Test: use TLS for plugin integ tests
Original commit: elastic/x-pack-elasticsearch@99971d7256
This commit is contained in:
jaymode
parent
57de66476c
commit
8997792875
|
|
@ -1,3 +1,4 @@
|
||||||
|
import org.elasticsearch.gradle.LoggedExec
|
||||||
import org.elasticsearch.gradle.MavenFilteringHack
|
import org.elasticsearch.gradle.MavenFilteringHack
|
||||||
import org.elasticsearch.gradle.test.NodeInfo
|
import org.elasticsearch.gradle.test.NodeInfo
|
||||||
|
|
||||||
|
|
@ -198,7 +199,39 @@ integTestRunner {
|
||||||
systemProperty 'tests.rest.blacklist', 'getting_started/10_monitor_cluster_health/*'
|
systemProperty 'tests.rest.blacklist', 'getting_started/10_monitor_cluster_health/*'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// location of generated keystores and certificates
|
||||||
|
File keystoreDir = new File(project.buildDir, 'keystore')
|
||||||
|
|
||||||
|
// Generate the node's keystore
|
||||||
|
File nodeKeystore = new File(keystoreDir, 'test-node.jks')
|
||||||
|
task createNodeKeyStore(type: LoggedExec) {
|
||||||
|
doFirst {
|
||||||
|
if (nodeKeystore.parentFile.exists() == false) {
|
||||||
|
nodeKeystore.parentFile.mkdirs()
|
||||||
|
}
|
||||||
|
if (nodeKeystore.exists()) {
|
||||||
|
delete nodeKeystore
|
||||||
|
}
|
||||||
|
}
|
||||||
|
executable = new File(project.javaHome, 'bin/keytool')
|
||||||
|
standardInput = new ByteArrayInputStream('FirstName LastName\nUnit\nOrganization\nCity\nState\nNL\nyes\n\n'.getBytes('UTF-8'))
|
||||||
|
args '-genkey',
|
||||||
|
'-alias', 'test-node',
|
||||||
|
'-keystore', nodeKeystore,
|
||||||
|
'-keyalg', 'RSA',
|
||||||
|
'-keysize', '2048',
|
||||||
|
'-validity', '712',
|
||||||
|
'-dname', 'CN=smoke-test-plugins-ssl',
|
||||||
|
'-keypass', 'keypass',
|
||||||
|
'-storepass', 'keypass'
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add keystores to test classpath: it expects it there
|
||||||
|
sourceSets.test.resources.srcDir(keystoreDir)
|
||||||
|
processTestResources.dependsOn(createNodeKeyStore)
|
||||||
|
|
||||||
integTestCluster {
|
integTestCluster {
|
||||||
|
dependsOn createNodeKeyStore
|
||||||
setting 'xpack.ml.enabled', 'true'
|
setting 'xpack.ml.enabled', 'true'
|
||||||
setting 'logger.org.elasticsearch.xpack.ml.datafeed', 'TRACE'
|
setting 'logger.org.elasticsearch.xpack.ml.datafeed', 'TRACE'
|
||||||
// Integration tests are supposed to enable/disable exporters before/after each test
|
// Integration tests are supposed to enable/disable exporters before/after each test
|
||||||
|
|
@ -206,11 +239,17 @@ integTestCluster {
|
||||||
setting 'xpack.monitoring.exporters._local.enabled', 'false'
|
setting 'xpack.monitoring.exporters._local.enabled', 'false'
|
||||||
setting 'xpack.monitoring.collection.interval', '-1'
|
setting 'xpack.monitoring.collection.interval', '-1'
|
||||||
setting 'xpack.security.authc.token.enabled', 'true'
|
setting 'xpack.security.authc.token.enabled', 'true'
|
||||||
|
setting 'xpack.security.transport.ssl.enabled', 'true'
|
||||||
|
setting 'xpack.security.transport.ssl.keystore.path', nodeKeystore.name
|
||||||
|
setting 'xpack.security.transport.ssl.verification_mode', 'certificate'
|
||||||
keystoreSetting 'bootstrap.password', 'x-pack-test-password'
|
keystoreSetting 'bootstrap.password', 'x-pack-test-password'
|
||||||
|
keystoreSetting 'xpack.security.transport.ssl.keystore.secure_password', 'keypass'
|
||||||
distribution = 'zip' // this is important since we use the reindex module in ML
|
distribution = 'zip' // this is important since we use the reindex module in ML
|
||||||
|
|
||||||
setupCommand 'setupTestUser', 'bin/x-pack/users', 'useradd', 'x_pack_rest_user', '-p', 'x-pack-test-password', '-r', 'superuser'
|
setupCommand 'setupTestUser', 'bin/x-pack/users', 'useradd', 'x_pack_rest_user', '-p', 'x-pack-test-password', '-r', 'superuser'
|
||||||
|
|
||||||
|
extraConfigFile nodeKeystore.name, nodeKeystore
|
||||||
|
|
||||||
waitCondition = { NodeInfo node, AntBuilder ant ->
|
waitCondition = { NodeInfo node, AntBuilder ant ->
|
||||||
File tmpFile = new File(node.cwd, 'wait.success')
|
File tmpFile = new File(node.cwd, 'wait.success')
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ import org.elasticsearch.cluster.ClusterModule;
|
||||||
import org.elasticsearch.cluster.ClusterState;
|
import org.elasticsearch.cluster.ClusterState;
|
||||||
import org.elasticsearch.cluster.metadata.MetaData;
|
import org.elasticsearch.cluster.metadata.MetaData;
|
||||||
import org.elasticsearch.common.bytes.BytesArray;
|
import org.elasticsearch.common.bytes.BytesArray;
|
||||||
|
import org.elasticsearch.common.io.PathUtils;
|
||||||
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
|
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
|
|
@ -60,6 +61,8 @@ import org.elasticsearch.xpack.security.Security;
|
||||||
import org.elasticsearch.xpack.security.authc.TokenMetaData;
|
import org.elasticsearch.xpack.security.authc.TokenMetaData;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.net.URISyntaxException;
|
||||||
|
import java.nio.file.Path;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
@ -80,10 +83,20 @@ abstract class MlNativeAutodetectIntegTestCase extends SecurityIntegTestCase {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Settings externalClusterClientSettings() {
|
protected Settings externalClusterClientSettings() {
|
||||||
|
Path keyStore;
|
||||||
|
try {
|
||||||
|
keyStore = PathUtils.get(getClass().getResource("/test-node.jks").toURI());
|
||||||
|
} catch (URISyntaxException e) {
|
||||||
|
throw new IllegalStateException("error trying to get keystore path", e);
|
||||||
|
}
|
||||||
Settings.Builder builder = Settings.builder();
|
Settings.Builder builder = Settings.builder();
|
||||||
builder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME4);
|
builder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME4);
|
||||||
builder.put(Security.USER_SETTING.getKey(), "x_pack_rest_user:" + SecuritySettingsSource.TEST_PASSWORD_SECURE_STRING);
|
builder.put(Security.USER_SETTING.getKey(), "x_pack_rest_user:" + SecuritySettingsSource.TEST_PASSWORD_SECURE_STRING);
|
||||||
builder.put(XPackSettings.MACHINE_LEARNING_ENABLED.getKey(), true);
|
builder.put(XPackSettings.MACHINE_LEARNING_ENABLED.getKey(), true);
|
||||||
|
builder.put("xpack.security.transport.ssl.enabled", true);
|
||||||
|
builder.put("xpack.security.transport.ssl.keystore.path", keyStore.toAbsolutePath().toString());
|
||||||
|
builder.put("xpack.security.transport.ssl.keystore.password", "keypass");
|
||||||
|
builder.put("xpack.security.transport.ssl.verification_mode", "certificate");
|
||||||
return builder.build();
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue