TestClusters: Convert the security plugin (#43242)
* TestClusters: Convert the security plugin This PR moves security tests to use TestClusters. The TLS test required support in testclusters itself, so the correct wait condition is configgured based on the cluster settings. * PR review
This commit is contained in:
Alpar Torok
parent
94930d0e84
commit
5a9c48369b
|
|
@ -319,10 +319,17 @@ public class ElasticsearchCluster implements TestClusterConfiguration {
|
|||
|
||||
private void addWaitForClusterHealth() {
|
||||
waitConditions.put("cluster health yellow", (node) -> {
|
||||
|
||||
try {
|
||||
boolean httpSslEnabled = getFirstNode().isHttpSslEnabled();
|
||||
WaitForHttpResource wait = new WaitForHttpResource(
|
||||
"http", getFirstNode().getHttpSocketURI(), nodes.size()
|
||||
httpSslEnabled ? "https" : "http",
|
||||
getFirstNode().getHttpSocketURI(),
|
||||
nodes.size()
|
||||
);
|
||||
if (httpSslEnabled) {
|
||||
wait.setCertificateAuthorities(getFirstNode().getHttpCertificateAuthoritiesFile());
|
||||
}
|
||||
List<Map<String, String>> credentials = getFirstNode().getCredentials();
|
||||
if (getFirstNode().getCredentials().isEmpty() == false) {
|
||||
wait.setUsername(credentials.get(0).get("useradd"));
|
||||
|
|
|
|||
|
|
@ -873,4 +873,19 @@ public class ElasticsearchNode implements TestClusterConfiguration {
|
|||
}
|
||||
return Files.exists(httpPortsFile) && Files.exists(transportPortFile);
|
||||
}
|
||||
|
||||
public boolean isHttpSslEnabled() {
|
||||
return Boolean.valueOf(
|
||||
settings.getOrDefault("xpack.security.http.ssl.enabled", () -> "false").get().toString()
|
||||
);
|
||||
}
|
||||
|
||||
public File getHttpCertificateAuthoritiesFile() {
|
||||
if (settings.containsKey("xpack.security.http.ssl.certificate_authorities") == false) {
|
||||
throw new TestClustersException("Can't get certificates authority file, not configured for " + this);
|
||||
}
|
||||
return getConfigDir()
|
||||
.resolve(settings.get("xpack.security.http.ssl.certificate_authorities").get().toString())
|
||||
.toFile();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
import org.elasticsearch.gradle.test.RestIntegTestTask
|
||||
|
||||
apply plugin: 'elasticsearch.testclusters'
|
||||
apply plugin: 'elasticsearch.standalone-rest-test'
|
||||
apply plugin: 'elasticsearch.rest-test'
|
||||
|
||||
|
|
@ -9,59 +8,53 @@ dependencies {
|
|||
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
||||
}
|
||||
|
||||
task integTestNoSecurity(type: RestIntegTestTask) {
|
||||
description = "Run tests against a cluster that doesn't have security"
|
||||
}
|
||||
tasks.getByName("integTestNoSecurityRunner").configure {
|
||||
systemProperty 'tests.has_security', 'false'
|
||||
}
|
||||
check.dependsOn(integTestNoSecurity)
|
||||
|
||||
task integTestSecurity(type: RestIntegTestTask) {
|
||||
dependsOn integTestNoSecurity
|
||||
description = "Run tests against a cluster that has security"
|
||||
}
|
||||
tasks.getByName("integTestSecurityRunner").configure {
|
||||
systemProperty 'tests.has_security', 'true'
|
||||
}
|
||||
check.dependsOn(integTestSecurity)
|
||||
|
||||
configure(extensions.findByName("integTestNoSecurityCluster")) {
|
||||
clusterName = "enable-security-on-basic"
|
||||
numNodes = 2
|
||||
|
||||
setting 'xpack.ilm.enabled', 'false'
|
||||
setting 'xpack.ml.enabled', 'false'
|
||||
setting 'xpack.license.self_generated.type', 'basic'
|
||||
setting 'xpack.security.enabled', 'false'
|
||||
integTest {
|
||||
description = "Run tests against a cluster that doesn't have security"
|
||||
runner {
|
||||
systemProperty 'tests.has_security', 'false'
|
||||
}
|
||||
}
|
||||
|
||||
Task noSecurityTest = tasks.findByName("integTestNoSecurity")
|
||||
