honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make tests pass witout security manager 

Original commit: elastic/x-pack-elasticsearch@59931382d5
This commit is contained in:
Simon Willnauer 2015-06-16 15:16:21 +02:00
parent 9019c979f3
commit 4cfdf620e5
4 changed files with 39 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/test/java/org/elasticsearch/watcher/input/http/HttpInputIntegrationTests.java
View File

@ -18,6 +18,7 @@ import org.elasticsearch.watcher.support.http.auth.basic.BasicAuth;
import org.elasticsearch.watcher.support.template.Template;
import org.elasticsearch.watcher.support.xcontent.XContentSource;
import org.elasticsearch.watcher.test.AbstractWatcherIntegrationTests;
import org.elasticsearch.watcher.transport.actions.put.PutWatchResponse;
import org.elasticsearch.watcher.trigger.schedule.IntervalSchedule;
import org.junit.Test;
@ -40,8 +41,8 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTests {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
.put(Node.HTTP_ENABLED, true)
.put(super.nodeSettings(nodeOrdinal))
.put(Node.HTTP_ENABLED, true)
.build();
}
@ -71,19 +72,19 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTests {
}
@Test
@TestLogging("watcher.support.http:TRACE")
public void testHttpInput_clusterStats() throws Exception {
InetSocketAddress address = internalTestCluster().httpAddresses()[0];
watcherClient().preparePutWatch("_name")
PutWatchResponse putWatchResponse = watcherClient().preparePutWatch("_name")
.setSource(watchBuilder()
.trigger(schedule(interval("1s")))
.input(httpInput(HttpRequestTemplate.builder(address.getHostName(), address.getPort())
.path("/_cluster/stats")
.auth(shieldEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null)))
.condition(scriptCondition("ctx.payload.nodes.count.total > 1"))
.condition(scriptCondition("ctx.payload.nodes.count.total >= 1"))
.addAction("_id", loggingAction("watch [{{ctx.watch_id}}] matched")))
.get();
assertTrue(putWatchResponse.isCreated());
if (timeWarped()) {
timeWarp().scheduler().trigger("_name");
refresh();

23
src/test/java/org/elasticsearch/watcher/test/rest/WatcherDisabledLicenseRestTests.java
View File

@ -20,6 +20,7 @@ import org.junit.Test;
import java.io.IOException;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
/**
@ -27,19 +28,6 @@ import static org.hamcrest.Matchers.is;
public class WatcherDisabledLicenseRestTests extends WatcherRestTests {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
Settings.Builder builder = Settings.builder()
.put(super.nodeSettings(nodeOrdinal))
.put("scroll.size", randomIntBetween(1, 100))
.put("plugin.types",
WatcherPlugin.class.getName() + "," +
(shieldEnabled ? ShieldPlugin.class.getName() + "," : "") +
licensePluginClass().getName())
.put(PluginsService.LOAD_PLUGIN_FROM_CLASSPATH, false)
.put(ShieldSettings.settings(shieldEnabled));
return builder.build();
}
protected Class<? extends Plugin> licensePluginClass() {
return LicenseIntegrationTests.MockLicensePlugin.class;
}
@ -59,8 +47,13 @@ public class WatcherDisabledLicenseRestTests extends WatcherRestTests {
//This was a test testing the "hijacked" methods
return;
}
assertThat(ae.getMessage().contains("401 Unauthorized"), is(true));
assertThat(ae.getMessage().contains(LicenseExpiredException.class.getSimpleName()), is(true));
if (shieldEnabled) {
assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
assertThat(ae.getMessage(), containsString("is unauthorized for user [admin]"));
} else {
assertThat(ae.getMessage(), containsString("unauthorized"));
assertThat(ae.getMessage(), containsString(LicenseExpiredException.class.getSimpleName()));
}
}
}

29
src/test/java/org/elasticsearch/watcher/test/rest/WatcherRestTests.java
View File

@ -8,9 +8,11 @@ package org.elasticsearch.watcher.test.rest;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.elasticsearch.client.support.Headers;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.plugin.LicensePlugin;
import org.elasticsearch.node.Node;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.plugins.PluginsService;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.esusers.ESUsersRealm;
@ -22,6 +24,7 @@ import org.elasticsearch.test.rest.ElasticsearchRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.elasticsearch.watcher.WatcherPlugin;
import org.elasticsearch.watcher.license.LicenseIntegrationTests;
import org.elasticsearch.watcher.test.AbstractWatcherIntegrationTests;
import java.io.IOException;
@ -37,7 +40,7 @@ import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
@TestLogging("_root:DEBUG")
public class WatcherRestTests extends ElasticsearchRestTestCase {
final boolean shieldEnabled = randomBoolean();
final boolean shieldEnabled = enableShield();
public WatcherRestTests(@Name("yaml") RestTestCandidate testCandidate) {
super(testCandidate);
@ -48,6 +51,10 @@ public class WatcherRestTests extends ElasticsearchRestTestCase {
return ElasticsearchRestTestCase.createParameters(0, 1);
}
protected boolean enableShield() {
return randomBoolean();
}
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -55,13 +62,18 @@ public class WatcherRestTests extends ElasticsearchRestTestCase {
.put("scroll.size", randomIntBetween(1, 100))
.put("plugin.types", WatcherPlugin.class.getName() + ","
+ (shieldEnabled ? ShieldPlugin.class.getName() + "," : "")
+ "," + LicensePlugin.class.getName())
+ "," + licensePluginClass().getName())
.put(Node.HTTP_ENABLED, true)
.put(ShieldSettings.settings(shieldEnabled))
.put(PluginsService.LOAD_PLUGIN_FROM_CLASSPATH, false)
.build();
}
protected Class<? extends Plugin> licensePluginClass() {
return LicensePlugin.class;
}
/**
* Used to obtain settings for the REST client that is used to send REST requests.
*/
@ -108,12 +120,15 @@ public class WatcherRestTests extends ElasticsearchRestTestCase {
public static final String IP_FILTER = "allow: all\n";
private static final String TEST_PASSWORD = "changeme";
public static final String TEST_USERNAME = "test";
public static final String TEST_PASSWORD = "changeme";
private static final String TEST_PASSWORD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString(TEST_PASSWORD.toCharArray())));
public static final String USERS = "test:{plain}changeme\n" +
"admin: " + TEST_PASSWORD_HASHED + "\n" +
"monitor:" + TEST_PASSWORD_HASHED;
public static final String USERS =
"transport_client:" + TEST_PASSWORD_HASHED + "\n" +
TEST_USERNAME + ":" + TEST_PASSWORD_HASHED + "\n" +
"admin:" + TEST_PASSWORD_HASHED + "\n" +
"monitor:" + TEST_PASSWORD_HASHED;
public static final String USER_ROLES = "test:test\n" +
"admin:admin\n" +
@ -126,7 +141,7 @@ public class WatcherRestTests extends ElasticsearchRestTestCase {
" '*': all\n" +
"\n" +
"admin:\n" +
" cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/state, cluster:monitor/nodes/liveness, cluster:monitor/health, cluster:admin/repository/delete\n" +
" cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/state, cluster:monitor/nodes/liveness, cluster:monitor/health, cluster:admin/repository/delete, indices:admin/template/put, indices:admin/template/get\n" +
" indices:\n" +
" '*': all, indices:admin/template/delete\n" +
"\n" +

