make tests pass witout security manager

Original commit: elastic/x-pack-elasticsearch@59931382d5

src/test/java/org/elasticsearch/watcher/input/http/HttpInputIntegrationTests.java

@@ -18,6 +18,7 @@ import org.elasticsearch.watcher.support.http.auth.basic.BasicAuth;
 import org.elasticsearch.watcher.support.template.Template;
 import org.elasticsearch.watcher.support.xcontent.XContentSource;
 import org.elasticsearch.watcher.test.AbstractWatcherIntegrationTests;
+import org.elasticsearch.watcher.transport.actions.put.PutWatchResponse;
 import org.elasticsearch.watcher.trigger.schedule.IntervalSchedule;
 import org.junit.Test;
 
@@ -40,8 +41,8 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTests {
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
         return Settings.builder()
-                .put(Node.HTTP_ENABLED, true)
                 .put(super.nodeSettings(nodeOrdinal))
+                .put(Node.HTTP_ENABLED, true)
                 .build();
     }
 
@@ -71,19 +72,19 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTests {
     }
 
     @Test
-    @TestLogging("watcher.support.http:TRACE")
     public void testHttpInput_clusterStats() throws Exception {
         InetSocketAddress address = internalTestCluster().httpAddresses()[0];
-        watcherClient().preparePutWatch("_name")
+        PutWatchResponse putWatchResponse = watcherClient().preparePutWatch("_name")
                 .setSource(watchBuilder()
                         .trigger(schedule(interval("1s")))
                         .input(httpInput(HttpRequestTemplate.builder(address.getHostName(), address.getPort())
                                 .path("/_cluster/stats")
                                 .auth(shieldEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null)))
-                        .condition(scriptCondition("ctx.payload.nodes.count.total > 1"))
+                        .condition(scriptCondition("ctx.payload.nodes.count.total >= 1"))
                         .addAction("_id", loggingAction("watch [{{ctx.watch_id}}] matched")))
                 .get();
 
+        assertTrue(putWatchResponse.isCreated());
         if (timeWarped()) {
             timeWarp().scheduler().trigger("_name");
             refresh();

src/test/java/org/elasticsearch/watcher/test/rest/WatcherDisabledLicenseRestTests.java

@@ -20,6 +20,7 @@ import org.junit.Test;
 
 import java.io.IOException;
 
+import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 
 /**
@@ -27,19 +28,6 @@ import static org.hamcrest.Matchers.is;
 public class WatcherDisabledLicenseRestTests extends WatcherRestTests {
 
     @Override
-    protected Settings nodeSettings(int nodeOrdinal) {
-        Settings.Builder builder = Settings.builder()
-                .put(super.nodeSettings(nodeOrdinal))
-                .put("scroll.size", randomIntBetween(1, 100))
-                .put("plugin.types",
-                        WatcherPlugin.class.getName() + "," +
-                                (shieldEnabled ? ShieldPlugin.class.getName() + "," : "") +
-                                licensePluginClass().getName())
-                .put(PluginsService.LOAD_PLUGIN_FROM_CLASSPATH, false)
-                .put(ShieldSettings.settings(shieldEnabled));
-        return builder.build();
-    }
-
     protected Class<? extends Plugin> licensePluginClass() {
         return LicenseIntegrationTests.MockLicensePlugin.class;
     }
@@ -59,8 +47,13 @@ public class WatcherDisabledLicenseRestTests extends WatcherRestTests {
                 //This was a test testing the "hijacked" methods
                 return;
             }
-            assertThat(ae.getMessage().contains("401 Unauthorized"), is(true));
+            if (shieldEnabled) {
-            assertThat(ae.getMessage().contains(LicenseExpiredException.class.getSimpleName()), is(true));
+                assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
+                assertThat(ae.getMessage(), containsString("is unauthorized for user [admin]"));
+            } else {
+                assertThat(ae.getMessage(), containsString("unauthorized"));
+                assertThat(ae.getMessage(), containsString(LicenseExpiredException.class.getSimpleName()));
+            }
         }
     }
 

