honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-17 10:25:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

TestClusters: Convert the security plugin (#43242)

Browse Source 
* TestClusters: Convert the security plugin

This PR moves security tests to use TestClusters.
The TLS test required support in testclusters itself, so the correct
wait condition is configgured based on the cluster settings.

* PR review
This commit is contained in:
Alpar Torok 2019-06-18 11:51:20 +03:00
parent 94930d0e84
commit 5a9c48369b
5 changed files with 84 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchCluster.java
View File

@ -319,10 +319,17 @@ public class ElasticsearchCluster implements TestClusterConfiguration {
private void addWaitForClusterHealth() { private void addWaitForClusterHealth() {
waitConditions.put("cluster health yellow", (node) -> { waitConditions.put("cluster health yellow", (node) -> {
try { try {
boolean httpSslEnabled = getFirstNode().isHttpSslEnabled();
WaitForHttpResource wait = new WaitForHttpResource( WaitForHttpResource wait = new WaitForHttpResource(
"http", getFirstNode().getHttpSocketURI(), nodes.size() httpSslEnabled ? "https" : "http",
getFirstNode().getHttpSocketURI(),
nodes.size()
); );
if (httpSslEnabled) {
wait.setCertificateAuthorities(getFirstNode().getHttpCertificateAuthoritiesFile());
}
List<Map<String, String>> credentials = getFirstNode().getCredentials(); List<Map<String, String>> credentials = getFirstNode().getCredentials();
if (getFirstNode().getCredentials().isEmpty() == false) { if (getFirstNode().getCredentials().isEmpty() == false) {
wait.setUsername(credentials.get(0).get("useradd")); wait.setUsername(credentials.get(0).get("useradd"));

15
buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchNode.java
View File

@ -873,4 +873,19 @@ public class ElasticsearchNode implements TestClusterConfiguration {
} }
return Files.exists(httpPortsFile) && Files.exists(transportPortFile); return Files.exists(httpPortsFile) && Files.exists(transportPortFile);
} }
public boolean isHttpSslEnabled() {
return Boolean.valueOf(
settings.getOrDefault("xpack.security.http.ssl.enabled", () -> "false").get().toString()
);
}
public File getHttpCertificateAuthoritiesFile() {
if (settings.containsKey("xpack.security.http.ssl.certificate_authorities") == false) {
throw new TestClustersException("Can't get certificates authority file, not configured for " + this);
}
return getConfigDir()
.resolve(settings.get("xpack.security.http.ssl.certificate_authorities").get().toString())
.toFile();
}
} }

63
x-pack/plugin/security/qa/basic-enable-security/build.gradle
View File

@ -1,5 +1,4 @@
import org.elasticsearch.gradle.test.RestIntegTestTask apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -9,42 +8,33 @@ dependencies {
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts') testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
} }
task integTestNoSecurity(type: RestIntegTestTask) { integTest {
description = "Run tests against a cluster that doesn't have security" description = "Run tests against a cluster that doesn't have security"
} runner {
tasks.getByName("integTestNoSecurityRunner").configure {
systemProperty 'tests.has_security', 'false' systemProperty 'tests.has_security', 'false'
} }
check.dependsOn(integTestNoSecurity)
task integTestSecurity(type: RestIntegTestTask) {
dependsOn integTestNoSecurity
description = "Run tests against a cluster that has security"
} }
tasks.getByName("integTestSecurityRunner").configure {
systemProperty 'tests.has_security', 'true'
}
check.dependsOn(integTestSecurity)
configure(extensions.findByName("integTestNoSecurityCluster")) {
clusterName = "enable-security-on-basic"
numNodes = 2
testClusters.integTest {
distribution = 'DEFAULT'
numberOfNodes = 2
setting 'xpack.ilm.enabled', 'false' setting 'xpack.ilm.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
setting 'xpack.license.self_generated.type', 'basic' setting 'xpack.license.self_generated.type', 'basic'
setting 'xpack.security.enabled', 'false' setting 'xpack.security.enabled', 'false'
} }
Task noSecurityTest = tasks.findByName("integTestNoSecurity") task integTestSecurity(type: Test) {
configure(extensions.findByName("integTestSecurityCluster")) { description = "Run tests against a cluster that has security"
clusterName = "basic-license" useCluster testClusters.integTest
numNodes = 2 dependsOn integTest
dataDir = { nodeNum -> noSecurityTest.nodes[nodeNum].dataDir } systemProperty 'tests.has_security', 'true'
maxParallelForks = 1
outputs.cacheIf "Caching of REST tests not implemented yet", { false }
setting 'xpack.ilm.enabled', 'false' doFirst {
setting 'xpack.ml.enabled', 'false' testClusters.integTest {
setting 'xpack.license.self_generated.type', 'basic' // Reconfigure cluster to enable security
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
setting 'xpack.security.authc.anonymous.roles', 'anonymous' setting 'xpack.security.authc.anonymous.roles', 'anonymous'
setting 'xpack.security.transport.ssl.enabled', 'true' setting 'xpack.security.transport.ssl.enabled', 'true'
@ -53,15 +43,18 @@ configure(extensions.findByName("integTestSecurityCluster")) {
setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password' setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password'
setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt' setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt'
extraConfigFile 'transport.key', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.key').toFile() extraConfigFile 'transport.key', file('src/test/resources/ssl/transport.key')
extraConfigFile 'transport.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.crt').toFile() extraConfigFile 'transport.crt', file('src/test/resources/ssl/transport.crt')
extraConfigFile 'ca.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/ca.crt').toFile() extraConfigFile 'ca.crt', file('src/test/resources/ssl/ca.crt')
extraConfigFile 'roles.yml', file('src/test/resources/roles.yml')
setupCommand 'setupAdminUser', user username: "admin_user", password: "admin-password"
'bin/elasticsearch-users', 'useradd', 'admin_user', '-p', 'admin-password', '-r', 'superuser' user username: "security_test_user", password: "security-test-password", role: "security_test_role"
setupCommand 'setupTestUser' ,
'bin/elasticsearch-users', 'useradd', 'security_test_user', '-p', 'security-test-password', '-r', 'security_test_role' restart()
extraConfigFile 'roles.yml', project.projectDir.toPath().resolve('src/test/resources/roles.yml').toFile()
} }
nonInputProperties.systemProperty 'tests.rest.cluster', "${-> testClusters.integTest.getAllHttpSocketURI().join(",")}"
}
}
check.dependsOn(integTestSecurity)
integTest.enabled = false

