[Test] Ensure IpFilteringIntegrationTests connects to the port that is bound
A range is provided for the client profile and the test assumes that the first port in the range is the port that the transport is bound to, which is not always true. This change makes the test use the actual port that the client profile is bound to. Closes elastic/elasticsearch#531 Original commit: elastic/x-pack-elasticsearch@05962702ed
This commit is contained in:
jaymode
parent
6908f6f155
commit
67928a57cb
|
|
@ -22,6 +22,7 @@ import java.io.OutputStream;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.net.Socket;
|
import java.net.Socket;
|
||||||
|
|
||||||
|
import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
||||||
import static org.hamcrest.Matchers.instanceOf;
|
import static org.hamcrest.Matchers.instanceOf;
|
||||||
|
|
@ -70,7 +71,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegrationTest {
|
||||||
@Test
|
@Test
|
||||||
public void testThatIpFilteringIsAppliedForProfile() throws Exception {
|
public void testThatIpFilteringIsAppliedForProfile() throws Exception {
|
||||||
try (Socket socket = new Socket()){
|
try (Socket socket = new Socket()){
|
||||||
trySocketConnection(socket, new InetSocketAddress("localhost", randomClientPort));
|
trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client", internalCluster())));
|
||||||
assertThat(socket.isClosed(), is(true));
|
assertThat(socket.isClosed(), is(true));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,6 @@ package org.elasticsearch.shield.transport.ssl;
|
||||||
|
|
||||||
import org.elasticsearch.client.transport.NoNodeAvailableException;
|
import org.elasticsearch.client.transport.NoNodeAvailableException;
|
||||||
import org.elasticsearch.client.transport.TransportClient;
|
import org.elasticsearch.client.transport.TransportClient;
|
||||||
import org.elasticsearch.common.netty.channel.Channel;
|
|
||||||
import org.elasticsearch.common.settings.ImmutableSettings;
|
import org.elasticsearch.common.settings.ImmutableSettings;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
||||||
|
|
@ -15,16 +14,13 @@ import org.elasticsearch.common.transport.TransportAddress;
|
||||||
import org.elasticsearch.test.ShieldIntegrationTest;
|
import org.elasticsearch.test.ShieldIntegrationTest;
|
||||||
import org.elasticsearch.test.ShieldSettingsSource;
|
import org.elasticsearch.test.ShieldSettingsSource;
|
||||||
import org.elasticsearch.transport.Transport;
|
import org.elasticsearch.transport.Transport;
|
||||||
import org.elasticsearch.transport.netty.NettyTransport;
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.lang.reflect.Field;
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
||||||
|
import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
import static org.hamcrest.CoreMatchers.is;
|
||||||
|
|
@ -83,7 +79,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
@Test(expected = NoNodeAvailableException.class)
|
@Test(expected = NoNodeAvailableException.class)
|
||||||
public void testThatStandardTransportClientCannotConnectToClientProfile() throws Exception {
|
public void testThatStandardTransportClientCannotConnectToClientProfile() throws Exception {
|
||||||
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
|
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getClientProfilePort()));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
|
||||||
transportClient.admin().cluster().prepareHealth().get();
|
transportClient.admin().cluster().prepareHealth().get();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -92,7 +88,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception {
|
public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception {
|
||||||
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
|
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
|
||||||
try (TransportClient transportClient = createTransportClient(settings)) {
|
try (TransportClient transportClient = createTransportClient(settings)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getClientProfilePort()));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -106,17 +102,4 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
transportClient.admin().cluster().prepareHealth().get();
|
transportClient.admin().cluster().prepareHealth().get();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* Gets the actual port that the client profile in this test environment is listening on as the randomClientPort
|
|
||||||
* may actually be bound by some other node
|
|
||||||
*/
|
|
||||||
private int getClientProfilePort() throws Exception {
|
|
||||||
NettyTransport transport = (NettyTransport) internalCluster().getInstance(Transport.class);
|
|
||||||
Field channels = NettyTransport.class.getDeclaredField("serverChannels");
|
|
||||||
channels.setAccessible(true);
|
|
||||||
Map<String, Channel> serverChannels = (Map<String, Channel>) channels.get(transport);
|
|
||||||
Channel clientProfileChannel = serverChannels.get("client");
|
|
||||||
return ((InetSocketAddress) clientProfileChannel.getLocalAddress()).getPort();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,39 @@
|
||||||
|
/*
|
||||||
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||||
|
* or more contributor license agreements. Licensed under the Elastic License;
|
||||||
|
* you may not use this file except in compliance with the Elastic License.
|
||||||
|
*/
|
||||||
|
package org.elasticsearch.shield.transport.support;
|
||||||
|
|
||||||
|
import org.elasticsearch.common.netty.channel.Channel;
|
||||||
|
import org.elasticsearch.test.InternalTestCluster;
|
||||||
|
import org.elasticsearch.transport.Transport;
|
||||||
|
import org.elasticsearch.transport.netty.NettyTransport;
|
||||||
|
|
||||||
|
import java.lang.reflect.Field;
|
||||||
|
import java.net.InetSocketAddress;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Utility class used to deal with profile support in Transport. This class should be removed once
|
||||||
|
* core has been fixed and Shield has been updated to depend on a version of core that is fixed.
|
||||||
|
*
|
||||||
|
* See <a href="https://github.com/elasticsearch/elasticsearch/pull/9134">https://github.com/elasticsearch/elasticsearch/pull/9134</a>
|
||||||
|
*/
|
||||||
|
public class TransportProfileUtil {
|
||||||
|
|
||||||
|
private TransportProfileUtil() {}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Gets the actual port that the profile is listening on. If a range was provided in the settings, then the first
|
||||||
|
* port may not be the port that was actually bound.
|
||||||
|
*/
|
||||||
|
public static int getProfilePort(String profile, InternalTestCluster internalTestCluster) throws Exception {
|
||||||
|
NettyTransport transport = (NettyTransport) internalTestCluster.getInstance(Transport.class);
|
||||||
|
Field channels = NettyTransport.class.getDeclaredField("serverChannels");
|
||||||
|
channels.setAccessible(true);
|
||||||
|
Map<String, Channel> serverChannels = (Map<String, Channel>) channels.get(transport);
|
||||||
|
Channel clientProfileChannel = serverChannels.get(profile);
|
||||||
|
return ((InetSocketAddress) clientProfileChannel.getLocalAddress()).getPort();
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue