honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Backport: convert x pack qa (#43763) 

* Revert "Revert "Test clusters: convert x-pack qa tests (#43283)" (#43549)"

This reverts commit 8d9a971259.

* Fix failing test
This commit is contained in:
Alpar Torok 2019-07-01 10:38:56 +03:00 committed by GitHub
parent 3bdb9d5f08
commit 717d14a7e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 138 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
x-pack/qa/core-rest-tests-with-security/build.gradle
View File

@ -1,3 +1,4 @@
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -7,39 +8,27 @@ dependencies {
integTest { integTest {
includePackaged = true includePackaged = true
runner {
systemProperty 'tests.rest.blacklist',
[
'index/10_with_id/Index with ID',
'indices.get_alias/10_basic/Get alias against closed indices'
].join(',')
systemProperty 'tests.rest.cluster.username', System.getProperty('tests.rest.cluster.username', 'test_user')
systemProperty 'tests.rest.cluster.password', System.getProperty('tests.rest.cluster.password', 'x-pack-test-password')
}
} }
integTestRunner { testClusters.integTest {
systemProperty 'tests.rest.blacklist', distribution = "DEFAULT"
[
'index/10_with_id/Index with ID',
'indices.get_alias/10_basic/Get alias against closed indices'
].join(',')
systemProperty 'tests.rest.cluster.username', System.getProperty('tests.rest.cluster.username', 'test_user')
systemProperty 'tests.rest.cluster.password', System.getProperty('tests.rest.cluster.password', 'x-pack-test-password')
}
integTestCluster {
setting 'xpack.ilm.enabled', 'false' setting 'xpack.ilm.enabled', 'false'
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
setting 'xpack.watcher.enabled', 'false' setting 'xpack.watcher.enabled', 'false'
setting 'xpack.monitoring.enabled', 'false' setting 'xpack.monitoring.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
setupCommand 'setupDummyUser',
'bin/elasticsearch-users', user username: System.getProperty('tests.rest.cluster.username', 'test_user'),
'useradd', System.getProperty('tests.rest.cluster.username', 'test_user'), password: System.getProperty('tests.rest.cluster.password', 'x-pack-test-password')
'-p', System.getProperty('tests.rest.cluster.password', 'x-pack-test-password'),
'-r', 'superuser'
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_user',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
} }

69
x-pack/qa/multi-cluster-search-security/build.gradle
View File

@ -1,76 +1,59 @@
import org.elasticsearch.gradle.test.RestIntegTestTask import org.elasticsearch.gradle.test.RestIntegTestTask
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-test' apply plugin: 'elasticsearch.standalone-test'
dependencies { dependencies {
testCompile project(':x-pack:qa') testCompile project(':x-pack:qa')
} }
task remoteClusterTest(type: RestIntegTestTask) { task 'remote-cluster'(type: RestIntegTestTask) {
mustRunAfter(precommit) mustRunAfter(precommit)
runner {
systemProperty 'tests.rest.suite', 'remote_cluster'
}
} }
remoteClusterTestCluster { testClusters.'remote-cluster' {
numNodes = 2 distribution = "DEFAULT"
clusterName = 'remote-cluster' numberOfNodes = 2
setting 'cluster.remote.connect', false setting 'cluster.remote.connect', "false"
setting 'xpack.ilm.enabled', 'false' setting 'xpack.ilm.enabled', 'false'
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
setting 'xpack.watcher.enabled', 'false' setting 'xpack.watcher.enabled', 'false'
setting 'xpack.monitoring.enabled', 'false' setting 'xpack.monitoring.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
setupCommand 'setupDummyUser',
'bin/elasticsearch-users', 'useradd', 'test_user', '-p', 'x-pack-test-password', '-r', 'superuser' user username: "test_user", password: "x-pack-test-password"
waitCondition = { node, ant -> }
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow", task 'mixed-cluster'(type: RestIntegTestTask) {
dest: tmpFile.toString(), dependsOn 'remote-cluster'
username: 'test_user', runner {
password: 'x-pack-test-password', useCluster testClusters.'remote-cluster'
ignoreerrors: true, systemProperty 'tests.rest.suite', 'multi_cluster'
retries: 10)
return tmpFile.exists()
} }
} }
remoteClusterTestRunner { testClusters.'mixed-cluster' {
systemProperty 'tests.rest.suite', 'remote_cluster' distribution = "DEFAULT"
}
task mixedClusterTest(type: RestIntegTestTask) {}
mixedClusterTestCluster {
dependsOn remoteClusterTestRunner
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
setting 'xpack.watcher.enabled', 'false' setting 'xpack.watcher.enabled', 'false'
setting 'xpack.monitoring.enabled', 'false' setting 'xpack.monitoring.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
setupCommand 'setupDummyUser', setting 'cluster.remote.my_remote_cluster.seeds', {
'bin/elasticsearch-users', 'useradd', 'test_user', '-p', 'x-pack-test-password', '-r', 'superuser' testClusters.'remote-cluster'.getAllTransportPortURI().collect { "\"$it\"" }.toString()
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_user',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
} }
setting 'cluster.remote.my_remote_cluster.seeds', "\"${-> remoteClusterTest.nodes.get(0).transportUri()}\"" setting 'cluster.remote.connections_per_cluster', "1"
setting 'cluster.remote.connections_per_cluster', 1 setting 'cluster.remote.connect', "true"
setting 'cluster.remote.connect', true
}
mixedClusterTestRunner { user username: "test_user", password: "x-pack-test-password"
systemProperty 'tests.rest.suite', 'multi_cluster'
finalizedBy 'remoteClusterTestCluster#node0.stop','remoteClusterTestCluster#node1.stop'
} }
task integTest { task integTest {
dependsOn = [mixedClusterTest] dependsOn 'mixed-cluster'
} }
test.enabled = false // no unit tests for multi-cluster-search, only the rest integration test test.enabled = false // no unit tests for multi-cluster-search, only the rest integration test

23
x-pack/qa/multi-node/build.gradle
View File

@ -1,3 +1,4 @@
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -5,26 +6,16 @@ dependencies {
testCompile project(':x-pack:qa') testCompile project(':x-pack:qa')
} }
integTestCluster { testClusters.integTest {
numNodes = 2 distribution = 'DEFAULT'
clusterName = 'multi-node' numberOfNodes = 2
setting 'xpack.ilm.enabled', 'false' setting 'xpack.ilm.enabled', 'false'
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
setting 'xpack.watcher.enabled', 'false' setting 'xpack.watcher.enabled', 'false'
setting 'xpack.monitoring.enabled', 'false' setting 'xpack.monitoring.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
extraConfigFile 'roles.yml', 'roles.yml' extraConfigFile 'roles.yml', file('roles.yml')
setupCommand 'setup-test-user', 'bin/elasticsearch-users', 'useradd', 'test-user', '-p', 'x-pack-test-password', '-r', 'test' user username: "test-user", password: "x-pack-test-password", role: "test"
setupCommand 'setup-super-user', 'bin/elasticsearch-users', 'useradd', 'super-user', '-p', 'x-pack-super-password', '-r', 'superuser' user username: "super-user", password: "x-pack-super-password"
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'super-user',
password: 'x-pack-super-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
} }

