Merge pull request elastic/elasticsearch#1325 from rjernst/rest_alone

Test: Make rest tests extend ESTestCase

Original commit: elastic/x-pack-elasticsearch@2dc384375b
This commit is contained in:
Ryan Ernst 2016-01-18 17:38:33 -08:00
commit 142bb4c77d
11 changed files with 52 additions and 234 deletions

View File

@ -9,16 +9,12 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.elasticsearch.client.support.Headers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.elasticsearch.xpack.XPackPlugin;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
@ -43,18 +39,5 @@ public class RestIT extends ESRestTestCase {
.put(Headers.PREFIX + ".Authorization", token)
.build();
}
@Override
protected Settings externalClusterClientSettings() {
return Settings.builder()
.put("shield.user", USER + ":" + PASS)
.build();
}
@Override
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
}
}

View File

@ -16,23 +16,6 @@ task createKey(type: LoggedExec) {
project.delete(keystore.parentFile)
keystore.parentFile.mkdirs()
}
String subjectAlternateNames = 'san=dns:localhost,ip:127.0.0.1'
// some machines have a different name for ipv6 loopback,
// at least on ubuntu its ip6-localhost. other machines, like windows,
// won't resolve it back to any hostname at all. Try to setup ipv6 to
// work in all cases.
try {
String localhost6 = InetAddress.getByName("::1").getCanonicalHostName()
if (!localhost6.equals("localhost")) {
if (localhost6.startsWith("0")) {
subjectAlternateNames += ",ip:" + localhost6
} else {
subjectAlternateNames += ",dns:" + localhost6
}
}
} catch (UnknownHostException ok) {
// e.g. no ipv6 support
}
executable = 'keytool'
standardInput = new ByteArrayInputStream('FirstName LastName\nUnit\nOrganization\nCity\nState\nNL\nyes\n\n'.getBytes('UTF-8'))
args '-genkey',
@ -41,7 +24,8 @@ task createKey(type: LoggedExec) {
'-keyalg', 'RSA',
'-keysize', '2048',
'-validity', '712',
'-ext', subjectAlternateNames,
'-dname', 'CN=localhost',
'-keypass', 'keypass',
'-storepass', 'keypass'
}
@ -58,6 +42,7 @@ project.rootProject.subprojects.findAll { it.path.startsWith(':plugins:') }.each
integTest {
cluster {
systemProperty 'es.network.host', 'localhost'
systemProperty 'es.marvel.agent.exporter.es.ssl.truststore.path', keystore.name
systemProperty 'es.marvel.agent.exporter.es.ssl.truststore.password', 'keypass'
systemProperty 'es.shield.transport.ssl', 'true'

View File

@ -11,13 +11,11 @@ import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.client.support.Headers;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.client.RestClient;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.elasticsearch.xpack.XPackPlugin;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@ -25,8 +23,6 @@ import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Collection;
import java.util.Collections;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
@ -74,20 +70,4 @@ public class SmokeTestPluginsSslIT extends ESRestTestCase {
.put(RestClient.TRUSTSTORE_PASSWORD, KEYSTORE_PASS)
.build();
}
@Override
protected Settings externalClusterClientSettings() {
return Settings.builder()
.put("shield.user", USER + ":" + PASS)
.put("shield.transport.ssl", true)
.put("shield.ssl.keystore.path", keyStore)
.put("shield.ssl.keystore.password", KEYSTORE_PASS)
.build();
}
@Override
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
}
}

View File

@ -9,16 +9,12 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.elasticsearch.client.support.Headers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.elasticsearch.xpack.XPackPlugin;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
@ -43,17 +39,5 @@ public class SmokeTestPluginsIT extends ESRestTestCase {
.put(Headers.PREFIX + ".Authorization", token)
.build();
}
@Override
protected Settings externalClusterClientSettings() {
return Settings.builder()
.put("shield.user", USER + ":" + PASS)
.build();
}
@Override
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
}
}

View File

@ -5,33 +5,22 @@
*/
package org.elasticsearch.smoketest;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.node.Node;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.junit.annotations.TestLogging;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.junit.After;
import org.junit.Before;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
@ESRestTestCase.Rest
@ClusterScope(scope = SUITE, numClientNodes = 1, transportClientRatio = 0, numDataNodes = 1, randomDynamicTemplates = false)
@TestLogging("_root:DEBUG")
public abstract class WatcherRestTestCase extends ESRestTestCase {
public WatcherRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
@ -46,8 +35,8 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
@Before
public void startWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
InetSocketAddress address = cluster().httpAddresses()[0];
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_start", null, null));
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_watcher/_start", null, null));
client.execute(request);
}
}
@ -55,25 +44,9 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
@After
public void stopWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
InetSocketAddress address = cluster().httpAddresses()[0];
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_stop", null, null));
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_watcher/_stop", null, null));
client.execute(request);
}
}
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
.put(super.nodeSettings(nodeOrdinal))
.put(Node.HTTP_ENABLED, true)
.build();
}
@Override
protected Settings transportClientSettings() {
return Settings.builder()
.put(Node.HTTP_ENABLED, true)
.build();
}
}

View File

@ -26,7 +26,7 @@ integTest {
setupCommand 'setupWatcherManagerUser',
'bin/x-pack/esusers', 'useradd', 'watcher_manager', '-p', 'changeme', '-r', 'watcher_manager'
setupCommand 'setupPowerlessUser',
'bin/x-pack/esusers', 'useradd', 'powerless_user', '-p', 'changeme', '-r', 'crapy_role'
'bin/x-pack/esusers', 'useradd', 'powerless_user', '-p', 'changeme', '-r', 'crappy_role'
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}",

View File

@ -7,14 +7,16 @@ watcher_manager:
cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/health
indices:
'.watch_history-*': all
run_as: powerless_user, watcher_manager
watcher_monitor:
cluster: monitor_watcher
indices:
'.watch_history-*': read
crapy_role:
crappy_role:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
- cluster:monitor/nodes/liveness

View File

@ -5,6 +5,10 @@
*/
package org.elasticsearch.smoketest;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.apache.http.client.methods.HttpPut;
@ -12,24 +16,15 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.elasticsearch.client.support.Headers;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.elasticsearch.xpack.XPackPlugin;
import org.junit.After;
import org.junit.Before;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.util.Collection;
import java.util.Collections;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
public class WatcherWithShieldIT extends ESRestTestCase {
@ -49,8 +44,8 @@ public class WatcherWithShieldIT extends ESRestTestCase {
@Before
public void startWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
InetSocketAddress address = cluster().httpAddresses()[0];
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_start", null, null));
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_watcher/_start", null, null));
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
client.execute(request);
@ -60,8 +55,8 @@ public class WatcherWithShieldIT extends ESRestTestCase {
@After
public void stopWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
InetSocketAddress address = cluster().httpAddresses()[0];
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_stop", null, null));
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_watcher/_stop", null, null));
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
client.execute(request);
@ -70,28 +65,18 @@ public class WatcherWithShieldIT extends ESRestTestCase {
@Override
protected Settings restClientSettings() {
String[] credentials = getCredentials();
String token = basicAuthHeaderValue(credentials[0], new SecuredString(credentials[1].toCharArray()));
String token = basicAuthHeaderValue("watcher_manager", new SecuredString("changeme".toCharArray()));
return Settings.builder()
.put(Headers.PREFIX + ".Authorization", token)
.build();
}
@Override
protected Settings externalClusterClientSettings() {
protected Settings restAdminSettings() {
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
return Settings.builder()
.put("shield.user", TEST_ADMIN_USERNAME + ":" + TEST_ADMIN_PASSWORD)
.put(Headers.PREFIX + ".Authorization", token)
.build();
}
protected String[] getCredentials() {
return new String[]{"watcher_manager", "changeme"};
}
@Override
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
}
}

View File

@ -1,36 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.smoketest;
import com.carrotsearch.randomizedtesting.annotations.Name;
import org.elasticsearch.test.rest.RestTestCandidate;
import java.io.IOException;
import static org.hamcrest.Matchers.anyOf;
import static org.hamcrest.Matchers.containsString;
public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
public WatcherWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
super(testCandidate);
}
public void test() throws IOException {
try {
super.test();
fail();
} catch(AssertionError ae) {
assertThat(ae.getMessage(), anyOf(containsString("action [cluster:monitor/watcher/"), containsString("action [cluster:admin/watcher/")));
assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
assertThat(ae.getMessage(), containsString("is unauthorized for user [powerless_user]"));
}
}
@Override
protected String[] getCredentials() {
return new String[]{"powerless_user", "changeme"};
}
}

View File

@ -0,0 +1,12 @@
---
"Test watcher is protected by shield":
- do:
headers: {es-shield-runas-user: powerless_user}
catch: forbidden
watcher.info: {}
# there seems to be a bug in the yaml parser we use, where a single element list
# has the END_LIST token skipped...so here we just rerun the same request without
# the impersonation to show it works
- do:
watcher.info: {}
- is_true: version.build_hash

View File

@ -5,6 +5,10 @@
*/
package org.elasticsearch.xpack.test.rest;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.apache.http.client.methods.HttpPut;
@ -12,33 +16,16 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.elasticsearch.client.support.Headers;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.node.Node;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.junit.annotations.TestLogging;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.junit.After;
import org.junit.Before;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.util.Collection;
import java.util.Collections;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
@ESRestTestCase.Rest
@ClusterScope(scope = SUITE, numClientNodes = 1, transportClientRatio = 0, numDataNodes = 1, randomDynamicTemplates = false)
@TestLogging("_root:DEBUG")
public abstract class XPackRestTestCase extends ESRestTestCase {
public XPackRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
@ -53,15 +40,12 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
@Before
public void startWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
if (cluster() == null || cluster().httpAddresses() == null) {
fail("no address available to start watcher");
}
InetSocketAddress address = cluster().httpAddresses()[0];
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http",
"test_user:changeme",
NetworkAddress.formatAddress(address.getAddress()),
address.getPort(),
"/_watcher/start", null, null));
url.getHost(),
url.getPort(),
"/_watcher/_start", null, null));
client.execute(request);
}
}
@ -69,49 +53,16 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
@After
public void stopWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
if (cluster() == null || cluster().httpAddresses() == null) {
fail("no address available to stop watcher");
}
InetSocketAddress address = cluster().httpAddresses()[0];
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http",
"test_user:changeme",
NetworkAddress.formatAddress(address.getAddress()),
address.getPort(),
url.getHost(),
url.getPort(),
"/_watcher/stop", null, null));
client.execute(request);
}
}
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
.put(super.nodeSettings(nodeOrdinal))
.put(Node.HTTP_ENABLED, true)
.put("shield.user", "test_user:changeme")
.build();
}
@Override
protected Settings transportClientSettings() {
return Settings.builder()
.put(Node.HTTP_ENABLED, true)
.put("shield.user", "test_user:changeme")
.build();
}
@Override
protected Settings externalClusterClientSettings() {
return Settings.builder()
.put(Node.HTTP_ENABLED, true)
.put("shield.user", "test_user:changeme")
.build();
}
@Override
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
return Collections.singletonList(XPackPlugin.class);
}
@Override
protected Settings restClientSettings() {
String token = basicAuthHeaderValue("test_user", new SecuredString("changeme".toCharArray()));
@ -119,5 +70,4 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
.put(Headers.PREFIX + ".Authorization", token)
.build();
}
}