From 1a1ae5de1e8129e0c68855d9ec59f0849366abf5 Mon Sep 17 00:00:00 2001
From: Tal Levy <JubBoy333@gmail.com>
Date: Mon, 23 Jul 2018 11:14:41 -0700
Subject: [PATCH] add qa project for running ILM tests against security
 (#32218)

This is a bare-bones skeleton for running existing yaml tests with security
enabled. Additional tests which test users and roles should follow
---
 .../build.gradle                              | 46 ++++++++++++++++++
 ...ycleWithSecurityClientYamlTestSuiteIT.java | 47 +++++++++++++++++++
 2 files changed, 93 insertions(+)
 create mode 100644 x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle
 create mode 100644 x-pack/qa/smoke-test-index-lifecycle-with-security/src/test/java/org/elasticsearch/xpack/security/IndexLifecycleWithSecurityClientYamlTestSuiteIT.java

diff --git a/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle b/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle
new file mode 100644
index 00000000000..7b931e5bedd
--- /dev/null
+++ b/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle
@@ -0,0 +1,46 @@
+apply plugin: 'elasticsearch.standalone-rest-test'
+apply plugin: 'elasticsearch.rest-test'
+
+dependencies {
+  testCompile project(path: xpackProject('plugin').path, configuration: 'testArtifacts')
+}
+
+// bring in ILM rest test suite
+task copyILMRestTests(type: Copy) {
+  into project.sourceSets.test.output.resourcesDir
+  from xpackProject('plugin').sourceSets.test.resources.srcDirs
+  include 'rest-api-spec/test/index_lifecycle/**'
+}
+
+def clusterCredentials = [username: System.getProperty('tests.rest.cluster.username', 'test_user'),
+                          password: System.getProperty('tests.rest.cluster.password', 'x-pack-test-password')]
+
+integTestRunner {
+  systemProperty 'tests.rest.cluster.username', clusterCredentials.username
+  systemProperty 'tests.rest.cluster.password', clusterCredentials.password
+}
+
+integTestCluster {
+  dependsOn copyILMRestTests
+  setting 'xpack.index_lifecycle.enabled', 'true'
+  setting 'xpack.security.enabled', 'true'
+  setting 'xpack.watcher.enabled', 'false'
+  setting 'xpack.monitoring.enabled', 'false'
+  setting 'xpack.ml.enabled', 'false'
+  setting 'xpack.license.self_generated.type', 'trial'
+  setupCommand 'setupDummyUser',
+               'bin/elasticsearch-users',
+               'useradd', clusterCredentials.username,
+               '-p', clusterCredentials.password,
+               '-r', 'superuser'
+  waitCondition = { node, ant ->
+    File tmpFile = new File(node.cwd, 'wait.success')
+    ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
+            dest: tmpFile.toString(),
+            username: clusterCredentials.username,
+            password: clusterCredentials.password,
+            ignoreerrors: true,
+            retries: 10)
+    return tmpFile.exists()
+  }
+}
diff --git a/x-pack/qa/smoke-test-index-lifecycle-with-security/src/test/java/org/elasticsearch/xpack/security/IndexLifecycleWithSecurityClientYamlTestSuiteIT.java b/x-pack/qa/smoke-test-index-lifecycle-with-security/src/test/java/org/elasticsearch/xpack/security/IndexLifecycleWithSecurityClientYamlTestSuiteIT.java
new file mode 100644
index 00000000000..7c7892ec992
--- /dev/null
+++ b/x-pack/qa/smoke-test-index-lifecycle-with-security/src/test/java/org/elasticsearch/xpack/security/IndexLifecycleWithSecurityClientYamlTestSuiteIT.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+package org.elasticsearch.xpack.security;
+
+import com.carrotsearch.randomizedtesting.annotations.Name;
+import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
+import com.carrotsearch.randomizedtesting.annotations.TimeoutSuite;
+import org.apache.lucene.util.TimeUnits;
+import org.elasticsearch.common.settings.SecureString;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.common.util.concurrent.ThreadContext;
+import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate;
+import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase;
+
+import java.util.Objects;
+
+import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+
+@TimeoutSuite(millis = 30 * TimeUnits.MINUTE) // as default timeout seems not enough on the jenkins VMs
+public class IndexLifecycleWithSecurityClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase {
+
+    private static final String USER = Objects.requireNonNull(System.getProperty("tests.rest.cluster.username"));
+    private static final String PASS = Objects.requireNonNull(System.getProperty("tests.rest.cluster.password"));
+
+    public IndexLifecycleWithSecurityClientYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) {
+        super(testCandidate);
+    }
+
+    @ParametersFactory
+    public static Iterable<Object[]> parameters() throws Exception {
+        return ESClientYamlSuiteTestCase.createParameters();
+    }
+
+    @Override
+    protected Settings restClientSettings() {
+        String token = basicAuthHeaderValue(USER, new SecureString(PASS.toCharArray()));
+        return Settings.builder()
+                .put(super.restClientSettings())
+                .put(ThreadContext.PREFIX + ".Authorization", token)
+                .build();
+    }
+}
+