#getRequiredFeature that returns that x-pack is the required feature. By implementing this interface, this gives a consistent way for X-Pack feature aware customs to return the appopriate required feature and this check enforces that all such feature aware customs return the appropriate required feature.
2018-06-05 19:56:22 -04:00
}
}
}
Split up xpack plugins into their own modules (elastic/x-pack-elasticsearch#3643) Thanks to some great work by a bunch of amazing people, the chuck norris xpack split is a go! Original commit: elastic/x-pack-elasticsearch@dad98e28f4043f805907af2ad441908f64ca6c70
2018-01-20 00:30:17 -05:00
// https://github.com/elastic/x-plugins/issues/724
configurations {
testArtifacts.extendsFrom testRuntime
[ML] Include C++ 3rd party notices in X-Pack combined NOTICES file (elastic/x-pack-elasticsearch#953) relates elastic/x-pack-elasticsearch#620 Original commit: elastic/x-pack-elasticsearch@5d73bd340c28cb074c8e702e68e9383e41d6ee56
2017-04-10 07:40:07 -04:00
}
Split up xpack plugins into their own modules (elastic/x-pack-elasticsearch#3643) Thanks to some great work by a bunch of amazing people, the chuck norris xpack split is a go! Original commit: elastic/x-pack-elasticsearch@dad98e28f4043f805907af2ad441908f64ca6c70
2018-01-20 00:30:17 -05:00
task testJar(type: Jar) {
appendix 'test'
from sourceSets.test.output
Build: Assert jar LICENSE and NOTICE files match Adds tasks that check that the all jars that we build have LICENSE.txt and NOTICE.txt files and that the files are correct. Sets check to depend on these task. This is mostly there for extra parnoia because we automatically configure all Jar tasks to include the LICENSE.txt and NOTICE.txt files anyway. But it is quite possible to add configuration to those tasks that would override either file. This causes check to depend on several more things than it used to. Take, for example, javadoc: check depends on the new verifyJavadocJarNotice which depends on extractJavadocJar which depends on javadocJar which depends on javadoc, this check now depends on javadoc.
2018-04-25 09:38:31 -04:00
/*
* Stick the license and notice file in the jar. This isn't strictly
* needed because we don't publish it but it makes our super-paranoid
* tests happy.
*/
metaInf {
from(project.licenseFile.parent) {
include project.licenseFile.name
rename { 'LICENSE.txt' }
}
from(project.noticeFile.parent) {
include project.noticeFile.name
}
}
Opt some files out of 140 character line length If elasticsearch merges https://github.com/elastic/elasticsearch/pull/16413 then the build will fail catastrophically without this. The goal here is to opt these files out of the line length checks while they don't pass and we can get them passing as time permits and opt them back in. In the mean time all files that pass the line length check will have the check enforced. This also gives you a spot to add x-plugins opt outs for core's checkstyle rules in case you have generated files or something like that. Original commit: elastic/x-pack-elasticsearch@63a1ad2f79658cb973a2dee555cba488c61432a4
2016-02-03 11:21:55 -05:00
}
Split up xpack plugins into their own modules (elastic/x-pack-elasticsearch#3643) Thanks to some great work by a bunch of amazing people, the chuck norris xpack split is a go! Original commit: elastic/x-pack-elasticsearch@dad98e28f4043f805907af2ad441908f64ca6c70
2018-01-20 00:30:17 -05:00
artifacts {
testArtifacts testJar
Moved directories around Original commit: elastic/x-pack-elasticsearch@2018bb5f9fe306e67418627851b2d712d6fcba8c
2016-09-29 06:03:14 -04:00
}
Allow Integ Tests to run in a FIPS-140 JVM (#31989) * Complete changes for running IT in a fips JVM - Mute :x-pack:qa:sql:security:ssl:integTest as it cannot run in FIPS 140 JVM until the SQL CLI supports key/cert. - Set default JVM keystore/truststore password in top level build script for all integTest tasks in a FIPS 140 JVM - Changed top level x-pack build script to use keys and certificates for trust/key material when spinning up clusters for IT
2018-07-24 05:48:14 -04:00
// location for keys and certificates
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
File keystoreDir = file("$buildDir/keystore")
Allow Integ Tests to run in a FIPS-140 JVM (#31989) * Complete changes for running IT in a fips JVM - Mute :x-pack:qa:sql:security:ssl:integTest as it cannot run in FIPS 140 JVM until the SQL CLI supports key/cert. - Set default JVM keystore/truststore password in top level build script for all integTest tasks in a FIPS 140 JVM - Changed top level x-pack build script to use keys and certificates for trust/key material when spinning up clusters for IT
2018-07-24 05:48:14 -04:00
File nodeKey = file("$keystoreDir/testnode.pem")
File nodeCert = file("$keystoreDir/testnode.crt")
// Add key and certs to test classpath: it expects them there
// User cert and key PEM files instead of a JKS Keystore for the cluster's trust material so that
// it can run in a FIPS 140 JVM
// TODO: Remove all existing uses of cross project file references when the new approach for referencing static files is available
// https://github.com/elastic/elasticsearch/pull/32201
task copyKeyCerts(type: Copy) {
from(project(':x-pack:plugin:core').file('src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/')) {
include 'testnode.crt', 'testnode.pem'
Test: use TLS for plugin integ tests Original commit: elastic/x-pack-elasticsearch@99971d72566b85a3a04314f908089a8ce3048a2d
2017-09-14 17:57:28 -04:00
}
Allow Integ Tests to run in a FIPS-140 JVM (#31989) * Complete changes for running IT in a fips JVM - Mute :x-pack:qa:sql:security:ssl:integTest as it cannot run in FIPS 140 JVM until the SQL CLI supports key/cert. - Set default JVM keystore/truststore password in top level build script for all integTest tasks in a FIPS 140 JVM - Changed top level x-pack build script to use keys and certificates for trust/key material when spinning up clusters for IT
2018-07-24 05:48:14 -04:00
into keystoreDir
Test: use TLS for plugin integ tests Original commit: elastic/x-pack-elasticsearch@99971d72566b85a3a04314f908089a8ce3048a2d
2017-09-14 17:57:28 -04:00
}
// Add keystores to test classpath: it expects it there
sourceSets.test.resources.srcDir(keystoreDir)
Allow Integ Tests to run in a FIPS-140 JVM (#31989) * Complete changes for running IT in a fips JVM - Mute :x-pack:qa:sql:security:ssl:integTest as it cannot run in FIPS 140 JVM until the SQL CLI supports key/cert. - Set default JVM keystore/truststore password in top level build script for all integTest tasks in a FIPS 140 JVM - Changed top level x-pack build script to use keys and certificates for trust/key material when spinning up clusters for IT
2018-07-24 05:48:14 -04:00
processTestResources.dependsOn(copyKeyCerts)
Test: use TLS for plugin integ tests Original commit: elastic/x-pack-elasticsearch@99971d72566b85a3a04314f908089a8ce3048a2d
2017-09-14 17:57:28 -04:00
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
integTest.runner {
/*
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
* other if we allow them to set the number of available processors as it's set-once in Netty.
*/
systemProperty 'es.set.netty.runtime.available.processors', 'false'
// TODO: fix this rest test to not depend on a hardcoded port!
def blacklist = ['getting_started/10_monitor_cluster_health/*']
boolean snapshot = Boolean.valueOf(System.getProperty("build.snapshot", "true"))
if (!snapshot) {
// these tests attempt to install basic/internal licenses signed against the dev/public.key
// Since there is no infrastructure in place (anytime soon) to generate licenses using the production
// private key, these tests are whitelisted in non-snapshot test runs
blacklist.addAll(['xpack/15_basic/*', 'license/20_put_license/*'])
}
systemProperty 'tests.rest.blacklist', blacklist.join(',')
Allow Integ Tests to run in a FIPS-140 JVM (#31989) * Complete changes for running IT in a fips JVM - Mute :x-pack:qa:sql:security:ssl:integTest as it cannot run in FIPS 140 JVM until the SQL CLI supports key/cert. - Set default JVM keystore/truststore password in top level build script for all integTest tasks in a FIPS 140 JVM - Changed top level x-pack build script to use keys and certificates for trust/key material when spinning up clusters for IT
2018-07-24 05:48:14 -04:00
dependsOn copyKeyCerts
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
}
testClusters.integTest {
Convert testclusters to use distro download plugin (#44253) (#44362) Test clusters currently has its own set of logic for dealing with finding different versions of Elasticsearch, downloading them, and extracting them. This commit converts testclusters to use the DistributionDownloadPlugin.