21
x-pack/plugin/security/qa/security-basic/build.gradle
View File

@ -1,5 +1,4 @@
import org.elasticsearch.gradle.http.WaitForHttpResource apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -9,8 +8,9 @@ dependencies {
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts') testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
} }
integTestCluster { testClusters.integTest {
numNodes=2 distribution = "DEFAULT"
numberOfNodes = 2
setting 'xpack.ilm.enabled', 'false' setting 'xpack.ilm.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
@ -21,14 +21,7 @@ integTestCluster {
setting 'xpack.security.authc.token.enabled', 'true' setting 'xpack.security.authc.token.enabled', 'true'
setting 'xpack.security.authc.api_key.enabled', 'true' setting 'xpack.security.authc.api_key.enabled', 'true'
extraConfigFile 'roles.yml', project.projectDir.toPath().resolve('src/test/resources/roles.yml') extraConfigFile 'roles.yml', file('src/test/resources/roles.yml')
setupCommand 'setupUser#admin_user', 'bin/elasticsearch-users', 'useradd', 'admin_user', '-p', 'admin-password', '-r', 'superuser' user username: "admin_user", password: "admin-password"
setupCommand 'setupUser#security_test_user', 'bin/elasticsearch-users', 'useradd', 'security_test_user', '-p', 'security-test-password', '-r', 'security_test_role' user username: "security_test_user", password: "security-test-password", role: "security_test_role"
waitCondition = { node, ant ->
WaitForHttpResource http = new WaitForHttpResource("http", node.httpUri(), numNodes)
http.setUsername("admin_user")
http.setPassword("admin-password")
return http.wait(5000)
}
} }

26
x-pack/plugin/security/qa/tls-basic/build.gradle
View File

@ -1,5 +1,4 @@
import org.elasticsearch.gradle.http.WaitForHttpResource apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -14,16 +13,16 @@ forbiddenPatterns {
exclude '**/*.p12' exclude '**/*.p12'
} }
File caFile = project.file('src/test/resources/ssl/ca.crt')
integTestCluster { testClusters.integTest {
numNodes=2 distribution = "DEFAULT"
numberOfNodes = 2
extraConfigFile 'http.key', project.projectDir.toPath().resolve('src/test/resources/ssl/http.key') extraConfigFile 'http.key', file('src/test/resources/ssl/http.key')
extraConfigFile 'http.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/http.crt') extraConfigFile 'http.crt', file('src/test/resources/ssl/http.crt')
extraConfigFile 'transport.key', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.key') extraConfigFile 'transport.key', file('src/test/resources/ssl/transport.key')
extraConfigFile 'transport.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.crt') extraConfigFile 'transport.crt', file('src/test/resources/ssl/transport.crt')
extraConfigFile 'ca.crt', caFile extraConfigFile 'ca.crt', file('src/test/resources/ssl/ca.crt')
setting 'xpack.ilm.enabled', 'false' setting 'xpack.ilm.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
@ -32,16 +31,11 @@ integTestCluster {
setting 'xpack.security.http.ssl.certificate', 'http.crt' setting 'xpack.security.http.ssl.certificate', 'http.crt'
setting 'xpack.security.http.ssl.key', 'http.key' setting 'xpack.security.http.ssl.key', 'http.key'
setting 'xpack.security.http.ssl.key_passphrase', 'http-password' setting 'xpack.security.http.ssl.key_passphrase', 'http-password'
setting 'xpack.security.http.ssl.certificate_authorities', 'ca.crt'
setting 'xpack.security.transport.ssl.enabled', 'true' setting 'xpack.security.transport.ssl.enabled', 'true'
setting 'xpack.security.transport.ssl.certificate', 'transport.crt' setting 'xpack.security.transport.ssl.certificate', 'transport.crt'
setting 'xpack.security.transport.ssl.key', 'transport.key' setting 'xpack.security.transport.ssl.key', 'transport.key'
setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password' setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password'
setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt' setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt'
waitCondition = { node, ant ->
WaitForHttpResource http = new WaitForHttpResource("https", node.httpUri(), numNodes)
http.setCertificateAuthorities(caFile)
return http.wait(5000)
}
} }