Merge pull request elastic/elasticsearch#1325 from rjernst/rest_alone
Test: Make rest tests extend ESTestCase Original commit: elastic/x-pack-elasticsearch@2dc384375b
This commit is contained in:
commit
142bb4c77d
|
@ -9,16 +9,12 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.elasticsearch.client.support.Headers;
|
import org.elasticsearch.client.support.Headers;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.plugins.Plugin;
|
|
||||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.Collections;
|
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
|
|
||||||
|
@ -43,18 +39,5 @@ public class RestIT extends ESRestTestCase {
|
||||||
.put(Headers.PREFIX + ".Authorization", token)
|
.put(Headers.PREFIX + ".Authorization", token)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Settings externalClusterClientSettings() {
|
|
||||||
return Settings.builder()
|
|
||||||
.put("shield.user", USER + ":" + PASS)
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
|
|
||||||
return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,23 +16,6 @@ task createKey(type: LoggedExec) {
|
||||||
project.delete(keystore.parentFile)
|
project.delete(keystore.parentFile)
|
||||||
keystore.parentFile.mkdirs()
|
keystore.parentFile.mkdirs()
|
||||||
}
|
}
|
||||||
String subjectAlternateNames = 'san=dns:localhost,ip:127.0.0.1'
|
|
||||||
// some machines have a different name for ipv6 loopback,
|
|
||||||
// at least on ubuntu its ip6-localhost. other machines, like windows,
|
|
||||||
// won't resolve it back to any hostname at all. Try to setup ipv6 to
|
|
||||||
// work in all cases.
|
|
||||||
try {
|
|
||||||
String localhost6 = InetAddress.getByName("::1").getCanonicalHostName()
|
|
||||||
if (!localhost6.equals("localhost")) {
|
|
||||||
if (localhost6.startsWith("0")) {
|
|
||||||
subjectAlternateNames += ",ip:" + localhost6
|
|
||||||
} else {
|
|
||||||
subjectAlternateNames += ",dns:" + localhost6
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (UnknownHostException ok) {
|
|
||||||
// e.g. no ipv6 support
|
|
||||||
}
|
|
||||||
executable = 'keytool'
|
executable = 'keytool'
|
||||||
standardInput = new ByteArrayInputStream('FirstName LastName\nUnit\nOrganization\nCity\nState\nNL\nyes\n\n'.getBytes('UTF-8'))
|
standardInput = new ByteArrayInputStream('FirstName LastName\nUnit\nOrganization\nCity\nState\nNL\nyes\n\n'.getBytes('UTF-8'))
|
||||||
args '-genkey',
|
args '-genkey',
|
||||||
|
@ -41,7 +24,8 @@ task createKey(type: LoggedExec) {
|
||||||
'-keyalg', 'RSA',
|
'-keyalg', 'RSA',
|
||||||
'-keysize', '2048',
|
'-keysize', '2048',
|
||||||
'-validity', '712',
|
'-validity', '712',
|
||||||
'-ext', subjectAlternateNames,
|
'-dname', 'CN=localhost',
|
||||||
|
'-keypass', 'keypass',
|
||||||
'-storepass', 'keypass'
|
'-storepass', 'keypass'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -58,6 +42,7 @@ project.rootProject.subprojects.findAll { it.path.startsWith(':plugins:') }.each
|
||||||
|
|
||||||
integTest {
|
integTest {
|
||||||
cluster {
|
cluster {
|
||||||
|
systemProperty 'es.network.host', 'localhost'
|
||||||
systemProperty 'es.marvel.agent.exporter.es.ssl.truststore.path', keystore.name
|
systemProperty 'es.marvel.agent.exporter.es.ssl.truststore.path', keystore.name
|
||||||
systemProperty 'es.marvel.agent.exporter.es.ssl.truststore.password', 'keypass'
|
systemProperty 'es.marvel.agent.exporter.es.ssl.truststore.password', 'keypass'
|
||||||
systemProperty 'es.shield.transport.ssl', 'true'
|
systemProperty 'es.shield.transport.ssl', 'true'
|
||||||
|
|
|
@ -11,13 +11,11 @@ import org.elasticsearch.ElasticsearchException;
|
||||||
import org.elasticsearch.client.support.Headers;
|
import org.elasticsearch.client.support.Headers;
|
||||||
import org.elasticsearch.common.io.PathUtils;
|
import org.elasticsearch.common.io.PathUtils;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.plugins.Plugin;
|
|
||||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.client.RestClient;
|
import org.elasticsearch.test.rest.client.RestClient;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
|
||||||
import org.junit.AfterClass;
|
import org.junit.AfterClass;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
|
||||||
|
@ -25,8 +23,6 @@ import java.io.IOException;
|
||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.Collections;
|
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
|
|
||||||
|
@ -74,20 +70,4 @@ public class SmokeTestPluginsSslIT extends ESRestTestCase {
|
||||||
.put(RestClient.TRUSTSTORE_PASSWORD, KEYSTORE_PASS)
|
.put(RestClient.TRUSTSTORE_PASSWORD, KEYSTORE_PASS)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Settings externalClusterClientSettings() {
|
|
||||||
return Settings.builder()
|
|
||||||
.put("shield.user", USER + ":" + PASS)
|
|
||||||
.put("shield.transport.ssl", true)
|
|
||||||
.put("shield.ssl.keystore.path", keyStore)
|
|
||||||
.put("shield.ssl.keystore.password", KEYSTORE_PASS)
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
|
|
||||||
return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,16 +9,12 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.elasticsearch.client.support.Headers;
|
import org.elasticsearch.client.support.Headers;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.plugins.Plugin;
|
|
||||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.Collections;
|
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
|
|
||||||
|
@ -43,17 +39,5 @@ public class SmokeTestPluginsIT extends ESRestTestCase {
|
||||||
.put(Headers.PREFIX + ".Authorization", token)
|
.put(Headers.PREFIX + ".Authorization", token)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Settings externalClusterClientSettings() {
|
|
||||||
return Settings.builder()
|
|
||||||
.put("shield.user", USER + ":" + PASS)
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
|
|
||||||
return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,33 +5,22 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.smoketest;
|
package org.elasticsearch.smoketest;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.apache.http.client.methods.HttpPut;
|
import org.apache.http.client.methods.HttpPut;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
||||||
import org.elasticsearch.common.network.NetworkAddress;
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
|
||||||
import org.elasticsearch.node.Node;
|
|
||||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
|
||||||
import org.elasticsearch.test.junit.annotations.TestLogging;
|
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
import java.net.URI;
|
|
||||||
|
|
||||||
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
|
|
||||||
|
|
||||||
|
|
||||||
@ESRestTestCase.Rest
|
|
||||||
@ClusterScope(scope = SUITE, numClientNodes = 1, transportClientRatio = 0, numDataNodes = 1, randomDynamicTemplates = false)
|
|
||||||
@TestLogging("_root:DEBUG")
|
|
||||||
public abstract class WatcherRestTestCase extends ESRestTestCase {
|
public abstract class WatcherRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
public WatcherRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
|
public WatcherRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
|
||||||
|
@ -46,8 +35,8 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
|
||||||
@Before
|
@Before
|
||||||
public void startWatcher() throws Exception {
|
public void startWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
||||||
InetSocketAddress address = cluster().httpAddresses()[0];
|
URL url = getClusterUrls()[0];
|
||||||
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_start", null, null));
|
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_watcher/_start", null, null));
|
||||||
client.execute(request);
|
client.execute(request);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -55,25 +44,9 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
|
||||||
@After
|
@After
|
||||||
public void stopWatcher() throws Exception {
|
public void stopWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
||||||
InetSocketAddress address = cluster().httpAddresses()[0];
|
URL url = getClusterUrls()[0];
|
||||||
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_stop", null, null));
|
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_watcher/_stop", null, null));
|