2019-07-15 20:53:05 -04:00
testDistribution = 'DEFAULT' // this is important since we use the reindex module in ML
Build: Convert integ test dsl to new split cluster/runner dsl This is the xpack side of elastic/elasticsearch#23304 Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d5caca252a49662fc91ce5de36b15f5
2017-02-22 03:56:52 -05:00
setting 'xpack.ml.enabled', 'true'
Disable security for trial licenses by default (elastic/x-pack-elasticsearch#4120) This change disables security for trial licenses unless security is explicitly enabled in the settings. This is done to facilitate users getting started and not having to deal with some of the complexities involved in getting security configured. In order to do this and avoid disabling security for existing users that have gold or platinum licenses, we have to disable security after cluster formation so that the license can be retrieved. relates elastic/x-pack-elasticsearch#4078 Original commit: elastic/x-pack-elasticsearch@96bdb889fc74d4871c43df71354a21549cc53a3e
2018-03-21 23:09:44 -04:00
setting 'xpack.security.enabled', 'true'
[Test] Reenable Monitoring Bulk tests (elastic/x-pack-elasticsearch#908) This commit reenables the Monitoring Bulk Api REST tests. The XPackRestIT now enables/disables the local default exporter before executing the monitoring tests, and also waits for the monitoring service to be started before executing the test. Original commit: elastic/x-pack-elasticsearch@10b696198c8790da86b7ad9aa075d5606c171959
2017-04-04 08:44:40 -04:00
// Integration tests are supposed to enable/disable exporters before/after each test
setting 'xpack.monitoring.exporters._local.type', 'local'
setting 'xpack.monitoring.exporters._local.enabled', 'false'
TOKEN_SERVICE_ENABLED_SETTING enabled if HTTP_SSL_ENABLED (elastic/x-pack-elasticsearch#2321) `authc.token.enabled` is true unless `http.ssl.enabled` is `false` and `http.enabled` is `true`. * TokenService default enabled if HTTP_ENABLED == false * Fixed tests that need TokenService explicitly enabled * [DOC] Default value for `xpack.security.authc.token.enabled` Original commit: elastic/x-pack-elasticsearch@bd154d16eb0da6b77029f5f678a6d35aae7418ac
2017-08-23 06:21:30 -04:00
setting 'xpack.security.authc.token.enabled', 'true'
Add support for API keys to access Elasticsearch (#38291) X-Pack security supports built-in authentication service `token-service` that allows access tokens to be used to access Elasticsearch without using Basic authentication. The tokens are generated by `token-service` based on OAuth2 spec. The access token is a short-lived token (defaults to 20m) and refresh token with a lifetime of 24 hours, making them unsuitable for long-lived or recurring tasks where the system might go offline thereby failing refresh of tokens. This commit introduces a built-in authentication service `api-key-service` that adds support for long-lived tokens aka API keys to access Elasticsearch. The `api-key-service` is consulted after `token-service` in the authentication chain. By default, if TLS is enabled then `api-key-service` is also enabled. The service can be disabled using the configuration setting. The API keys:- - by default do not have an expiration but expiration can be configured where the API keys need to be expired after a certain amount of time. - when generated will keep authentication information of the user that generated them. - can be defined with a role describing the privileges for accessing Elasticsearch and will be limited by the role of the user that generated them - can be invalidated via invalidation API - information can be retrieved via a get API - that have been expired or invalidated will be retained for 1 week before being deleted. The expired API keys remover task handles this. Following are the API key management APIs:- 1. Create API Key - `PUT/POST /_security/api_key` 2. Get API key(s) - `GET /_security/api_key` 3. Invalidate API Key(s) `DELETE /_security/api_key` The API keys can be used to access Elasticsearch using `Authorization` header, where the auth scheme is `ApiKey` and the credentials, is the base64 encoding of API key Id and API key separated by a colon. Example:- ``` curl -H "Authorization: ApiKey YXBpLWtleS1pZDphcGkta2V5" http://localhost:9200/_cluster/health ``` Closes #34383
2019-02-04 22:21:57 -05:00
setting 'xpack.security.authc.api_key.enabled', 'true'
Test: use TLS for plugin integ tests Original commit: elastic/x-pack-elasticsearch@99971d72566b85a3a04314f908089a8ce3048a2d
2017-09-14 17:57:28 -04:00
setting 'xpack.security.transport.ssl.enabled', 'true'
Allow Integ Tests to run in a FIPS-140 JVM (#31989) * Complete changes for running IT in a fips JVM - Mute :x-pack:qa:sql:security:ssl:integTest as it cannot run in FIPS 140 JVM until the SQL CLI supports key/cert. - Set default JVM keystore/truststore password in top level build script for all integTest tasks in a FIPS 140 JVM - Changed top level x-pack build script to use keys and certificates for trust/key material when spinning up clusters for IT
2018-07-24 05:48:14 -04:00
setting 'xpack.security.transport.ssl.key', nodeKey.name
setting 'xpack.security.transport.ssl.certificate', nodeCert.name
Test: use TLS for plugin integ tests Original commit: elastic/x-pack-elasticsearch@99971d72566b85a3a04314f908089a8ce3048a2d
2017-09-14 17:57:28 -04:00
setting 'xpack.security.transport.ssl.verification_mode', 'certificate'
Remove InternalClient and InternalSecurityClient (elastic/x-pack-elasticsearch#3054) This change removes the InternalClient and the InternalSecurityClient. These are replaced with usage of the ThreadContext and a transient value, `action.origin`, to indicate which component the request came from. The security code has been updated to look for this value and ensure the request is executed as the proper user. This work comes from elastic/x-pack-elasticsearch#2808 where @s1monw suggested that we do this. While working on this, I came across index template registries and rather than updating them to use the new method, I replaced the ML one with the template upgrade framework so that we could remove this template registry. The watcher template registry is still needed as the template must be updated for rolling upgrades to work (see elastic/x-pack-elasticsearch#2950). Original commit: elastic/x-pack-elasticsearch@7dbf2f263e73331f380fd5101188483cd5abe5ba
2017-11-22 10:35:18 -05:00
setting 'xpack.security.audit.enabled', 'true'
Default to basic license at startup (elastic/x-pack-elasticsearch#3878) This is related to elastic/x-pack-elasticsearch#3877. This commit modifies the license settings to default to self generating a basic license. Original commit: elastic/x-pack-elasticsearch@cd6ee8e06f17c213544ae1c06cfe8ebfa85b9f68
2018-02-12 14:57:04 -05:00
setting 'xpack.license.self_generated.type', 'trial'
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
keystore 'bootstrap.password', 'x-pack-test-password'
keystore 'xpack.security.transport.ssl.secure_key_passphrase', 'testnode'
Require elastic password be bootstrapped (elastic/x-pack-elasticsearch#1962) This is related to elastic/x-pack-elasticsearch#1217. This commit requires that the elastic password be bootstrapped for the user to be authenticated. As a result it removes the special "setup" mode that allowed the user to be authenticated from localhost. Additionally, this commit updates the tests to work with this functionality. Original commit: elastic/x-pack-elasticsearch@d0d5d697a757dc74d00d2b368b48c721655a836c
2017-07-13 20:59:50 -04:00
Testclusters: conver remaining x-pack (#43335) Convert x-pack tests
2019-06-20 02:21:29 -04:00
user username: "x_pack_rest_user", password: "x-pack-test-password"
Allow Integ Tests to run in a FIPS-140 JVM (#31989) * Complete changes for running IT in a fips JVM - Mute :x-pack:qa:sql:security:ssl:integTest as it cannot run in FIPS 140 JVM until the SQL CLI supports key/cert. - Set default JVM keystore/truststore password in top level build script for all integTest tasks in a FIPS 140 JVM - Changed top level x-pack build script to use keys and certificates for trust/key material when spinning up clusters for IT
2018-07-24 05:48:14 -04:00
extraConfigFile nodeKey.name, nodeKey
extraConfigFile nodeCert.name, nodeCert
Add support for switching distribution for all integration tests (#30874) * remove left-over comment * make sure of the property for plugins * skip installing modules if these exist in the distribution * Log the distrbution being ran * Don't allow running with integ-tests-zip passed externally * top level x-pack/qa can't run with oss distro * Add support for matching objects in lists Makes it possible to have a key that points to a list and assert that a certain object is present in the list. All keys have to be present and values have to match. The objects in the source list may have additional fields. example: ``` match: { 'nodes.$master.plugins': { name: ingest-attachment } } ``` * Update plugin and module tests to work with other distributions Some of the tests expected that the integration tests will always be ran with the `integ-test-zip` distribution so that there will be no other plugins loaded. With this change, we check for the presence of the plugin without assuming exclusivity. * Allow modules to run on other distros as well To match the behavior of tets.distributions * Add and use a new `contains` assertion Replaces the previus changes that caused `match` to do a partial match. * Implement PR review comments
2018-06-26 09:49:03 -04:00
}