81
src/test/java/org/elasticsearch/watcher/test/rest/WatcherShieldAuthorizationFailedRestTests.java
View File

@ -13,8 +13,10 @@ import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.plugin.LicensePlugin;
import org.elasticsearch.node.Node;
import org.elasticsearch.plugins.PluginsService;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.esusers.ESUsersRealm;
import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.watcher.WatcherPlugin;
@ -33,35 +35,9 @@ import static org.hamcrest.Matchers.containsString;
*/
public class WatcherShieldAuthorizationFailedRestTests extends WatcherRestTests {
// Always run with Shield enabled:
@Override
protected Settings nodeSettings(int nodeOrdinal) {
Settings.Builder builder = Settings.builder()
.put(super.nodeSettings(nodeOrdinal))
.put("plugin.types", WatcherPlugin.class.getName() + "," +
ShieldPlugin.class.getName() + "," +
LicensePlugin.class.getName())
.put(ShieldSettings.settings(true));
return builder.build();
}
@Override
protected Settings restClientSettings() {
String token = basicAuthHeaderValue("admin", new SecuredString("changeme".toCharArray()));
return Settings.builder()
.put(Headers.PREFIX + ".Authorization", token)
.build();
}
@Override
protected Settings transportClientSettings() {
return Settings.builder()
.put(super.transportClientSettings())
.put("client.transport.sniff", false)
.put("plugin.types", WatcherPlugin.class.getName() + "," + ShieldPlugin.class.getName() + ",")
.put("shield.user", "admin:changeme")
.put(Node.HTTP_ENABLED, true)
.build();
protected boolean enableShield() {
return true; // Always run with Shield enabled:
}
public WatcherShieldAuthorizationFailedRestTests(@Name("yaml") RestTestCandidate testCandidate) {
@ -82,53 +58,4 @@ public class WatcherShieldAuthorizationFailedRestTests extends WatcherRestTests
assertThat(ae.getMessage(), containsString("is unauthorized for user [admin]"));
}
}
public static class ShieldSettings {
public static final String IP_FILTER = "allow: all\n";
public static final String USERS = "test:{plain}changeme\n" +
"admin:{plain}changeme\n" +
"monitor:{plain}changeme";
public static final String USER_ROLES = "test:test\n" +
"admin:admin\n" +
"monitor:monitor";
public static final String ROLES =
"test:\n" + // a user for the test infra.
" cluster: all, cluster:monitor/state, cluster:monitor/health, indices:admin/template/delete, cluster:admin/repository/delete, indices:admin/template/put\n" +
" indices:\n" +
" '*': all\n" +
"\n" +
"admin:\n" +
" cluster: cluster:monitor/nodes/info, cluster:monitor/state, cluster:monitor/health, cluster:admin/repository/delete\n" +
" indices:\n" +
" '*': all, indices:admin/template/delete\n" +
"\n";
public static Settings settings(boolean enabled) {
Settings.Builder builder = Settings.builder();
if (!enabled) {
return builder.put("shield.enabled", false).build();
}
try {
Path folder = createTempDir().resolve("watcher_shield");
Files.createDirectories(folder);
return builder.put("shield.enabled", true)
.put("shield.user", "test:changeme")
.put("shield.authc.realms.esusers.type", ESUsersRealm.TYPE)
.put("shield.authc.realms.esusers.order", 0)
.put("shield.authc.realms.esusers.files.users", AbstractWatcherIntegrationTests.ShieldSettings.writeFile(folder, "users", USERS))
.put("shield.authc.realms.esusers.files.users_roles", AbstractWatcherIntegrationTests.ShieldSettings.writeFile(folder, "users_roles", USER_ROLES))
.put("shield.authz.store.files.roles", AbstractWatcherIntegrationTests.ShieldSettings.writeFile(folder, "roles.yml", ROLES))
.put("shield.transport.n2n.ip_filter.file", AbstractWatcherIntegrationTests.ShieldSettings.writeFile(folder, "ip_filter.yml", IP_FILTER))
.put("shield.audit.enabled", true)
.build();
} catch (IOException ex) {
throw new RuntimeException("failed to build settings for shield", ex);
}
}
}
}