Merge pull request elastic/elasticsearch#1043 from rjernst/remove_ant_contrib
Build: Simplify ssl test to not use ant Original commit: elastic/x-pack-elasticsearch@14d41f6fc1
This commit is contained in:
Ryan Ernst
commit
660ac633a6
|
|
@ -1,34 +1,154 @@
|
|||
import org.elasticsearch.gradle.LoggedExec
|
||||
|
||||
apply plugin: 'elasticsearch.rest-test'
|
||||
|
||||
dependencies {
|
||||
testCompile project(path: ':x-plugins:shield', configuration: 'runtime')
|
||||
}
|
||||
|
||||
// ssl setup, it reuses the ssl-setup.xml from ant, for now.
|
||||
|
||||
// location of target keystore
|
||||
// location of keystore and files to generate it
|
||||
File ca = new File(project.buildDir, 'ca')
|
||||
File caConfig = new File(ca, 'conf/caconfig.cnf')
|
||||
File cert = new File(project.buildDir, 'cert/test-node.csr')
|
||||
File signedCert = new File(project.buildDir, 'cert/test-node-signed.csr')
|
||||
File keystore = new File(project.buildDir, 'keystore/test-node.jks')
|
||||
|
||||
// we touch keystore because otherwise it fails, extraConfigFile does not exist
|
||||
// this tricks some broken compile-time check into just moving along: we nuke this stuff before we actually generate
|
||||
keystore.parentFile.mkdirs()
|
||||
keystore.createNewFile()
|
||||
String caConfigData = """
|
||||
[ ca ]
|
||||
default_ca = CA_default
|
||||
[ CA_default ]
|
||||
copy_extensions = copy
|
||||
serial = ${ca}/serial
|
||||
database = ${ca}/index.txt
|
||||
new_certs_dir = ${ca}/certs
|
||||
certificate = ${ca}/certs/cacert.pem
|
||||
private_key = ${ca}/private/cakey.pem
|
||||
default_days = 712
|
||||
default_md = sha256
|
||||
preserve = no
|
||||
email_in_dn = no
|
||||
x509_extensions = v3_ca
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
policy = policy_anything
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
[ req ]
|
||||
default_bits = 2048 # Size of keys
|
||||
default_keyfile = key.pem # name of generated keys
|
||||
default_md = sha256 # message digest algorithm
|
||||
string_mask = nombstr # permitted characters
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
[ req_distinguished_name ]
|
||||
# Variable name Prompt string
|
||||
#------------------------- ----------------------------------
|
||||
0.organizationName = Organization Name (company)
|
||||
organizationalUnitName = Organizational Unit Name (department, division)
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 40
|
||||
localityName = Locality Name (city, district)
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
commonName = Common Name (hostname, IP, or your name)
|
||||
commonName_max = 64
|
||||
# Default values for the above, for consistency and less typing.
|
||||
# Variable name Value
|
||||
#------------------------ ------------------------------
|
||||
0.organizationName_default = Elasticsearch Test Org
|
||||
localityName_default = Amsterdam
|
||||
stateOrProvinceName_default = Amsterdam
|
||||
countryName_default = NL
|
||||
emailAddress_default = cacerttest@YOUR.COMPANY.TLD
|
||||
[ v3_ca ]
|
||||
basicConstraints = CA:TRUE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer:always
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
"""
|
||||
|
||||
// generate the keystore
|
||||
task createKey(type: LoggedExec) {
|
||||
doFirst {
|
||||
project.delete(keystore.parentFile)
|
||||
keystore.parentFile.mkdirs()
|
||||
}
|
||||
executable = 'keytool'
|
||||
standardInput = new ByteArrayInputStream('FirstName LastName\nUnit\nOrganization\nCity\nState\nNL\nyes\n\n'.getBytes('UTF-8'))
|
||||
args '-genkey',
|
||||
'-alias', 'test-node',
|
||||
'-keystore', keystore,
|
||||
'-keyalg', 'RSA',
|
||||
'-keysize', '2048',
|
||||
'-validity', '712',
|
||||
'-ext', 'san=dns:localhost,ip:127.0.0.1',
|
||||
'-storepass', 'keypass'
|
||||
}
|
||||
|
||||
task createCertificate(type: LoggedExec, dependsOn: createKey) {
|
||||
doFirst {
|
||||
project.delete(cert.parentFile)
|
||||
cert.parentFile.mkdirs()
|
||||
}
|
||||
executable = 'keytool'
|
||||
standardInput = new ByteArrayInputStream('keypass\n'.getBytes('UTF-8'))
|
||||
args '-certreq',
|
||||
'-alias', 'test-node',
|
||||
'-keystore', keystore,
|
||||
'-file', cert,
|
||||
'-keyalg', 'RSA',
|
||||
'-ext', 'san=dns:localhost,ip:127.0.0.1'
|
||||
}
|
||||
|
||||
task createCertificateAuthority(type: LoggedExec) {
|
||||
doFirst {
|
||||
project.delete(ca)
|
||||
ca.mkdirs()
|
||||
for (String dir : ['private', 'certs', 'conf']) {
|
||||
new File(ca, dir).mkdirs()
|
||||
}
|
||||
caConfig.setText(caConfigData, 'UTF-8')
|
||||
new File(ca, 'serial').setText('01', 'UTF-8')
|
||||
new File(ca, 'index.txt').setText('', 'UTF-8')
|
||||
}
|
||||
executable = 'openssl'
|
||||
args 'req', '-new', '-x509', '-extensions', 'v3_ca',
|
||||
'-keyout', new File(ca, 'private/cakey.pem'),
|
||||
'-out', new File(ca, 'certs/cacert.pem'),
|
||||
'-days', '1460',
|
||||
'-config', caConfig,
|
||||
'-subj', '/OU=XPlugins QA',
|
||||
'-passout', 'pass:capass'
|
||||
}
|
||||
|
||||
task signCertificate(type: LoggedExec, dependsOn: [createCertificate, createCertificateAuthority]) {
|
||||
executable = 'openssl'
|
||||
standardInput = new ByteArrayInputStream('y\ny\n'.getBytes('UTF-8'))
|
||||
args 'ca', '-in', cert, '-notext', '-out', signedCert, '-config', caConfig,
|
||||
'-extensions', 'v3_req', '-passin', 'pass:capass'
|
||||
}
|
||||
|
||||
task importCertificate(type: LoggedExec, dependsOn: signCertificate) {
|
||||
executable = 'keytool'
|
||||
standardInput = new ByteArrayInputStream('keypass\nyes\n'.getBytes('UTF-8'))
|
||||
args '-importcert', '-keystore', keystore, '-file', signedCert, '-trustcacerts'
|
||||
}
|
||||
|
||||
// add keystore to test classpath: it expects it there
|
||||
sourceSets.test.resources.srcDir(keystore.parentFile)
|
||||
processTestResources.dependsOn(importCertificate)
|
||||
|
||||
configurations {
|
||||
antcontrib {
|
||||
description = 'ant-contrib'
|
||||
transitive = false
|
||||
}
|
||||
}
|
||||
|
||||
dependencies {
|
||||
antcontrib "ant-contrib:ant-contrib:1.0b3"
|
||||
}
|
||||
|
||||
// this loop must be outside of a configuration closure, otherwise it may get executed multiple times
|
||||
// add ES plugins, this loop must be outside of a configuration closure, otherwise it may get executed multiple times
|
||||
for (Project subproj : project.rootProject.subprojects) {
|
||||
if (subproj.path.startsWith(':plugins:')) {
|
||||
// need to get a non-decorated project object, so must re-lookup the project by path
|
||||
|
|
@ -36,38 +156,15 @@ for (Project subproj : project.rootProject.subprojects) {
|
|||
}
|
||||
}
|
||||
|
||||
// we should be able to taskdef, but gradle has *the worst* classloader management
|
||||
// so just do a hack, jam ant-contrib directly into gradle's ant's classloader
|
||||
ClassLoader antClassLoader = org.apache.tools.ant.Project.class.classLoader
|
||||
configurations.antcontrib.each { File f ->
|
||||
antClassLoader.addURL(f.toURI().toURL())
|
||||
}
|
||||
|
||||
// suck in ssl-setup.xml, defining matching tasks in gradle
|
||||
ant.property(name: 'integ.scratch', location: project.buildDir)
|
||||
ant.property(name: 'keystore.path', keystore)
|
||||
ant.importBuild 'ssl-setup.xml'
