From 4a780637e9600889da4501ac127d6289d59daaef Mon Sep 17 00:00:00 2001
From: Konrad Beiske <konrad@beiske.org>
Date: Sun, 27 Sep 2015 11:30:38 +0200
Subject: [PATCH] Change found-license-plugin to use standard value for install
 name and initial smoke test for found-license-plugin

Original commit: elastic/x-pack-elasticsearch@526c0c6da4fc3c9ee80beec15139cc32ab25e93b
---
 qa/pom.xml                                    |   1 +
 .../integration-tests.xml                     | 114 +++++++++
 .../pom.xml                                   | 216 ++++++++++++++++++
 .../smoketest/WatcherWithShieldIT.java        |  97 ++++++++
 .../WatcherWithShieldInsufficientRoleIT.java  |  40 ++++
 .../watcher-with-shield-roles.yml             |  20 ++
 6 files changed, 488 insertions(+)
 create mode 100644 qa/smoke-test-found-license-with-shield-and-watcher/integration-tests.xml
 create mode 100644 qa/smoke-test-found-license-with-shield-and-watcher/pom.xml
 create mode 100644 qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java
 create mode 100644 qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java
 create mode 100644 qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml

diff --git a/qa/pom.xml b/qa/pom.xml
index dd048c6e41e..939f806b459 100644
--- a/qa/pom.xml
+++ b/qa/pom.xml
@@ -304,6 +304,7 @@
         <module>shield-core-rest-tests</module>
         <module>smoke-test-watcher-with-shield</module>
         <module>smoke-test-watcher-with-groovy</module>
+        <module>smoke-test-found-license-with-shield-and-watcher</module>
         <module>shield-example-realm</module>
         <module>shield-tribe-node-tests</module>
         <module>shield-client-tests</module>
diff --git a/qa/smoke-test-found-license-with-shield-and-watcher/integration-tests.xml b/qa/smoke-test-found-license-with-shield-and-watcher/integration-tests.xml
new file mode 100644
index 00000000000..7961590747f
--- /dev/null
+++ b/qa/smoke-test-found-license-with-shield-and-watcher/integration-tests.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0"?>
+<!--
+  ~ ELASTICSEARCH CONFIDENTIAL
+  ~ __________________
+  ~
+  ~  [2014] Elasticsearch Incorporated. All Rights Reserved.
+  ~
+  ~ NOTICE:  All information contained herein is, and remains
+  ~ the property of Elasticsearch Incorporated and its suppliers,
+  ~ if any.  The intellectual and technical concepts contained
+  ~ herein are proprietary to Elasticsearch Incorporated
+  ~ and its suppliers and may be covered by U.S. and Foreign Patents,
+  ~ patents in process, and are protected by trade secret or copyright law.
+  ~ Dissemination of this information or reproduction of this material
+  ~ is strictly forbidden unless prior written permission is obtained
+  ~ from Elasticsearch Incorporated.
+  -->
+
+<project name="smoke-test-watcher-and-shield"
+         xmlns:ac="antlib:net.sf.antcontrib">
+
+  <import file="${elasticsearch.integ.antfile.default}"/>
+
+  <!-- redefined to work with auth -->
+  <macrodef name="waitfor-elasticsearch">
+      <attribute name="port"/>
+      <attribute name="timeoutproperty"/>
+    <sequential>
+      <echo>Waiting for elasticsearch to become available on port @{port}...</echo>
+      <waitfor maxwait="30" maxwaitunit="second"
+               checkevery="500" checkeveryunit="millisecond"
+               timeoutproperty="@{timeoutproperty}">
+        <socket server="127.0.0.1" port="@{port}"/>
+      </waitfor>
+    </sequential>
+  </macrodef>
+
+  <target name="start-external-cluster-with-found-license-and-shield" depends="setup-workspace">
+    <ac:for list="${xplugins.list}" param="xplugin.name">
+      <sequential>
+        <fail message="Expected @{xplugin.name}-${version}.zip as a dependency, but could not be found in ${integ.deps}/plugins}">
+          <condition>
+            <not>
+              <available file="${integ.deps}/plugins/@{xplugin.name}-${elasticsearch.version}.zip" />
+            </not>
+          </condition>
+        </fail>
+      </sequential>
+    </ac:for>
+
+    <ac:for param="file">
+      <path>
+        <fileset dir="${integ.deps}/plugins"/>
+      </path>
+      <sequential>
+        <local name="plugin.name"/>
+        <convert-plugin-name file="@{file}" outputproperty="plugin.name"/>
+        <install-plugin name="${plugin.name}" file="@{file}"/>
+      </sequential>
+    </ac:for>
+
+    <local name="home"/>
+    <property name="home" location="${integ.scratch}/elasticsearch-${elasticsearch.version}"/>
+
+    <echo>Adding roles.yml with watcher roles</echo>
+    <copy file="watcher-with-shield-roles.yml" tofile="${home}/config/shield/roles.yml" overwrite="true"/>
+
+    <echo>Adding shield users...</echo>
+    <run-script script="${home}/bin/shield/esusers">
+      <nested>
+        <arg value="useradd"/>
+        <arg value="test_admin"/>
+        <arg value="-p"/>
+        <arg value="changeme"/>
+        <arg value="-r"/>
+        <arg value="admin"/>
+      </nested>
+    </run-script>
+    <run-script script="${home}/bin/shield/esusers">
+      <nested>
+        <arg value="useradd"/>
+        <arg value="watcher_manager"/>
+        <arg value="-p"/>
+        <arg value="changeme"/>
+        <arg value="-r"/>
+        <arg value="watcher_manager"/>
+      </nested>
+    </run-script>
+    <run-script script="${home}/bin/shield/esusers">
+      <nested>
+        <arg value="useradd"/>
+        <arg value="powerless_user"/>
+        <arg value="-p"/>
+        <arg value="changeme"/>
+        <arg value="-r"/>
+        <arg value="crapy_role"/>
+      </nested>
+    </run-script>
+
+    <startup-elasticsearch>
+      <!-- Useful for when debugging -->
+      <!--<additional-args>-->
+        <!--<arg value="-Des.http.cors.enabled=true"/>-->
+        <!--<arg value="-Des.http.cors.allow-origin=*"/>-->
+      <!--</additional-args>-->
+    </startup-elasticsearch>
+
+    <echo>Checking we can connect with basic auth on port ${integ.http.port}...</echo>
+    <local name="temp.file"/>
+    <tempfile property="temp.file" destdir="${java.io.tmpdir}"/>
+    <get src="http://127.0.0.1:${integ.http.port}" dest="${temp.file}" 
+         username="test_admin" password="changeme" verbose="true" retries="10"/>
+  </target>
+</project>
diff --git a/qa/smoke-test-found-license-with-shield-and-watcher/pom.xml b/qa/smoke-test-found-license-with-shield-and-watcher/pom.xml
new file mode 100644
index 00000000000..f292f4bc0ab
--- /dev/null
+++ b/qa/smoke-test-found-license-with-shield-and-watcher/pom.xml
@@ -0,0 +1,216 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ ELASTICSEARCH CONFIDENTIAL
+  ~ __________________
+  ~
+  ~  [2014] Elasticsearch Incorporated. All Rights Reserved.
+  ~
+  ~ NOTICE:  All information contained herein is, and remains
+  ~ the property of Elasticsearch Incorporated and its suppliers,
+  ~ if any.  The intellectual and technical concepts contained
+  ~ herein are proprietary to Elasticsearch Incorporated
+  ~ and its suppliers and may be covered by U.S. and Foreign Patents,
+  ~ patents in process, and are protected by trade secret or copyright law.
+  ~ Dissemination of this information or reproduction of this material
+  ~ is strictly forbidden unless prior written permission is obtained
+  ~ from Elasticsearch Incorporated.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.elasticsearch.qa</groupId>
+    <artifactId>x-plugins-qa</artifactId>
+    <version>3.0.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>smoke-test-found-license-with-shield-and-watcher</artifactId>
+  <name>QA: Smoke Test Shield and Watcher works with Found license</name>
+  <description>Installs Watcher and Shield and runs Watcher's rest tests and checks if the Shield integrations work correctly when run with Found License plugin</description>
+
+  <properties>
+    <skip.unit.tests>true</skip.unit.tests>
+    <elasticsearch.integ.antfile>${project.basedir}/integration-tests.xml</elasticsearch.integ.antfile>
+    <tests.rest.load_packaged>false</tests.rest.load_packaged>
+    <xplugins.list>found-license-plugin,shield,watcher</xplugins.list>
+    <tests.rest.blacklist>hijack/10_basic/*,array_compare_watch/10_basic/Basic array_compare watch</tests.rest.blacklist>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.elasticsearch.plugin</groupId>
+      <artifactId>shield</artifactId>
+      <version>${elasticsearch.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.elasticsearch.plugin</groupId>
+      <artifactId>watcher</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.elasticsearch</groupId>
+      <artifactId>found-license-plugin</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <testResources>
+      <!-- Watcher REST API specification and test suites -->
+      <testResource>
+        <directory>../../watcher/src/test/resources/rest-api-spec</directory>
+        <filtering>true</filtering>
+        <targetPath>rest-api-spec</targetPath>
+        <includes>
+          <include>api/*.json</include>
+          <include>test/**/*.yaml</include>
+        </includes>
+      </testResource>
+      <!-- REST API specifications copied from main Elasticsearch specs
+                 because they are required to execute the Watcher REST tests -->
+      <testResource>
+        <directory>${elasticsearch.tools.directory}/rest-api-spec</directory>
+        <targetPath>rest-api-spec</targetPath>
+        <includes>
+          <!-- required by the test framework -->
+          <include>api/info.json</include>
+          <include>api/cluster.health.json</include>
+          <include>api/cluster.state.json</include>
+          <!-- used by Watcher REST tests -->
+          <include>api/index.json</include>
+          <include>api/get.json</include>
+          <include>api/delete.json</include>
+          <include>api/delete-by-query.json</include>
+          <include>api/bulk.json</include>
+          <include>api/update.json</include>
+          <include>api/search.json</include>
+          <include>api/indices.delete.json</include>
+          <include>api/indices.refresh.json</include>
+        </includes>
+      </testResource>
+    </testResources>
+    <plugins>
+      <plugin>
+         <groupId>org.apache.maven.plugins</groupId>
+         <artifactId>maven-dependency-plugin</artifactId>
+         <executions>
+           <execution>
+             <id>integ-setup-dependencies</id>
+             <phase>pre-integration-test</phase>
+             <goals>
+               <goal>copy</goal>
+             </goals>
+             <configuration>
+               <skip>${skip.integ.tests}</skip>
+               <useBaseVersion>true</useBaseVersion>
+               <outputDirectory>${integ.deps}/plugins</outputDirectory>
+
+               <artifactItems>
+                 <!-- elasticsearch distribution -->
+                 <artifactItem>
+                   <groupId>org.elasticsearch.distribution.zip</groupId>
+                   <artifactId>elasticsearch</artifactId>
+                   <version>${elasticsearch.version}</version>
+                   <type>zip</type>
+                   <overWrite>true</overWrite>
+                   <outputDirectory>${integ.deps}</outputDirectory>
+                 </artifactItem>
+
+                 <!-- commercial plugins -->
+                 <artifactItem>
+                   <groupId>org.elasticsearch</groupId>
+                   <artifactId>found-license-plugin</artifactId>
+                   <version>${elasticsearch.version}</version>
+                   <type>zip</type>
+                   <overWrite>true</overWrite>
+                 </artifactItem>
+
+                 <artifactItem>
+                   <groupId>org.elasticsearch.plugin</groupId>
+                   <artifactId>watcher</artifactId>
+                   <version>${elasticsearch.version}</version>
+                   <type>zip</type>
+                   <overWrite>true</overWrite>
+                 </artifactItem>
+
+                 <artifactItem>
+                   <groupId>org.elasticsearch.plugin</groupId>
+                   <artifactId>shield</artifactId>
+                   <version>${elasticsearch.version}</version>
+                   <type>zip</type>
+                   <overWrite>true</overWrite>
+                 </artifactItem>
+
+               </artifactItems>
+             </configuration>
+           </execution>
+         </executions>
+      </plugin>
+      <!-- integration tests -->
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-antrun-plugin</artifactId>
+        <executions>
+          <!-- start up external cluster -->
+          <execution>
+            <id>integ-setup</id>
+            <phase>pre-integration-test</phase>
+            <goals>
+              <goal>run</goal>
+            </goals>
+            <configuration>
+              <target>
+                <ant antfile="${elasticsearch.integ.antfile}" target="start-external-cluster-with-found-license-and-shield">
+                  <property name="tests.jvm.argline" value="${tests.jvm.argline}"/>
+                  <property name="plugins.dir" value="${plugins.dir}"/>
+                  <property name="xplugins.list" value="${xplugins.list}"/>
+                </ant>
+              </target>
+              <skip>${skip.integ.tests}</skip>
+            </configuration>
+          </execution>
+          <!-- shut down external cluster -->
+          <execution>
+            <id>integ-teardown</id>
+            <phase>post-integration-test</phase>
+            <goals>
+              <goal>run</goal>
+            </goals>
+            <configuration>
+              <target>
+                <ant antfile="${elasticsearch.integ.antfile}" target="stop-external-cluster"/>
+              </target>
+              <skip>${skip.integ.tests}</skip>
+            </configuration>
+          </execution>
+        </executions>
+        <dependencies>
+          <dependency>
+            <groupId>ant-contrib</groupId>
+            <artifactId>ant-contrib</artifactId>
+            <version>1.0b3</version>
+            <exclusions>
+              <exclusion>
+                <groupId>ant</groupId>
+                <artifactId>ant</artifactId>
+              </exclusion>
+            </exclusions>
+          </dependency>
+          <dependency>
+            <groupId>org.apache.ant</groupId>
+            <artifactId>ant-nodeps</artifactId>
+            <version>1.8.1</version>
+          </dependency>
+        </dependencies>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java b/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java
new file mode 100644
index 00000000000..3c5022f7b34
--- /dev/null
+++ b/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.smoketest;
+
+import com.carrotsearch.randomizedtesting.annotations.Name;
+import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
+import org.elasticsearch.client.support.Headers;
+import org.elasticsearch.common.network.NetworkAddress;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.plugins.Plugin;
+import org.elasticsearch.shield.ShieldPlugin;
+import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.test.rest.ESRestTestCase;
+import org.elasticsearch.test.rest.RestTestCandidate;
+import org.elasticsearch.test.rest.parser.RestTestParseException;
+import org.junit.After;
+import org.junit.Before;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.util.Collection;
+import java.util.Collections;
+
+import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+
+public class WatcherWithShieldIT extends ESRestTestCase {
+
+    private final static String TEST_ADMIN_USERNAME = "test_admin";
+    private final static String TEST_ADMIN_PASSWORD = "changeme";
+
+    public WatcherWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
+        super(testCandidate);
+    }
+
+    @ParametersFactory
+    public static Iterable<Object[]> parameters() throws IOException, RestTestParseException {
+        return ESRestTestCase.createParameters(0, 1);
+    }
+
+    @Before
+    public void startWatcher() throws Exception {
+        try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
+            InetSocketAddress address = cluster().httpAddresses()[0];
+            HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_start", null, null));
+            String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
+            request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
+            client.execute(request);
+        }
+    }
+
+    @After
+    public void stopWatcher() throws Exception {
+        try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
+            InetSocketAddress address = cluster().httpAddresses()[0];
+            HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_stop", null, null));
+            String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
+            request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
+            client.execute(request);
+        }
+    }
+
+    @Override
+    protected Settings restClientSettings() {
+        String[] credentials = getCredentials();
+        String token = basicAuthHeaderValue(credentials[0], new SecuredString(credentials[1].toCharArray()));
+        return Settings.builder()
+                .put(Headers.PREFIX + ".Authorization", token)
+                .build();
+    }
+
+    @Override
+    protected Settings externalClusterClientSettings() {
+        return Settings.builder()
+                .put("shield.user", TEST_ADMIN_USERNAME + ":" + TEST_ADMIN_PASSWORD)
+                .build();
+    }
+
+    protected String[] getCredentials() {
+        return new String[]{"watcher_manager", "changeme"};
+    }
+
+    @Override
+    protected Collection<Class<? extends Plugin>> transportClientPlugins() {
+        return Collections.<Class<? extends Plugin>>singleton(ShieldPlugin.class);
+    }
+
+}
+
diff --git a/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java b/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java
new file mode 100644
index 00000000000..7bf94128f8e
--- /dev/null
+++ b/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.smoketest;
+
+import com.carrotsearch.randomizedtesting.annotations.Name;
+import org.elasticsearch.test.rest.RestTestCandidate;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.hamcrest.Matchers.anyOf;
+import static org.hamcrest.Matchers.containsString;
+
+public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
+
+    public WatcherWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
+        super(testCandidate);
+    }
+
+    @Test
+    public void test() throws IOException {
+        try {
+            super.test();
+            fail();
+        } catch(AssertionError ae) {
+            assertThat(ae.getMessage(), anyOf(containsString("action [cluster:monitor/watcher/"), containsString("action [cluster:admin/watcher/")));
+            assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
+            assertThat(ae.getMessage(), containsString("is unauthorized for user [powerless_user]"));
+        }
+    }
+
+    @Override
+    protected String[] getCredentials() {
+        return new String[]{"powerless_user", "changeme"};
+    }
+}
+
diff --git a/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml b/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml
new file mode 100644
index 00000000000..8228084ac69
--- /dev/null
+++ b/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml
@@ -0,0 +1,20 @@
+admin:
+  cluster: all
+  indices:
+    '*': all
+
+watcher_manager:
+  cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/health
+  indices:
+    '.watch_history-*': all
+
+watcher_monitor:
+  cluster: monitor_watcher
+  indices:
+    '.watch_history-*': read
+
+crapy_role:
+  cluster:
+    - cluster:monitor/nodes/info
+    - cluster:monitor/health
+    - cluster:monitor/nodes/liveness
\ No newline at end of file