src/test/java/org/elasticsearch/watcher/test/rest/WatcherRestTests.java

@@ -8,9 +8,11 @@ package org.elasticsearch.watcher.test.rest;
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.client.support.Headers;
+import org.elasticsearch.cluster.metadata.IndexMetaData;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.license.plugin.LicensePlugin;
 import org.elasticsearch.node.Node;
+import org.elasticsearch.plugins.Plugin;
 import org.elasticsearch.plugins.PluginsService;
 import org.elasticsearch.shield.ShieldPlugin;
 import org.elasticsearch.shield.authc.esusers.ESUsersRealm;
@@ -22,6 +24,7 @@ import org.elasticsearch.test.rest.ElasticsearchRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 import org.elasticsearch.watcher.WatcherPlugin;
+import org.elasticsearch.watcher.license.LicenseIntegrationTests;
 import org.elasticsearch.watcher.test.AbstractWatcherIntegrationTests;
 
 import java.io.IOException;
@@ -37,7 +40,7 @@ import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
 @TestLogging("_root:DEBUG")
 public class WatcherRestTests extends ElasticsearchRestTestCase {
 
-    final boolean shieldEnabled = randomBoolean();
+    final boolean shieldEnabled = enableShield();
 
     public WatcherRestTests(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
@@ -48,6 +51,10 @@ public class WatcherRestTests extends ElasticsearchRestTestCase {
         return ElasticsearchRestTestCase.createParameters(0, 1);
     }
 
+    protected boolean enableShield() {
+        return randomBoolean();
+    }
+
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
         return Settings.builder()
@@ -55,13 +62,18 @@ public class WatcherRestTests extends ElasticsearchRestTestCase {
                 .put("scroll.size", randomIntBetween(1, 100))
                 .put("plugin.types", WatcherPlugin.class.getName() + ","
                         + (shieldEnabled ? ShieldPlugin.class.getName() + "," : "")
-                        + "," + LicensePlugin.class.getName())
+                        + "," + licensePluginClass().getName())
                 .put(Node.HTTP_ENABLED, true)
                 .put(ShieldSettings.settings(shieldEnabled))
                 .put(PluginsService.LOAD_PLUGIN_FROM_CLASSPATH, false)
         .build();
     }
 
+    protected Class<? extends Plugin> licensePluginClass() {
+        return LicensePlugin.class;
+    }
+
+
     /**
      * Used to obtain settings for the REST client that is used to send REST requests.
      */
@@ -108,12 +120,15 @@ public class WatcherRestTests extends ElasticsearchRestTestCase {
 
         public static final String IP_FILTER = "allow: all\n";
 
-        private static final String TEST_PASSWORD =  "changeme";
+        public static final String TEST_USERNAME = "test";
+        public static final String TEST_PASSWORD = "changeme";
         private static final String TEST_PASSWORD_HASHED =  new String(Hasher.BCRYPT.hash(new SecuredString(TEST_PASSWORD.toCharArray())));
 
-        public static final String USERS = "test:{plain}changeme\n" +
+        public static final String USERS =
-                "admin: " + TEST_PASSWORD_HASHED + "\n" +
+                "transport_client:" + TEST_PASSWORD_HASHED + "\n" +
-                "monitor:" + TEST_PASSWORD_HASHED;
+                        TEST_USERNAME + ":" + TEST_PASSWORD_HASHED + "\n" +
+                        "admin:" + TEST_PASSWORD_HASHED + "\n" +
+                        "monitor:" + TEST_PASSWORD_HASHED;
 
         public static final String USER_ROLES = "test:test\n" +
                 "admin:admin\n" +
@@ -126,7 +141,7 @@ public class WatcherRestTests extends ElasticsearchRestTestCase {
                 "    '*': all\n" +
                 "\n" +
                 "admin:\n" +
-                "  cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/state, cluster:monitor/nodes/liveness, cluster:monitor/health, cluster:admin/repository/delete\n" +
+                "  cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/state, cluster:monitor/nodes/liveness, cluster:monitor/health, cluster:admin/repository/delete, indices:admin/template/put, indices:admin/template/get\n" +
                 "  indices:\n" +
                 "    '*': all, indices:admin/template/delete\n" +
                 "\n" +

src/test/java/org/elasticsearch/watcher/test/rest/WatcherShieldAuthorizationFailedRestTests.java

@@ -13,8 +13,10 @@ import org.elasticsearch.common.io.Streams;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.license.plugin.LicensePlugin;
 import org.elasticsearch.node.Node;
+import org.elasticsearch.plugins.PluginsService;
 import org.elasticsearch.shield.ShieldPlugin;
 import org.elasticsearch.shield.authc.esusers.ESUsersRealm;
+import org.elasticsearch.shield.authc.support.Hasher;
 import org.elasticsearch.shield.authc.support.SecuredString;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.watcher.WatcherPlugin;
@@ -33,35 +35,9 @@ import static org.hamcrest.Matchers.containsString;
  */
 public class WatcherShieldAuthorizationFailedRestTests extends WatcherRestTests {
 
-    // Always run with Shield enabled:
     @Override
-    protected Settings nodeSettings(int nodeOrdinal) {
+    protected boolean enableShield() {
-        Settings.Builder builder = Settings.builder()
+        return true; // Always run with Shield enabled:
-                .put(super.nodeSettings(nodeOrdinal))
-                .put("plugin.types", WatcherPlugin.class.getName() + "," +
-                                ShieldPlugin.class.getName() + "," +
-                                LicensePlugin.class.getName())
-                .put(ShieldSettings.settings(true));
-        return builder.build();
-    }
-
-    @Override
-    protected Settings restClientSettings() {
-        String token = basicAuthHeaderValue("admin", new SecuredString("changeme".toCharArray()));
-        return Settings.builder()
-                .put(Headers.PREFIX + ".Authorization", token)
-                .build();
-    }
-
-    @Override
-    protected Settings transportClientSettings() {
-        return Settings.builder()
-                .put(super.transportClientSettings())
-                .put("client.transport.sniff", false)
-                .put("plugin.types", WatcherPlugin.class.getName() + "," + ShieldPlugin.class.getName() + ",")
-                .put("shield.user", "admin:changeme")
-                .put(Node.HTTP_ENABLED, true)
-                .build();
     }
 
     public WatcherShieldAuthorizationFailedRestTests(@Name("yaml") RestTestCandidate testCandidate) {
@@ -82,53 +58,4 @@ public class WatcherShieldAuthorizationFailedRestTests extends WatcherRestTests
             assertThat(ae.getMessage(), containsString("is unauthorized for user [admin]"));
         }
     }
-
-    public static class ShieldSettings {
-
-        public static final String IP_FILTER = "allow: all\n";
-
-        public static final String USERS = "test:{plain}changeme\n" +
-                "admin:{plain}changeme\n" +
-                "monitor:{plain}changeme";
-
-        public static final String USER_ROLES = "test:test\n" +
-                "admin:admin\n" +
-                "monitor:monitor";
-
-        public static final String ROLES =
-                "test:\n" + // a user for the test infra.
-                        "  cluster: all, cluster:monitor/state, cluster:monitor/health, indices:admin/template/delete, cluster:admin/repository/delete, indices:admin/template/put\n" +
-                        "  indices:\n" +
-                        "    '*': all\n" +
-                        "\n" +
-                        "admin:\n" +
-                        "  cluster: cluster:monitor/nodes/info, cluster:monitor/state, cluster:monitor/health, cluster:admin/repository/delete\n" +
-                        "  indices:\n" +
-                        "    '*': all, indices:admin/template/delete\n" +
-                        "\n";
-
-        public static Settings settings(boolean enabled) {
-            Settings.Builder builder = Settings.builder();
-            if (!enabled) {
-                return builder.put("shield.enabled", false).build();
-            }
-
-            try {
-            Path folder = createTempDir().resolve("watcher_shield");
-            Files.createDirectories(folder);
-            return builder.put("shield.enabled", true)
-                    .put("shield.user", "test:changeme")
-                    .put("shield.authc.realms.esusers.type", ESUsersRealm.TYPE)
-                    .put("shield.authc.realms.esusers.order", 0)
-                    .put("shield.authc.realms.esusers.files.users", AbstractWatcherIntegrationTests.ShieldSettings.writeFile(folder, "users", USERS))
-                    .put("shield.authc.realms.esusers.files.users_roles", AbstractWatcherIntegrationTests.ShieldSettings.writeFile(folder, "users_roles", USER_ROLES))
-                    .put("shield.authz.store.files.roles", AbstractWatcherIntegrationTests.ShieldSettings.writeFile(folder, "roles.yml", ROLES))
-                    .put("shield.transport.n2n.ip_filter.file", AbstractWatcherIntegrationTests.ShieldSettings.writeFile(folder, "ip_filter.yml", IP_FILTER))
-                    .put("shield.audit.enabled", true)
-                    .build();
-            } catch (IOException ex) {
-                throw new RuntimeException("failed to build settings for shield", ex);
-            }
-        }
-    }
 }