configure(extensions.findByName("integTestSecurityCluster")) {
|
||||
clusterName = "basic-license"
|
||||
numNodes = 2
|
||||
dataDir = { nodeNum -> noSecurityTest.nodes[nodeNum].dataDir }
|
||||
|
||||
testClusters.integTest {
|
||||
distribution = 'DEFAULT'
|
||||
numberOfNodes = 2
|
||||
setting 'xpack.ilm.enabled', 'false'
|
||||
setting 'xpack.ml.enabled', 'false'
|
||||
setting 'xpack.license.self_generated.type', 'basic'
|
||||
setting 'xpack.security.enabled', 'true'
|
||||
setting 'xpack.security.authc.anonymous.roles', 'anonymous'
|
||||
setting 'xpack.security.transport.ssl.enabled', 'true'
|
||||
setting 'xpack.security.transport.ssl.certificate', 'transport.crt'
|
||||
setting 'xpack.security.transport.ssl.key', 'transport.key'
|
||||
setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password'
|
||||
setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt'
|
||||
|
||||
extraConfigFile 'transport.key', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.key').toFile()
|
||||
extraConfigFile 'transport.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.crt').toFile()
|
||||
extraConfigFile 'ca.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/ca.crt').toFile()
|
||||
|
||||
setupCommand 'setupAdminUser',
|
||||
'bin/elasticsearch-users', 'useradd', 'admin_user', '-p', 'admin-password', '-r', 'superuser'
|
||||
setupCommand 'setupTestUser' ,
|
||||
'bin/elasticsearch-users', 'useradd', 'security_test_user', '-p', 'security-test-password', '-r', 'security_test_role'
|
||||
extraConfigFile 'roles.yml', project.projectDir.toPath().resolve('src/test/resources/roles.yml').toFile()
|
||||
setting 'xpack.security.enabled', 'false'
|
||||
}
|
||||
|
||||
integTest.enabled = false
|
||||
task integTestSecurity(type: Test) {
|
||||
description = "Run tests against a cluster that has security"
|
||||
useCluster testClusters.integTest
|
||||
dependsOn integTest
|
||||
systemProperty 'tests.has_security', 'true'
|
||||
maxParallelForks = 1
|
||||
outputs.cacheIf "Caching of REST tests not implemented yet", { false }
|
||||
|
||||
doFirst {
|
||||
testClusters.integTest {
|
||||
// Reconfigure cluster to enable security
|
||||
setting 'xpack.security.enabled', 'true'
|
||||
setting 'xpack.security.authc.anonymous.roles', 'anonymous'
|
||||
setting 'xpack.security.transport.ssl.enabled', 'true'
|
||||
setting 'xpack.security.transport.ssl.certificate', 'transport.crt'
|
||||
setting 'xpack.security.transport.ssl.key', 'transport.key'
|
||||
setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password'
|
||||
setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt'
|
||||
|
||||
extraConfigFile 'transport.key', file('src/test/resources/ssl/transport.key')
|
||||
extraConfigFile 'transport.crt', file('src/test/resources/ssl/transport.crt')
|
||||
extraConfigFile 'ca.crt', file('src/test/resources/ssl/ca.crt')
|
||||
extraConfigFile 'roles.yml', file('src/test/resources/roles.yml')
|
||||
|
||||
user username: "admin_user", password: "admin-password"
|
||||
user username: "security_test_user", password: "security-test-password", role: "security_test_role"
|
||||
|
||||
restart()
|
||||
}
|
||||
nonInputProperties.systemProperty 'tests.rest.cluster', "${-> testClusters.integTest.getAllHttpSocketURI().join(",")}"
|
||||
}
|
||||
}
|
||||
check.dependsOn(integTestSecurity)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
import org.elasticsearch.gradle.http.WaitForHttpResource
|
||||
|
||||
apply plugin: 'elasticsearch.testclusters'
|
||||
apply plugin: 'elasticsearch.standalone-rest-test'
|
||||
apply plugin: 'elasticsearch.rest-test'
|
||||
|
||||
|
|
@ -9,8 +8,9 @@ dependencies {
|
|||
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
||||
}
|
||||
|
||||
