2018-01-27 00:48:30 -05:00
|
|
|
Project idpFixtureProject = xpackProject("test:idp-fixture")
|
|
|
|
evaluationDependsOn(idpFixtureProject.path)
|
|
|
|
|
2018-01-30 07:03:04 -05:00
|
|
|
apply plugin: 'elasticsearch.standalone-rest-test'
|
|
|
|
apply plugin: 'elasticsearch.rest-test'
|
2019-03-12 17:54:23 -04:00
|
|
|
apply plugin: 'elasticsearch.test.fixtures'
|
2018-01-20 17:43:00 -05:00
|
|
|
|
|
|
|
dependencies {
|
2018-08-21 20:03:28 -04:00
|
|
|
// "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here
|
|
|
|
testCompile project(path: xpackModule('core'), configuration: 'default')
|
2018-01-27 00:48:30 -05:00
|
|
|
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
|
|
|
testCompile project(path: xpackModule('security'), configuration: 'testArtifacts')
|
2018-01-20 17:43:00 -05:00
|
|
|
testCompile 'com.google.jimfs:jimfs:1.1'
|
|
|
|
}
|
2019-03-12 17:54:23 -04:00
|
|
|
testFixtures.useFixture ":x-pack:test:idp-fixture"
|
2018-01-20 17:43:00 -05:00
|
|
|
|
|
|
|
|
2018-05-10 09:35:23 -04:00
|
|
|
String outputDir = "${project.buildDir}/generated-resources/${project.name}"
|
2018-01-30 07:03:04 -05:00
|
|
|
task copyIdpCertificate(type: Copy) {
|
2019-03-12 17:54:23 -04:00
|
|
|
from idpFixtureProject.file('idp/shibboleth-idp/credentials/idp-browser.pem');
|
2018-01-30 07:03:04 -05:00
|
|
|
into outputDir
|
|
|
|
}
|
2019-03-12 17:54:23 -04:00
|
|
|
project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpCertificate)
|
|
|
|
integTestCluster.dependsOn copyIdpCertificate
|
2018-01-20 17:43:00 -05:00
|
|
|
|
2018-01-30 07:03:04 -05:00
|
|
|
integTestCluster {
|
2018-02-13 06:16:53 -05:00
|
|
|
setting 'xpack.license.self_generated.type', 'trial'
|
2018-03-21 23:09:44 -04:00
|
|
|
setting 'xpack.security.enabled', 'true'
|
2018-01-30 07:03:04 -05:00
|
|
|
setting 'xpack.security.http.ssl.enabled', 'false'
|
|
|
|
setting 'xpack.security.authc.token.enabled', 'true'
|
2018-11-05 22:56:50 -05:00
|
|
|
setting 'xpack.security.authc.realms.file.file.order', '0'
|
2018-08-30 23:25:27 -04:00
|
|
|
// SAML realm 1 (no authorization_realms)
|
2018-11-05 22:56:50 -05:00
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.order', '1'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.idp.entity_id', 'https://test.shibboleth.elastic.local/'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.idp.metadata.path', 'idp-metadata.xml'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.sp.entity_id', 'http://mock1.http.elastic.local/'
|
2018-01-30 07:03:04 -05:00
|
|
|
// The port in the ACS URL is fake - the test will bind the mock webserver
|
|
|
|
// to a random port and then whenever it needs to connect to a URL on the
|
|
|
|
// mock webserver it will replace 54321 with the real port
|
2018-11-05 22:56:50 -05:00
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.sp.acs', 'http://localhost:54321/saml/acs1'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.principal', 'uid'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.name', 'urn:oid:2.5.4.3'
|
2018-08-30 23:25:27 -04:00
|
|
|
// SAML realm 2 (uses authorization_realms)
|
2018-11-05 22:56:50 -05:00
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.order', '2'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.entity_id', 'https://test.shibboleth.elastic.local/'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.metadata.path', 'idp-metadata.xml'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.entity_id', 'http://mock2.http.elastic.local/'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.acs', 'http://localhost:54321/saml/acs2'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.attributes.principal', 'uid'
|
|
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.authorization_realms', 'native'
|
|
|
|
setting 'xpack.security.authc.realms.native.native.order', '3'
|
2018-08-30 23:25:27 -04:00
|
|
|
|
2018-01-30 07:03:04 -05:00
|
|
|
setting 'xpack.ml.enabled', 'false'
|
|
|
|
|
2019-03-12 17:54:23 -04:00
|
|
|
extraConfigFile 'idp-metadata.xml', idpFixtureProject.file("idp/shibboleth-idp/metadata/idp-metadata.xml")
|
2018-01-30 07:03:04 -05:00
|
|
|
|
|
|
|
setupCommand 'setupTestAdmin',
|
2018-04-11 11:36:12 -04:00
|
|
|
'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser"
|
2018-01-30 07:03:04 -05:00
|
|
|
|
|
|
|
waitCondition = { node, ant ->
|
|
|
|
File tmpFile = new File(node.cwd, 'wait.success')
|
|
|
|
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
|
|
|
|
dest: tmpFile.toString(),
|
|
|
|
username: 'test_admin',
|
|
|
|
password: 'x-pack-test-password',
|
|
|
|
ignoreerrors: true,
|
|
|
|
retries: 10)
|
|
|
|
return tmpFile.exists()
|
|
|
|
}
|
2018-01-20 17:43:00 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
forbiddenPatterns {
|
|
|
|
exclude '**/*.der'
|
|
|
|
exclude '**/*.p12'
|
|
|
|
exclude '**/*.key'
|
|
|
|
}
|
|
|
|
|
2019-01-07 10:24:19 -05:00
|
|
|
thirdPartyAudit {
|
|
|
|
ignoreViolations (
|
|
|
|
// uses internal java api: sun.misc.Unsafe
|
|
|
|
'com.google.common.cache.Striped64',
|
|
|
|
'com.google.common.cache.Striped64$1',
|
|
|
|
'com.google.common.cache.Striped64$Cell',
|
|
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
|
|
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
|
|
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
|
|
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1'
|
|
|
|
)
|
|
|
|
|
|
|
|
ignoreMissingClasses (
|
|
|
|
'com.ibm.icu.lang.UCharacter'
|
|
|
|
)
|
|
|
|
}
|