|
||||
|
||||
// clean all intermediate/keystore files before regenerating it
|
||||
task cleanKeystore(type: Delete) {
|
||||
delete new File(project.buildDir, 'keystore'),
|
||||
new File(project.buildDir, 'cert'),
|
||||
new File(project.buildDir, 'ca')
|
||||
}
|
||||
|
||||
// wipe and regenerate keystore so its available as a test dep
|
||||
processTestResources.dependsOn('cleanKeystore')
|
||||
processTestResources.dependsOn('generate-keystore')
|
||||
|
||||
integTest {
|
||||
cluster {
|
||||
// TODO: use some variable here for port number
|
||||
systemProperty 'es.marvel.agent.exporter.es.hosts', 'https://marvel_export:changeme@localhost:9400'
|
||||
systemProperty 'es.marvel.agent.exporter.es.ssl.truststore.path', 'test-node.jks'
|
||||
systemProperty 'es.marvel.agent.exporter.es.ssl.truststore.path', keystore.name
|
||||
systemProperty 'es.marvel.agent.exporter.es.ssl.truststore.password', 'keypass'
|
||||
systemProperty 'es.shield.transport.ssl', 'true'
|
||||
systemProperty 'es.shield.http.ssl', 'true'
|
||||
systemProperty 'es.shield.ssl.keystore.path', 'test-node.jks'
|
||||
systemProperty 'es.shield.ssl.keystore.path', keystore.name
|
||||
systemProperty 'es.shield.ssl.keystore.password', 'keypass'
|
||||
plugin 'licence', project(':x-plugins:license:plugin')
|
||||
plugin 'shield', project(':x-plugins:shield')
|
||||
|
|
@ -75,7 +172,7 @@ integTest {
|
|||
plugin 'marvel-agent', project(':x-plugins:marvel')
|
||||
|
||||
// copy keystore into config/
|
||||
extraConfigFile 'test-node.jks', keystore
|
||||
extraConfigFile keystore.name, keystore
|
||||
setupCommand 'setupTestUser',
|
||||
'bin/shield/esusers', 'useradd', 'test_user', '-p', 'changeme', '-r', 'admin'
|
||||
setupCommand 'setupMarvelUser',
|
||||
|
|
|
|||
|
|
@ -1,170 +0,0 @@
|
|||
<?xml version="1.0"?>
|
||||
<project name="smoke-test-plugins"
|
||||
xmlns:ac="antlib:net.sf.antcontrib">
|
||||
|
||||
<target name="create-certificate-authority">
|
||||
<ac:for list="private,certs,conf" param="dir">
|
||||
<sequential>
|
||||
<mkdir dir="${integ.scratch}/ca/@{dir}"/>
|
||||
</sequential>
|
||||
</ac:for>
|
||||
<echo file="${integ.scratch}/ca/serial">01</echo>
|
||||
<touch file="${integ.scratch}/ca/index.txt"/>
|
||||
<echo file="${integ.scratch}/ca/conf/caconfig.cnf">[ ca ]
|
||||
default_ca = CA_default
|
||||
[ CA_default ]
|
||||
copy_extensions = copy
|
||||
dir = ${integ.scratch}/ca
|
||||
serial = $dir/serial
|
||||
database = $dir/index.txt
|
||||
new_certs_dir = $dir/certs
|
||||
certificate = $dir/certs/cacert.pem
|
||||
private_key = $dir/private/cakey.pem
|
||||
default_days = 712
|
||||
default_md = sha256
|
||||
preserve = no
|
||||
email_in_dn = no
|
||||
x509_extensions = v3_ca
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
policy = policy_anything
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
[ req ]
|
||||
default_bits = 2048 # Size of keys
|
||||
default_keyfile = key.pem # name of generated keys
|
||||
default_md = sha256 # message digest algorithm
|
||||
string_mask = nombstr # permitted characters
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
[ req_distinguished_name ]
|
||||
# Variable name Prompt string
|
||||
#------------------------- ----------------------------------
|
||||
0.organizationName = Organization Name (company)
|
||||
organizationalUnitName = Organizational Unit Name (department, division)
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 40
|
||||
localityName = Locality Name (city, district)
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
commonName = Common Name (hostname, IP, or your name)
|
||||
commonName_max = 64
|
||||
# Default values for the above, for consistency and less typing.
|
||||
# Variable name Value
|
||||
#------------------------ ------------------------------
|
||||
0.organizationName_default = Elasticsearch Test Org
|
||||
localityName_default = Amsterdam
|
||||
stateOrProvinceName_default = Amsterdam
|
||||
countryName_default = NL
|
||||
emailAddress_default = cacerttest@YOUR.COMPANY.TLD
|
||||
[ v3_ca ]
|
||||
basicConstraints = CA:TRUE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer:always
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash</echo>
|
||||
<exec executable="openssl" failonerror="true">
|
||||
<arg value="req"/>
|
||||
<arg value="-new"/>
|
||||
<arg value="-x509"/>
|
||||
<arg value="-extensions"/>
|
||||
<arg value="v3_ca"/>
|
||||
<arg value="-keyout"/>
|
||||
<arg value="${integ.scratch}/ca/private/cakey.pem"/>
|
||||
<arg value="-out"/>
|
||||
<arg value="${integ.scratch}/ca/certs/cacert.pem"/>
|
||||
<arg value="-days"/>
|
||||
<arg value="1460"/>
|
||||
<arg value="-config"/>
|
||||
<arg value="${integ.scratch}/ca/conf/caconfig.cnf"/>
|
||||
<arg value="-subj"/>
|
||||
<arg value="/OU=XPlugins QA"/>
|
||||
<arg value="-passout"/>
|
||||
<arg value="pass:capass"/>
|
||||
</exec>
|
||||
</target>
|
||||
|
||||
<target name="create-key">
|
||||
<local name="parent.dir"/>
|
||||
<dirname file="${keystore.path}" property="parent.dir" />
|
||||
<mkdir dir="${parent.dir}"/>
|
||||
<exec executable="keytool" failonerror="true"
|
||||
inputstring="FirstName LastName
Unit
Organization
City
State
NL
yes

">
|
||||
<arg value="-genkey"/>
|
||||
<arg value="-alias"/>
|
||||
<arg value="test-node"/>
|
||||
<arg value="-keystore"/>
|
||||
<arg value="${keystore.path}"/>
|
||||
<arg value="-keyalg"/>
|
||||
<arg value="RSA"/>
|
||||
<arg value="-keysize"/>
|
||||
<arg value="2048"/>
|
||||
<arg value="-validity"/>
|
||||
<arg value="712"/>
|
||||
<arg value="-ext"/>
|
||||
<arg value="san=dns:localhost,ip:127.0.0.1"/>
|
||||
<arg value="-storepass"/>
|
||||
<arg value="keypass"/>
|
||||
</exec>
|
||||
</target>
|
||||
|
||||
<target name="create-certificate" depends="create-key">
|
||||
<mkdir dir="${integ.scratch}/cert"/>
|
||||
<exec executable="keytool" failonerror="true"
|
||||
inputstring="keypass
">
|
||||
<arg value="-certreq"/>
|
||||
<arg value="-alias"/>
|
||||
<arg value="test-node"/>
|
||||
<arg value="-keystore"/>
|
||||
<arg value="${keystore.path}"/>
|
||||
<arg value="-file"/>
|
||||
<arg value="${integ.scratch}/cert/test-node.csr"/>
|
||||
<arg value="-keyalg"/>
|
||||
<arg value="RSA"/>
|
||||
<arg value="-ext"/>
|
||||
<arg value="san=dns:localhost,ip:127.0.0.1"/>
|
||||
</exec>
|
||||
</target>
|
||||
|
||||
<target name="sign-certificate" depends="create-certificate,create-certificate-authority">
|
||||
<exec executable="openssl" failonerror="true"
|
||||
inputstring="y
y
">
|
||||
<arg value="ca"/>
|
||||
<arg value="-in"/>
|
||||
<arg value="${integ.scratch}/cert/test-node.csr"/>
|
||||
<arg value="-notext"/>
|
||||
<arg value="-out"/>
|
||||
<arg value="${integ.scratch}/cert/test-node-signed.csr"/>
|
||||
<arg value="-config"/>
|
||||
<arg value="${integ.scratch}/ca/conf/caconfig.cnf"/>
|
||||
<arg value="-extensions"/>
|
||||
<arg value="v3_req"/>
|
||||
<arg value="-passin"/>
|
||||
<arg value="pass:capass"/>
|
||||
</exec>
|
||||
</target>
|
||||
|
||||
<target name="import-certificate" depends="sign-certificate">
|
||||
<exec executable="keytool" failonerror="true"
|
||||
inputstring="keypass
yes
">
|
||||
<arg value="-importcert"/>
|
||||
<arg value="-keystore"/>
|
||||
<arg value="${keystore.path}"/>
|
||||
<arg value="-file"/>
|
||||
<arg value="${integ.scratch}/cert/test-node-signed.csr"/>
|
||||
<arg value="-trustcacerts"/>
|
||||
</exec>
|
||||
</target>
|
||||
|
||||
<target name="generate-keystore" depends="import-certificate"/>
|
||||
|
||||
</project>
|
||||
Loading…
Reference in New Issue