Test: tests that use security index should not delete template
Tests that rely on the security index and security index template being present should not remove the template between tests as this can cause test failures. The template upgrade service relies on cluster state updates to trigger the template being added after a delete, but there is a scenario where the test will just wait for template that never shows up as there is no cluster state update in that time. Instead of fighting ourselves, we should just leave the template in place. Relates elastic/x-pack-elasticsearch#2915 Relates elastic/x-pack-elasticsearch#2911 Original commit: elastic/x-pack-elasticsearch@3ca4aef0be
This commit is contained in:
jaymode
parent
a8997387b7
commit
f1f1be3927
|
|
@ -17,10 +17,12 @@ import org.elasticsearch.common.logging.ESLoggerFactory;
|
|||
import org.elasticsearch.common.settings.MockSecureSettings;
|
||||
import org.elasticsearch.common.settings.SecureString;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.set.Sets;
|
||||
import org.elasticsearch.common.xcontent.XContentType;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||
import org.elasticsearch.test.SecuritySettingsSource;
|
||||
import org.elasticsearch.xpack.security.SecurityLifecycleService;
|
||||
import org.elasticsearch.xpack.security.action.rolemapping.PutRoleMappingRequestBuilder;
|
||||
import org.elasticsearch.xpack.security.action.rolemapping.PutRoleMappingResponse;
|
||||
import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
|
||||
|
|
@ -42,6 +44,7 @@ import java.util.LinkedHashMap;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.function.Function;
|
||||
import java.util.function.Supplier;
|
||||
import java.util.stream.Collectors;
|
||||
|
|
@ -191,6 +194,13 @@ public abstract class AbstractAdLdapRealmTestCase extends SecurityIntegTestCase
|
|||
super.deleteSecurityIndex();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> excludeTemplates() {
|
||||
Set<String> templates = Sets.newHashSet(super.excludeTemplates());
|
||||
templates.add(SecurityLifecycleService.SECURITY_TEMPLATE_NAME); // don't remove the security index template
|
||||
return templates;
|
||||
}
|
||||
|
||||
private List<String> getRoleMappingContent(Function<RoleMappingEntry, String> contentFunction) {
|
||||
return getRoleMappingContent(contentFunction, AbstractAdLdapRealmTestCase.roleMappings);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,8 @@ import org.elasticsearch.client.RestClient;
|
|||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.SecureString;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.set.Sets;
|
||||
import org.elasticsearch.xpack.security.SecurityLifecycleService;
|
||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.xpack.security.client.SecurityClient;
|
||||
import org.elasticsearch.xpack.security.user.ElasticUser;
|
||||
|
|
@ -26,6 +28,7 @@ import org.junit.Before;
|
|||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* Test case with method to handle the starting and stopping the stores for native users and roles
|
||||
|
|
@ -59,6 +62,13 @@ public abstract class NativeRealmIntegTestCase extends SecurityIntegTestCase {
|
|||
.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> excludeTemplates() {
|
||||
Set<String> templates = Sets.newHashSet(super.excludeTemplates());
|
||||
templates.add(SecurityLifecycleService.SECURITY_TEMPLATE_NAME); // don't remove the security index template
|
||||
return templates;
|
||||
}
|
||||
|
||||
private SecureString reservedPassword = SecuritySettingsSource.TEST_PASSWORD_SECURE_STRING;
|
||||
|
||||
protected SecureString getReservedPassword() {
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.elasticsearch.common.settings.SecureString;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.common.util.set.Sets;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.env.NodeEnvironment;
|
||||
import org.elasticsearch.index.IndexNotFoundException;
|
||||
|
|
@ -141,7 +142,7 @@ public class SecurityTribeTests extends NativeRealmIntegTestCase {
|
|||
public void tearDownTribeNodeAndWipeCluster() throws Exception {
|
||||
if (cluster2 != null) {
|
||||
try {
|
||||
cluster2.wipe(Collections.emptySet());
|
||||
cluster2.wipe(Collections.singleton(SecurityLifecycleService.SECURITY_TEMPLATE_NAME));
|
||||
try {
|
||||
// this is a hack to clean up the .security index since only the XPackSecurity user or superusers can delete it
|
||||
final Client cluster2Client = cluster2.client().filterWithHeader(Collections.singletonMap("Authorization",
|
||||
|
|
|
|||
Loading…
Reference in New Issue