integTestCluster {
|
||||
numNodes=2
|
||||
testClusters.integTest {
|
||||
distribution = "DEFAULT"
|
||||
numberOfNodes = 2
|
||||
|
||||
setting 'xpack.ilm.enabled', 'false'
|
||||
setting 'xpack.ml.enabled', 'false'
|
||||
|
|
@ -21,14 +21,7 @@ integTestCluster {
|
|||
setting 'xpack.security.authc.token.enabled', 'true'
|
||||
setting 'xpack.security.authc.api_key.enabled', 'true'
|
||||
|
||||
extraConfigFile 'roles.yml', project.projectDir.toPath().resolve('src/test/resources/roles.yml')
|
||||
setupCommand 'setupUser#admin_user', 'bin/elasticsearch-users', 'useradd', 'admin_user', '-p', 'admin-password', '-r', 'superuser'
|
||||
setupCommand 'setupUser#security_test_user', 'bin/elasticsearch-users', 'useradd', 'security_test_user', '-p', 'security-test-password', '-r', 'security_test_role'
|
||||
|
||||
waitCondition = { node, ant ->
|
||||
WaitForHttpResource http = new WaitForHttpResource("http", node.httpUri(), numNodes)
|
||||
http.setUsername("admin_user")
|
||||
http.setPassword("admin-password")
|
||||
return http.wait(5000)
|
||||
}
|
||||
extraConfigFile 'roles.yml', file('src/test/resources/roles.yml')
|
||||
user username: "admin_user", password: "admin-password"
|
||||
user username: "security_test_user", password: "security-test-password", role: "security_test_role"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
import org.elasticsearch.gradle.http.WaitForHttpResource
|
||||
|
||||
apply plugin: 'elasticsearch.testclusters'
|
||||
apply plugin: 'elasticsearch.standalone-rest-test'
|
||||
apply plugin: 'elasticsearch.rest-test'
|
||||
|
||||
|
|
@ -14,16 +13,16 @@ forbiddenPatterns {
|
|||
exclude '**/*.p12'
|
||||
}
|
||||
|
||||
File caFile = project.file('src/test/resources/ssl/ca.crt')
|
||||
|
||||
integTestCluster {
|
||||
numNodes=2
|
||||
testClusters.integTest {
|
||||
distribution = "DEFAULT"
|
||||
numberOfNodes = 2
|
||||
|
||||
extraConfigFile 'http.key', project.projectDir.toPath().resolve('src/test/resources/ssl/http.key')
|
||||
extraConfigFile 'http.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/http.crt')
|
||||
extraConfigFile 'transport.key', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.key')
|
||||
extraConfigFile 'transport.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.crt')
|
||||
extraConfigFile 'ca.crt', caFile
|
||||
extraConfigFile 'http.key', file('src/test/resources/ssl/http.key')
|
||||
extraConfigFile 'http.crt', file('src/test/resources/ssl/http.crt')
|
||||
extraConfigFile 'transport.key', file('src/test/resources/ssl/transport.key')
|
||||
extraConfigFile 'transport.crt', file('src/test/resources/ssl/transport.crt')
|
||||
extraConfigFile 'ca.crt', file('src/test/resources/ssl/ca.crt')
|
||||
|
||||
setting 'xpack.ilm.enabled', 'false'
|
||||
setting 'xpack.ml.enabled', 'false'
|
||||
|
|
@ -32,16 +31,11 @@ integTestCluster {
|
|||
setting 'xpack.security.http.ssl.certificate', 'http.crt'
|
||||
setting 'xpack.security.http.ssl.key', 'http.key'
|
||||
setting 'xpack.security.http.ssl.key_passphrase', 'http-password'
|
||||
setting 'xpack.security.http.ssl.certificate_authorities', 'ca.crt'
|
||||
setting 'xpack.security.transport.ssl.enabled', 'true'
|
||||
setting 'xpack.security.transport.ssl.certificate', 'transport.crt'
|
||||
setting 'xpack.security.transport.ssl.key', 'transport.key'
|
||||
setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password'
|
||||
setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt'
|
||||
|
||||
waitCondition = { node, ant ->
|
||||
WaitForHttpResource http = new WaitForHttpResource("https", node.httpUri(), numNodes)
|
||||
http.setCertificateAuthorities(caFile)
|
||||
return http.wait(5000)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue