For the idp-fixture (OpenLDAP + SAML), we have been generating the CA as part of the provisioning steps for the VM and then adding it to the test resources for the gradle project.
This meant that test-resources were dependent on vagrant provision, and as a consequence vagrant would download and provision the box during precommit. A bad thing (TM)
This change introduces a pre-generated CA, which is supplied to the VM instead so the tests only depend on fixed resources.
(The SAML integration test still uses the generated IdP Metadata file, but it copies it as part integ-test cluster setup, and doesn't treat it as a gradle "test resource")
Original commit: elastic/x-pack-elasticsearch@a352bf2a1f
Introduces:
- SAML Realm
- REST & Transport actions to support SAML single signon / signout
- Tests for above
- More XML than you ever wanted to see.
Original commit: elastic/x-pack-elasticsearch@b0fe7bb652
If the currenct environment contains `JAVA_TOOLS` then the cli tests
will fail because they do not expect the notification about `JAVA_TOOLS`
that java prints to stdout. The clears the environment before starting
the CLI subprocess in an effort to remove the unexpected output.
Original commit: elastic/x-pack-elasticsearch@5729c1c09b
Previously I'd added tests for JDBC and CLI that I *thought* used SSL but they didn't! I wasn't careful...
Testing changes:
* Actually enable SSL/HTTPS in the `qa:sql:security:ssl` subproject.
* Rework how `RemoteCli` handles security. This allows us to configure SSL, the keystore, and the username and password in a much less error prone way.
* Fix up JDBC tests to properly use SSL.
* Allow the `CliFixture` to specify the keystore location.
* Switch `CliFixture` and `RemoteCli` from sending the password in the connection string to filling out the prompt for it.
* Have `CliFixture` also send the keystore password when a keystore is configured.
This makes the following production code changes:
* Allow the CLI to configure the keystore location with the `-k`/`-keystore_location` parameters.
* If the keystore location is configured then the CLI will prompt for the password.
* Allow the configuration of urls starting with `https`.
* Improve the exception thrown when the URL doesn't parse by adding a suppressed exception with the original parse error, before we tried to add `http://` to the front of it.
Original commit: elastic/x-pack-elasticsearch@97fac4a3b4
The CI tests are failing when everything works locally. It *looks*
like we are running the CLI in using autodetect mode and I expect
that Jenkins doens't *have* a terminal so It'll autodetect to
`dumb` which doesn't output encoding.
Original commit: elastic/x-pack-elasticsearch@a9075648a2
Builds on elastic/x-pack-elasticsearch#2403 to move all of sql's integration testing into
qa modules with different running server configurations. The
big advantage of this is that it allows us to test the cli and
jdbc with security present.
Creating a project that depends on both cli and jdbc and the
server has some prickly jar hell issues because cli and jdbc
package their dependencies in the jar. This works around it
in a few days:
1. Include only a single copy of the JDBC dependencies with
careful gradle work.
2. Do not include the CLI on the classpath at all and instead
run it externally.
I say "run it externally" rather than "fork it" because Elasticsearch
tests aren't allowed to fork other processes. This is forbidden
by seccomp on linux and seatbelt on osx and cannot be explicitly
requested like additional security manager settings. So instead
of forking the CLI process directly the tests interact with a test
fixture that isn't bound by Elasticsearch's rules and *can* fork
it.
This forking of the CLI has a nice side effect: it forces us to
make sure that things like security and connection strings other
than `localhost:9200` work. The old test could and did work around
missing features like that. The new tests cannot so I added the
ability to set the connection string. Configuring usernames and
passwords was also not supported but I did not add support for
that, only created the failing test and marked it as `@AwaitsFix`.
Original commit: elastic/x-pack-elasticsearch@560c6815e3
This commit re-enables the OpenLDAP tests that were previously running against a one-off instance
in AWS but now run against a vagrant fixture. There were some IntegTests that would run against the
OpenLDAP instance randomly but with this change they no longer run against OpenLDAP. This is ok as
the functionality that is tested by these has coverage elsewhere.
relates elastic/x-pack-elasticsearch#1823
Original commit: elastic/x-pack-elasticsearch@ac9bc82297
Tim Vernum
Lee Hinman
Igor Motov
Costin Leau
Nik Everett
Costin Leau
Jay Modi