Commit Graph

5 Commits

Author SHA1 Message Date
Tim Vernum e69c5d4d48 Add secure_bind_password to LDAP realm (elastic/x-pack-elasticsearch#4192)
Adds a SecureSetting option for the "bind_password" in LDAP/AD realms
and deprecates the non-secure version.

LDAP bind passwords should now be configured with the setting
`xpack.security.authc.realms.REALM_NAME.secure_bind_password`
in the elasticsearch keystore.

Original commit: elastic/x-pack-elasticsearch@1a0cebd77e
2018-03-29 16:31:45 +10:00
Alexander Reelsen 6eeacf339c Build: Use environment variables for credentials (elastic/x-pack-elasticsearch#4058)
The credentials now get injected via environment variables, so that
external services can pull those.

As soon as the specified environment variables are set, the tests are run. No need to check for the @Network annotation

This also introduces new secret store settings for the secure settings in order to be sure to not leak them in the configuration files, that get dumped.

Relates elastic/x-pack-elasticsearch#3800

Original commit: elastic/x-pack-elasticsearch@a2cfb9cb86
2018-03-26 09:10:04 +02:00
Jay Modi bccf988e9d Run active directory tests against a samba4 fixture (elastic/x-pack-elasticsearch#4067)
This commit adds a Samba4 test fixture that acts as a domain controller
and has the same contents as the cloud active directory instance that
we previously used for tests.

The tests also support reading information from environment variables
so that they can be run against a real active directory instance in our
CI builds.

In addition, this commit also fixes a few issues that surfaced when
making this change. The first is a change in the base DN that is
searched when performing down-level authentication. The base DN is
now the configuration object instead of the domain DN. This change was
required due to the original producing unnecessary referrals, which we
cannot easily follow when running against this test figure. Referrals
cannot easily be followed as they are returned by the ldap server with
an unresolvable DNS name unless the host points to the samba4 instance
for DNS. The port returned in the referral url is the one samba is bound
to, which differs from the port that is forwarded to the host by the
test fixture.

The other issue that is resolved by this change is the addition of
settings that allow specifying non-standard ports for active directory.
This is needed for down-level authentication as we may need to query
the regular port of active directory instead of the global catalog
port as the configuration object is not replicated to the global
catalog.

relates elastic/x-pack-elasticsearch#185
Relates elastic/x-pack-elasticsearch#3800

Original commit: elastic/x-pack-elasticsearch@883c742fba
2018-03-16 10:44:23 -06:00
Alexander Reelsen ab99b82125 Tests: Replace YAML test waiting for watch execution (elastic/x-pack-elasticsearch#4008)
This is the last YAML test, that waits for a watch execution by
specifying some timeout value. This one also gets replaced with a java
test that uses `assertBusy()` and thus is much more likely to succeed.

relates elastic/x-pack-elasticsearch#1513

Original commit: elastic/x-pack-elasticsearch@c2ab8777f4
2018-03-15 14:20:58 -07:00
Alexander Reelsen 7f166e1927 Cleanup: Move tests calling external services into QA projects (elastic/x-pack-elasticsearch#3869)
This also moves the hipchat/pagerduty/slack tests to REST tests which put real watches and also check the history.

Relates elastic/x-pack-elasticsearch#3800


Original commit: elastic/x-pack-elasticsearch@fce08d9cb7
2018-02-23 13:31:28 +01:00