39
x-pack/qa/oidc-op-tests/build.gradle
View File

@ -1,5 +1,6 @@
Project idpFixtureProject = xpackProject("test:idp-fixture") Project idpFixtureProject = xpackProject("test:idp-fixture")
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
apply plugin: 'elasticsearch.test.fixtures' apply plugin: 'elasticsearch.test.fixtures'
@ -21,8 +22,12 @@ task setupPorts {
} }
} }
integTestCluster { integTest.runner {
dependsOn setupPorts dependsOn setupPorts
}
testClusters.integTest {
distribution = 'DEFAULT'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
setting 'xpack.security.http.ssl.enabled', 'false' setting 'xpack.security.http.ssl.enabled', 'false'
@ -32,13 +37,13 @@ integTestCluster {
// OpenID Connect Realm 1 configured for authorization grant flow // OpenID Connect Realm 1 configured for authorization grant flow
setting 'xpack.security.authc.realms.oidc.c2id.order', '2' setting 'xpack.security.authc.realms.oidc.c2id.order', '2'
setting 'xpack.security.authc.realms.oidc.c2id.op.issuer', 'http://localhost:8080' setting 'xpack.security.authc.realms.oidc.c2id.op.issuer', 'http://localhost:8080'
setting 'xpack.security.authc.realms.oidc.c2id.op.authorization_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id-login" setting 'xpack.security.authc.realms.oidc.c2id.op.authorization_endpoint', { "http://127.0.0.1:${ephemeralPort}/c2id-login" }
setting 'xpack.security.authc.realms.oidc.c2id.op.token_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id/token" setting 'xpack.security.authc.realms.oidc.c2id.op.token_endpoint', { "http://127.0.0.1:${ephemeralPort}/c2id/token" }
setting 'xpack.security.authc.realms.oidc.c2id.op.userinfo_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id/userinfo" setting 'xpack.security.authc.realms.oidc.c2id.op.userinfo_endpoint', { "http://127.0.0.1:${ephemeralPort}/c2id/userinfo" }
setting 'xpack.security.authc.realms.oidc.c2id.op.jwkset_path', 'op-jwks.json' setting 'xpack.security.authc.realms.oidc.c2id.op.jwkset_path', 'op-jwks.json'
setting 'xpack.security.authc.realms.oidc.c2id.rp.redirect_uri', 'https://my.fantastic.rp/cb' setting 'xpack.security.authc.realms.oidc.c2id.rp.redirect_uri', 'https://my.fantastic.rp/cb'
setting 'xpack.security.authc.realms.oidc.c2id.rp.client_id', 'elasticsearch-rp' setting 'xpack.security.authc.realms.oidc.c2id.rp.client_id', 'elasticsearch-rp'
keystoreSetting 'xpack.security.authc.realms.oidc.c2id.rp.client_secret', 'b07efb7a1cf6ec9462afe7b6d3ab55c6c7880262aa61ac28dded292aca47c9a2' keystore 'xpack.security.authc.realms.oidc.c2id.rp.client_secret', 'b07efb7a1cf6ec9462afe7b6d3ab55c6c7880262aa61ac28dded292aca47c9a2'
setting 'xpack.security.authc.realms.oidc.c2id.rp.response_type', 'code' setting 'xpack.security.authc.realms.oidc.c2id.rp.response_type', 'code'
setting 'xpack.security.authc.realms.oidc.c2id.claims.principal', 'sub' setting 'xpack.security.authc.realms.oidc.c2id.claims.principal', 'sub'
setting 'xpack.security.authc.realms.oidc.c2id.claims.name', 'name' setting 'xpack.security.authc.realms.oidc.c2id.claims.name', 'name'
@ -47,13 +52,13 @@ integTestCluster {
// OpenID Connect Realm 2 configured for implicit flow // OpenID Connect Realm 2 configured for implicit flow
setting 'xpack.security.authc.realms.oidc.c2id-implicit.order', '3' setting 'xpack.security.authc.realms.oidc.c2id-implicit.order', '3'
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.issuer', 'http://localhost:8080' setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.issuer', 'http://localhost:8080'
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.authorization_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id-login" setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.authorization_endpoint', { "http://127.0.0.1:${ephemeralPort}/c2id-login" }
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.token_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id/token" setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.token_endpoint', { "http://127.0.0.1:${ephemeralPort}/c2id/token" }
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.userinfo_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id/userinfo" setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.userinfo_endpoint', { "http://127.0.0.1:${ephemeralPort}/c2id/userinfo" }
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.jwkset_path', 'op-jwks.json' setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.jwkset_path', 'op-jwks.json'
setting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.redirect_uri', 'https://my.fantastic.rp/cb' setting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.redirect_uri', 'https://my.fantastic.rp/cb'
setting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.client_id', 'elasticsearch-rp' setting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.client_id', 'elasticsearch-rp'
keystoreSetting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.client_secret', 'b07efb7a1cf6ec9462afe7b6d3ab55c6c7880262aa61ac28dded292aca47c9a2' keystore 'xpack.security.authc.realms.oidc.c2id-implicit.rp.client_secret', 'b07efb7a1cf6ec9462afe7b6d3ab55c6c7880262aa61ac28dded292aca47c9a2'
setting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.response_type', 'id_token token' setting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.response_type', 'id_token token'
setting 'xpack.security.authc.realms.oidc.c2id-implicit.claims.principal', 'sub' setting 'xpack.security.authc.realms.oidc.c2id-implicit.claims.principal', 'sub'
setting 'xpack.security.authc.realms.oidc.c2id-implicit.claims.name', 'name' setting 'xpack.security.authc.realms.oidc.c2id-implicit.claims.name', 'name'
@ -63,19 +68,7 @@ integTestCluster {
extraConfigFile 'op-jwks.json', idpFixtureProject.file("oidc/op-jwks.json") extraConfigFile 'op-jwks.json', idpFixtureProject.file("oidc/op-jwks.json")
setupCommand 'setupTestAdmin', user username: "test_admin", password: "x-pack-test-password"
'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser"
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_admin',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
} }
thirdPartyAudit.enabled = false thirdPartyAudit.enabled = false

82
x-pack/qa/saml-idp-tests/build.gradle
View File

@ -1,6 +1,6 @@
Project idpFixtureProject = xpackProject("test:idp-fixture") Project idpFixtureProject = xpackProject("test:idp-fixture")
evaluationDependsOn(idpFixtureProject.path)
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
apply plugin: 'elasticsearch.test.fixtures' apply plugin: 'elasticsearch.test.fixtures'
@ -21,10 +21,12 @@ project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpFiles)
task setupPorts { task setupPorts {
dependsOn copyIdpFiles, idpFixtureProject.postProcessFixture dependsOn copyIdpFiles, idpFixtureProject.postProcessFixture
// Don't attempt to get ephemeral ports when Docker is not available
onlyIf { idpFixtureProject.postProcessFixture.enabled }
doLast { doLast {
String portString = idpFixtureProject.postProcessFixture.ext."test.fixtures.shibboleth-idp.tcp.4443" String portString = idpFixtureProject.postProcessFixture.ext."test.fixtures.shibboleth-idp.tcp.4443"
int ephemeralPort = Integer.valueOf(portString) int ephemeralPort = Integer.valueOf(portString)
File idpMetaFile = file(outputDir + '/idp-metadata.xml') File idpMetaFile = file("$outputDir/idp-metadata.xml")
List<String> lines = idpMetaFile.readLines("UTF-8") List<String> lines = idpMetaFile.readLines("UTF-8")
StringBuilder content = new StringBuilder() StringBuilder content = new StringBuilder()
for (String line : lines) { for (String line : lines) {
@ -35,56 +37,44 @@ task setupPorts {
idpMetaFile.write(content.toString(), "UTF-8") idpMetaFile.write(content.toString(), "UTF-8")
} }
} }
// Don't attempt to get ephemeral ports when Docker is not available
setupPorts.onlyIf { idpFixtureProject.postProcessFixture.enabled }
integTestCluster.dependsOn setupPorts
integTestCluster { integTest.runner.dependsOn setupPorts
setting 'xpack.license.self_generated.type', 'trial'
setting 'xpack.security.enabled', 'true'
setting 'xpack.security.http.ssl.enabled', 'false'
setting 'xpack.security.authc.token.enabled', 'true'
setting 'xpack.security.authc.realms.file.file.order', '0'
// SAML realm 1 (no authorization_realms)
setting 'xpack.security.authc.realms.saml.shibboleth.order', '1'
setting 'xpack.security.authc.realms.saml.shibboleth.idp.entity_id', 'https://test.shibboleth.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth.idp.metadata.path', 'idp-metadata.xml'
setting 'xpack.security.authc.realms.saml.shibboleth.sp.entity_id', 'http://mock1.http.elastic.local/'
// The port in the ACS URL is fake - the test will bind the mock webserver
// to a random port and then whenever it needs to connect to a URL on the
// mock webserver it will replace 54321 with the real port
setting 'xpack.security.authc.realms.saml.shibboleth.sp.acs', 'http://localhost:54321/saml/acs1'
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.principal', 'uid'
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.name', 'urn:oid:2.5.4.3'
// SAML realm 2 (uses authorization_realms)
setting 'xpack.security.authc.realms.saml.shibboleth_native.order', '2'
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.entity_id', 'https://test.shibboleth.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.metadata.path', 'idp-metadata.xml'
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.entity_id', 'http://mock2.http.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.acs', 'http://localhost:54321/saml/acs2'
setting 'xpack.security.authc.realms.saml.shibboleth_native.attributes.principal', 'uid'
setting 'xpack.security.authc.realms.saml.shibboleth_native.authorization_realms', 'native'
setting 'xpack.security.authc.realms.native.native.order', '3'
setting 'xpack.ml.enabled', 'false' testClusters.integTest {
setting 'logger.org.elasticsearch.xpack.security', 'TRACE' distribution = "DEFAULT"
setting 'xpack.license.self_generated.type', 'trial'
setting 'xpack.security.enabled', 'true'
setting 'xpack.security.http.ssl.enabled', 'false'
setting 'xpack.security.authc.token.enabled', 'true'
setting 'xpack.security.authc.realms.file.file.order', '0'
// SAML realm 1 (no authorization_realms)
setting 'xpack.security.authc.realms.saml.shibboleth.order', '1'
setting 'xpack.security.authc.realms.saml.shibboleth.idp.entity_id', 'https://test.shibboleth.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth.idp.metadata.path', 'idp-metadata.xml'
setting 'xpack.security.authc.realms.saml.shibboleth.sp.entity_id', 'http://mock1.http.elastic.local/'
// The port in the ACS URL is fake - the test will bind the mock webserver
// to a random port and then whenever it needs to connect to a URL on the
// mock webserver it will replace 54321 with the real port
setting 'xpack.security.authc.realms.saml.shibboleth.sp.acs', 'http://localhost:54321/saml/acs1'
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.principal', 'uid'
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.name', 'urn:oid:2.5.4.3'
// SAML realm 2 (uses authorization_realms)
setting 'xpack.security.authc.realms.saml.shibboleth_native.order', '2'
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.entity_id', 'https://test.shibboleth.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.metadata.path', 'idp-metadata.xml'
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.entity_id', 'http://mock2.http.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.acs', 'http://localhost:54321/saml/acs2'
setting 'xpack.security.authc.realms.saml.shibboleth_native.attributes.principal', 'uid'
setting 'xpack.security.authc.realms.saml.shibboleth_native.authorization_realms', 'native'
setting 'xpack.security.authc.realms.native.native.order', '3'
extraConfigFile 'idp-metadata.xml', file(outputDir + "/idp-metadata.xml") setting 'xpack.ml.enabled', 'false'
setting 'logger.org.elasticsearch.xpack.security', 'TRACE'
setupCommand 'setupTestAdmin', extraConfigFile 'idp-metadata.xml', file(outputDir + "/idp-metadata.xml")
'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser"
waitCondition = { node, ant -> user username: "test_admin", password: 'x-pack-test-password'
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_admin',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
} }
forbiddenPatterns { forbiddenPatterns {

31
x-pack/qa/security-example-spi-extension/build.gradle
View File

@ -1,3 +1,4 @@
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.esplugin' apply plugin: 'elasticsearch.esplugin'
esplugin { esplugin {
@ -13,12 +14,17 @@ dependencies {
} }
integTestRunner { integTest.runner {
dependsOn buildZip
systemProperty 'tests.security.manager', 'false' systemProperty 'tests.security.manager', 'false'
} }
integTestCluster { testClusters.integTest {
dependsOn buildZip // This is important, so that all the modules are available too.
// There are index templates that use token filters that are in analysis-module and
// processors are being used that are in ingest-common module.
distribution = 'default'
setting 'xpack.security.authc.realms.custom.custom.order', '0' setting 'xpack.security.authc.realms.custom.custom.order', '0'
setting 'xpack.security.authc.realms.custom.custom.filtered_setting', 'should be filtered' setting 'xpack.security.authc.realms.custom.custom.filtered_setting', 'should be filtered'
setting 'xpack.security.authc.realms.file.esusers.order', '1' setting 'xpack.security.authc.realms.file.esusers.order', '1'
@ -29,22 +35,5 @@ integTestCluster {
setting 'xpack.monitoring.enabled', 'false' setting 'xpack.monitoring.enabled', 'false'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
// This is important, so that all the modules are available too. user username: "test_user", password: "x-pack-test-password"
// There are index templates that use token filters that are in analysis-module and
// processors are being used that are in ingest-common module.
distribution = 'default'
setupCommand 'setupDummyUser',
'bin/elasticsearch-users', 'useradd', 'test_user', '-p', 'x-pack-test-password', '-r', 'superuser'
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_user',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
} }
check.dependsOn integTest

22
x-pack/qa/security-setup-password-tests/build.gradle
View File

@ -1,3 +1,4 @@
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -7,24 +8,15 @@ dependencies {
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts') testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
} }
integTestRunner { integTest.runner {
nonInputProperties.systemProperty 'tests.config.dir', "${-> testClusters.integTest.singleNode().getConfigDir()}"
systemProperty 'tests.security.manager', 'false' systemProperty 'tests.security.manager', 'false'
// TODO add tests.config.dir = {cluster.singleNode().getConfigDir()} when converting to testclusters
} }
integTestCluster { testClusters.integTest {
setupCommand 'setupTestAdmin', distribution = "DEFAULT"
'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser"
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success') user username: "test_admin", password: "x-pack-test-password"
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_admin',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
} }

14
x-pack/qa/smoke-test-monitoring-with-watcher/build.gradle
View File

@ -1,3 +1,4 @@
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -5,21 +6,12 @@ dependencies {
testCompile project(':x-pack:qa') testCompile project(':x-pack:qa')
} }
integTestCluster { testClusters.integTest {
distribution = "DEFAULT"
setting 'xpack.ilm.enabled', 'false' setting 'xpack.ilm.enabled', 'false'
setting 'xpack.monitoring.enabled', 'true' setting 'xpack.monitoring.enabled', 'true'
setting 'xpack.watcher.enabled', 'true' setting 'xpack.watcher.enabled', 'true'
setting 'xpack.security.enabled', 'false' setting 'xpack.security.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
// exporter settings are configured dynamically in our tests
// configure a local exporter, the HTTP exporter is configured via dynamic settings change
//setting 'xpack.monitoring.exporters.my_local.type', 'local'
//setting 'xpack.monitoring.exporters.my_local.index.name.time_format', 'YYYY'
//setting 'xpack.monitoring.exporters.my_http.type', 'http'
//setting 'xpack.monitoring.exporters.my_http.host', 'http'
//setting 'xpack.monitoring.exporters.my_http.index.name.time_format', 'YYYY-MM'
// one of the exporters should configure cluster alerts
// setting 'xpack.monitoring.exporters.my_http.cluster_alerts.management.enabled', 'true'
} }

17
x-pack/qa/smoke-test-security-with-mustache/build.gradle
View File

@ -1,3 +1,4 @@
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -5,21 +6,11 @@ dependencies {
testCompile project(':x-pack:qa') testCompile project(':x-pack:qa')
} }
integTestCluster { testClusters.integTest {
distribution = "DEFAULT"
setting 'xpack.watcher.enabled', 'false' setting 'xpack.watcher.enabled', 'false'
setting 'xpack.monitoring.enabled', 'false' setting 'xpack.monitoring.enabled', 'false'
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
setupCommand 'setupDummyUser', user username: "test_admin", password: "x-pack-test-password"
'bin/elasticsearch-users', 'useradd', 'test_admin', '-p', 'x-pack-test-password', '-r', 'superuser'
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_admin',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
} }

32
x-pack/qa/smoke-test-watcher-with-security/build.gradle
View File

@ -1,3 +1,4 @@
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -12,8 +13,9 @@ task copyWatcherRestTests(type: Copy) {
include 'rest-api-spec/test/watcher/**' include 'rest-api-spec/test/watcher/**'
} }
integTestCluster { integTest.runner.dependsOn copyWatcherRestTests
dependsOn copyWatcherRestTests testClusters.integTest {
distribution = "DEFAULT"
setting 'xpack.ilm.enabled', 'false' setting 'xpack.ilm.enabled', 'false'
setting 'xpack.monitoring.enabled', 'false' setting 'xpack.monitoring.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
@ -22,25 +24,11 @@ integTestCluster {
setting 'xpack.notification.email.account._email.smtp.host', 'host.domain' setting 'xpack.notification.email.account._email.smtp.host', 'host.domain'
setting 'xpack.notification.email.account._email.smtp.port', '587' setting 'xpack.notification.email.account._email.smtp.port', '587'
setting 'xpack.notification.email.account._email.smtp.user', '_user' setting 'xpack.notification.email.account._email.smtp.user', '_user'
keystoreSetting 'xpack.notification.email.account._email.smtp.secure_password', '_passwd' keystore 'xpack.notification.email.account._email.smtp.secure_password', '_passwd'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
extraConfigFile 'roles.yml', 'roles.yml' extraConfigFile 'roles.yml', file('roles.yml')
setupCommand 'setupTestAdminUser', user username: "test_admin", password: "x-pack-test-password"
'bin/elasticsearch-users', 'useradd', 'test_admin', '-p', 'x-pack-test-password', '-r', 'superuser' user username: "x_pack_rest_user", password: "x-pack-test-password", role: "watcher_manager"
setupCommand 'setupXpackUserForTests', user username: "watcher_manager", password: "x-pack-test-password", role: "watcher_manager"
'bin/elasticsearch-users', 'useradd', 'x_pack_rest_user', '-p', 'x-pack-test-password', '-r', 'watcher_manager' user username: "powerless_user", password: "x-pack-test-password", role: "crappy_role"
setupCommand 'setupWatcherManagerUser',
'bin/elasticsearch-users', 'useradd', 'watcher_manager', '-p', 'x-pack-test-password', '-r', 'watcher_manager'
setupCommand 'setupPowerlessUser',
'bin/elasticsearch-users', 'useradd', 'powerless_user', '-p', 'x-pack-test-password', '-r', 'crappy_role'
waitCondition = { node, ant ->
File tmpFile = new File(node.cwd, 'wait.success')
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
dest: tmpFile.toString(),
username: 'test_admin',
password: 'x-pack-test-password',
ignoreerrors: true,
retries: 10)
return tmpFile.exists()
}
} }

8
x-pack/qa/smoke-test-watcher/build.gradle
View File

@ -1,3 +1,4 @@
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.rest-test'
@ -5,15 +6,12 @@ dependencies {
testCompile project(':x-pack:qa') testCompile project(':x-pack:qa')
} }
integTestCluster { testClusters.integTest {
distribution = "DEFAULT"
setting 'xpack.ilm.enabled', 'false' setting 'xpack.ilm.enabled', 'false'
setting 'xpack.security.enabled', 'false' setting 'xpack.security.enabled', 'false'
setting 'xpack.monitoring.enabled', 'false' setting 'xpack.monitoring.enabled', 'false'
setting 'xpack.ml.enabled', 'false' setting 'xpack.ml.enabled', 'false'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
setting 'logger.org.elasticsearch.xpack.watcher', 'DEBUG' setting 'logger.org.elasticsearch.xpack.watcher', 'DEBUG'
}
integTestRunner {
include "**/*Tests.class"
} }