||||||
client.execute(request);
|
client.execute(request);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Settings nodeSettings(int nodeOrdinal) {
|
|
||||||
return Settings.builder()
|
|
||||||
.put(super.nodeSettings(nodeOrdinal))
|
|
||||||
.put(Node.HTTP_ENABLED, true)
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Settings transportClientSettings() {
|
|
||||||
return Settings.builder()
|
|
||||||
.put(Node.HTTP_ENABLED, true)
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,7 +26,7 @@ integTest {
|
||||||
setupCommand 'setupWatcherManagerUser',
|
setupCommand 'setupWatcherManagerUser',
|
||||||
'bin/x-pack/esusers', 'useradd', 'watcher_manager', '-p', 'changeme', '-r', 'watcher_manager'
|
'bin/x-pack/esusers', 'useradd', 'watcher_manager', '-p', 'changeme', '-r', 'watcher_manager'
|
||||||
setupCommand 'setupPowerlessUser',
|
setupCommand 'setupPowerlessUser',
|
||||||
'bin/x-pack/esusers', 'useradd', 'powerless_user', '-p', 'changeme', '-r', 'crapy_role'
|
'bin/x-pack/esusers', 'useradd', 'powerless_user', '-p', 'changeme', '-r', 'crappy_role'
|
||||||
waitCondition = { node, ant ->
|
waitCondition = { node, ant ->
|
||||||
File tmpFile = new File(node.cwd, 'wait.success')
|
File tmpFile = new File(node.cwd, 'wait.success')
|
||||||
ant.get(src: "http://${node.httpUri()}",
|
ant.get(src: "http://${node.httpUri()}",
|
||||||
|
|
|
@ -7,14 +7,16 @@ watcher_manager:
|
||||||
cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/health
|
cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/health
|
||||||
indices:
|
indices:
|
||||||
'.watch_history-*': all
|
'.watch_history-*': all
|
||||||
|
run_as: powerless_user, watcher_manager
|
||||||
|
|
||||||
watcher_monitor:
|
watcher_monitor:
|
||||||
cluster: monitor_watcher
|
cluster: monitor_watcher
|
||||||
indices:
|
indices:
|
||||||
'.watch_history-*': read
|
'.watch_history-*': read
|
||||||
|
|
||||||
crapy_role:
|
crappy_role:
|
||||||
cluster:
|
cluster:
|
||||||
- cluster:monitor/nodes/info
|
- cluster:monitor/nodes/info
|
||||||
- cluster:monitor/health
|
- cluster:monitor/health
|
||||||
- cluster:monitor/nodes/liveness
|
- cluster:monitor/nodes/liveness
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,10 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.smoketest;
|
package org.elasticsearch.smoketest;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.apache.http.client.methods.HttpPut;
|
import org.apache.http.client.methods.HttpPut;
|
||||||
|
@ -12,24 +16,15 @@ import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
||||||
import org.elasticsearch.client.support.Headers;
|
import org.elasticsearch.client.support.Headers;
|
||||||
import org.elasticsearch.common.network.NetworkAddress;
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.plugins.Plugin;
|
|
||||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
import java.net.URI;
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.Collections;
|
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
|
|
||||||
public class WatcherWithShieldIT extends ESRestTestCase {
|
public class WatcherWithShieldIT extends ESRestTestCase {
|
||||||
|
@ -49,8 +44,8 @@ public class WatcherWithShieldIT extends ESRestTestCase {
|
||||||
@Before
|
@Before
|
||||||
public void startWatcher() throws Exception {
|
public void startWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
||||||
InetSocketAddress address = cluster().httpAddresses()[0];
|
URL url = getClusterUrls()[0];
|
||||||
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_start", null, null));
|
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_watcher/_start", null, null));
|
||||||
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
||||||
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
|
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
|
||||||
client.execute(request);
|
client.execute(request);
|
||||||
|
@ -60,8 +55,8 @@ public class WatcherWithShieldIT extends ESRestTestCase {
|
||||||
@After
|
@After
|
||||||
public void stopWatcher() throws Exception {
|
public void stopWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
||||||
InetSocketAddress address = cluster().httpAddresses()[0];
|
URL url = getClusterUrls()[0];
|
||||||
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_stop", null, null));
|
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_watcher/_stop", null, null));
|
||||||
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
||||||
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
|
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
|
||||||
client.execute(request);
|
client.execute(request);
|
||||||
|
@ -70,28 +65,18 @@ public class WatcherWithShieldIT extends ESRestTestCase {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Settings restClientSettings() {
|
protected Settings restClientSettings() {
|
||||||
String[] credentials = getCredentials();
|
String token = basicAuthHeaderValue("watcher_manager", new SecuredString("changeme".toCharArray()));
|
||||||
String token = basicAuthHeaderValue(credentials[0], new SecuredString(credentials[1].toCharArray()));
|
|
||||||
return Settings.builder()
|
return Settings.builder()
|
||||||
.put(Headers.PREFIX + ".Authorization", token)
|
.put(Headers.PREFIX + ".Authorization", token)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Settings externalClusterClientSettings() {
|
protected Settings restAdminSettings() {
|
||||||
|
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
||||||
return Settings.builder()
|
return Settings.builder()
|
||||||
.put("shield.user", TEST_ADMIN_USERNAME + ":" + TEST_ADMIN_PASSWORD)
|
.put(Headers.PREFIX + ".Authorization", token)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected String[] getCredentials() {
|
|
||||||
return new String[]{"watcher_manager", "changeme"};
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
|
|
||||||
return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
||||||
* or more contributor license agreements. Licensed under the Elastic License;
|
|
||||||
* you may not use this file except in compliance with the Elastic License.
|
|
||||||
*/
|
|
||||||
package org.elasticsearch.smoketest;
|
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.anyOf;
|
|
||||||
import static org.hamcrest.Matchers.containsString;
|
|
||||||
|
|
||||||
public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
|
|
||||||
public WatcherWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
|
|
||||||
super(testCandidate);
|
|
||||||
}
|
|
||||||
|
|
||||||
public void test() throws IOException {
|
|
||||||
try {
|
|
||||||
super.test();
|
|
||||||
fail();
|
|
||||||
} catch(AssertionError ae) {
|
|
||||||
assertThat(ae.getMessage(), anyOf(containsString("action [cluster:monitor/watcher/"), containsString("action [cluster:admin/watcher/")));
|
|
||||||
assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
|
|
||||||
assertThat(ae.getMessage(), containsString("is unauthorized for user [powerless_user]"));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected String[] getCredentials() {
|
|
||||||
return new String[]{"powerless_user", "changeme"};
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
"Test watcher is protected by shield":
|
||||||
|
- do:
|
||||||
|
headers: {es-shield-runas-user: powerless_user}
|
||||||
|
catch: forbidden
|
||||||
|
watcher.info: {}
|
||||||
|
# there seems to be a bug in the yaml parser we use, where a single element list
|
||||||
|
# has the END_LIST token skipped...so here we just rerun the same request without
|
||||||
|
# the impersonation to show it works
|
||||||
|
- do:
|
||||||
|
watcher.info: {}
|
||||||
|
- is_true: version.build_hash
|
|
@ -5,6 +5,10 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.test.rest;
|
package org.elasticsearch.xpack.test.rest;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.apache.http.client.methods.HttpPut;
|
import org.apache.http.client.methods.HttpPut;
|
||||||
|
@ -12,33 +16,16 @@ import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
||||||
import org.elasticsearch.client.support.Headers;
|
import org.elasticsearch.client.support.Headers;
|
||||||
import org.elasticsearch.common.network.NetworkAddress;
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.plugins.Plugin;
|
|
||||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
|
||||||
import org.elasticsearch.node.Node;
|
|
||||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
|
||||||
import org.elasticsearch.test.junit.annotations.TestLogging;
|
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
import java.net.URI;
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.Collections;
|
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
|
|
||||||
|
|
||||||
|
|
||||||
@ESRestTestCase.Rest
|
|
||||||
@ClusterScope(scope = SUITE, numClientNodes = 1, transportClientRatio = 0, numDataNodes = 1, randomDynamicTemplates = false)
|
|
||||||
@TestLogging("_root:DEBUG")
|
|
||||||
public abstract class XPackRestTestCase extends ESRestTestCase {
|
public abstract class XPackRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
public XPackRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
|
public XPackRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
|
||||||
|
@ -53,15 +40,12 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
|
||||||
@Before
|
@Before
|
||||||
public void startWatcher() throws Exception {
|
public void startWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
||||||
if (cluster() == null || cluster().httpAddresses() == null) {
|
URL url = getClusterUrls()[0];
|
||||||
fail("no address available to start watcher");
|
|
||||||
}
|
|
||||||
InetSocketAddress address = cluster().httpAddresses()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http",
|
HttpPut request = new HttpPut(new URI("http",
|
||||||
"test_user:changeme",
|
"test_user:changeme",
|
||||||
NetworkAddress.formatAddress(address.getAddress()),
|
url.getHost(),
|
||||||
address.getPort(),
|
url.getPort(),
|
||||||
"/_watcher/start", null, null));
|
"/_watcher/_start", null, null));
|
||||||
client.execute(request);
|
client.execute(request);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -69,49 +53,16 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
|
||||||
@After
|
@After
|
||||||
public void stopWatcher() throws Exception {
|
public void stopWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
||||||
if (cluster() == null || cluster().httpAddresses() == null) {
|
URL url = getClusterUrls()[0];
|
||||||
fail("no address available to stop watcher");
|
|
||||||
}
|
|
||||||
InetSocketAddress address = cluster().httpAddresses()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http",
|
HttpPut request = new HttpPut(new URI("http",
|
||||||
"test_user:changeme",
|
"test_user:changeme",
|
||||||
NetworkAddress.formatAddress(address.getAddress()),
|
url.getHost(),
|
||||||
address.getPort(),
|
url.getPort(),
|
||||||
"/_watcher/stop", null, null));
|
"/_watcher/stop", null, null));
|
||||||
client.execute(request);
|
client.execute(request);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Settings nodeSettings(int nodeOrdinal) {
|
|
||||||
return Settings.builder()
|
|
||||||
.put(super.nodeSettings(nodeOrdinal))
|
|
||||||
.put(Node.HTTP_ENABLED, true)
|
|
||||||
.put("shield.user", "test_user:changeme")
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Settings transportClientSettings() {
|
|
||||||
return Settings.builder()
|
|
||||||
.put(Node.HTTP_ENABLED, true)
|
|
||||||
.put("shield.user", "test_user:changeme")
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Settings externalClusterClientSettings() {
|
|
||||||
return Settings.builder()
|
|
||||||
.put(Node.HTTP_ENABLED, true)
|
|
||||||
.put("shield.user", "test_user:changeme")
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
|
|
||||||
return Collections.singletonList(XPackPlugin.class);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Settings restClientSettings() {
|
protected Settings restClientSettings() {
|
||||||
String token = basicAuthHeaderValue("test_user", new SecuredString("changeme".toCharArray()));
|
String token = basicAuthHeaderValue("test_user", new SecuredString("changeme".toCharArray()));
|
||||||
|
@ -119,5 +70,4 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
|
||||||
.put(Headers.PREFIX + ".Authorization", token)
|
.put(Headers.PREFIX + ".Authorization", token)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue