honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-09 14:34:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

[TEST] randomly enable/disable ssl on the transport layer

Browse Source 
We currently run with ssl always on on the transport layer, which means that we never test with ssl off. We found bugs in the past caused by the ssl classes being loaded even when ssl was disabled, those should be caught by this new randomization.

Added method to override whether ssl is enabled or not for SUITE and TEST tests, called sslTransportEnabled(). A couple of tests do require ssl always on, thus they enable it through that method, which means that both nodes and transport client will have the keystore configured and ssl enabled on the transport.

Note that ssl on http is not touched here, that stays off by default unless enabled specifically in SUITE or TEST tests.

Closes elastic/elasticsearch#396

Original commit: elastic/x-pack-elasticsearch@63061b97ff
This commit is contained in:
javanna 2014-11-28 11:49:10 +01:00 committed by Luca Cavanna
parent 7a6a3d072f
commit 45f5bd1967
4 changed files with 48 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java
View File

@ -42,11 +42,15 @@ public class SslIntegrationTests extends ShieldIntegrationTest {
.put("shield.http.ssl", true).build();
}
@Override
protected boolean sslTransportEnabled() {
return true;
}
// no SSL exception as this is the exception is returned when connecting
@Test(expected = NoNodeAvailableException.class)
public void testThatUnconfiguredCiphersAreRejected() {
try(TransportClient transportClient = new TransportClient(settingsBuilder()
.put(transportClientSettings())
.put("name", "programmatic_transport_client")
.put("cluster.name", internalCluster().getClusterName())

5
src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java
View File

@ -56,6 +56,11 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.build();
}
@Override
protected boolean sslTransportEnabled() {
return true;
}
private TransportClient createTransportClient(Settings additionalSettings) {
Settings settings = ImmutableSettings.builder().put(transportClientSettings())
.put("name", "programmatic_transport_client")

18
src/test/java/org/elasticsearch/test/ShieldIntegrationTest.java
View File

@ -87,7 +87,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
@BeforeClass
public static void initDefaultSettings() {
if (SHIELD_DEFAULT_SETTINGS == null) {
SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), globalTempDir(), Scope.GLOBAL);
SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), globalTempDir(), Scope.GLOBAL);
}
}
@ -105,11 +105,11 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
break;
case SUITE:
if (customShieldSettingsSource == null) {
customShieldSettingsSource = new CustomShieldSettingsSource(newTempDir(LifecycleScope.SUITE), currentClusterScope);
customShieldSettingsSource = new CustomShieldSettingsSource(sslTransportEnabled(), newTempDir(LifecycleScope.SUITE), currentClusterScope);
}
break;
case TEST:
customShieldSettingsSource = new CustomShieldSettingsSource(newTempDir(LifecycleScope.TEST), currentClusterScope);
customShieldSettingsSource = new CustomShieldSettingsSource(sslTransportEnabled(), newTempDir(LifecycleScope.TEST), currentClusterScope);
break;
}
}
@ -195,9 +195,17 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
return SHIELD_DEFAULT_SETTINGS.transportClientPassword();
}
/**
* Allows to control whether ssl is enabled or not on the transport layer when the {@link org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope} is set to
* {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#SUITE} or {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#TEST}
*/
protected boolean sslTransportEnabled() {
return randomBoolean();
}
private class CustomShieldSettingsSource extends ShieldSettingsSource {
private CustomShieldSettingsSource(File configDir, Scope scope) {
super(maxNumberOfNodes(), configDir, scope);
private CustomShieldSettingsSource(boolean sslTransportEnabled, File configDir, Scope scope) {
super(maxNumberOfNodes(), sslTransportEnabled, configDir, scope);
}
@Override

34
src/test/java/org/elasticsearch/test/ShieldSettingsSource.java
View File

@ -65,6 +65,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
private final File parentFolder;
private final String subfolderPrefix;
private final byte[] systemKey;
private final boolean sslTransportEnabled;
/**
* Creates a new {@link org.elasticsearch.test.SettingsSource} for the shield configuration.
@ -73,7 +74,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
* @param parentFolder the parent folder that will contain all of the configuration files that need to be created
* @param scope the scope of the test that is requiring an instance of ShieldSettingsSource
*/
public ShieldSettingsSource(int numOfNodes, File parentFolder, ElasticsearchIntegrationTest.Scope scope) {
public ShieldSettingsSource(int numOfNodes, boolean sslTransportEnabled, File parentFolder, ElasticsearchIntegrationTest.Scope scope) {
super(numOfNodes, ImmutableSettings.builder()
.put("node.mode", "network")
.put("plugin.types", ShieldPlugin.class.getName())
@ -83,6 +84,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
this.systemKey = generateKey();
this.parentFolder = parentFolder;
this.subfolderPrefix = scope.name();
this.sslTransportEnabled = sslTransportEnabled;
}
@Override
@ -186,15 +188,26 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
}
}
private static Settings getNodeSSLSettings() {
return getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode");
private Settings getNodeSSLSettings() {
return getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode", sslTransportEnabled);
}
private static Settings getClientSSLSettings() {
return getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks", "testclient");
private Settings getClientSSLSettings() {
return getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks", "testclient", sslTransportEnabled);
}
/**
* Returns the configuration settings given the location of a certificate and its password
*
* @param resourcePathToStore the location of the keystore or truststore
* @param password the password
* @return the configuration settings
*/
public static Settings getSSLSettingsForStore(String resourcePathToStore, String password) {
return getSSLSettingsForStore(resourcePathToStore, password, true);
}
private static Settings getSSLSettingsForStore(String resourcePathToStore, String password, boolean sslTransportEnabled) {
File store;
try {
store = new File(ShieldSettingsSource.class.getResource(resourcePathToStore).toURI());
@ -207,12 +220,15 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
}
ImmutableSettings.Builder builder = settingsBuilder()
.put("shield.ssl.keystore.path", store.getPath())
.put("shield.ssl.keystore.password", password)
.put("shield.transport.ssl", true)
.put("shield.transport.ssl", sslTransportEnabled)
.put("shield.http.ssl", false);
if (RandomizedTest.randomBoolean()) {
if (sslTransportEnabled) {
builder.put("shield.ssl.keystore.path", store.getPath())
.put("shield.ssl.keystore.password", password);
}
if (sslTransportEnabled && RandomizedTest.randomBoolean()) {
builder.put("shield.ssl.truststore.path", store.getPath())
.put("shield.ssl.truststore.password", password);
}