import java.nio.file.Path import java.nio.file.Paths import java.nio.file.Files apply plugin: 'elasticsearch.vagrantsupport' apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' dependencies { testCompile project(path: xpackModule('core'), configuration: 'shadow') testCompile project(path: xpackModule('core'), configuration: 'testArtifacts') testCompile project(path: xpackModule('security'), configuration: 'testArtifacts') } // MIT Kerberos Vagrant Testing Fixture String box = "krb5kdc" Map vagrantEnvVars = [ 'VAGRANT_CWD' : "${project(':test:fixtures:krb5kdc-fixture').projectDir}", 'VAGRANT_VAGRANTFILE' : 'Vagrantfile', 'VAGRANT_PROJECT_DIR' : "${project(':test:fixtures:krb5kdc-fixture').projectDir}" ] task krb5kdcUpdate(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) { command 'box' subcommand 'update' boxName box environmentVars vagrantEnvVars dependsOn "vagrantCheckVersion", "virtualboxCheckVersion" } task krb5kdcFixture(type: org.elasticsearch.gradle.test.VagrantFixture) { command 'up' args '--provision', '--provider', 'virtualbox' boxName box environmentVars vagrantEnvVars dependsOn krb5kdcUpdate } // lazily resolve to avoid any slowdowns from DNS lookups prior to when we need this value Object httpPrincipal = new Object() { @Override String toString() { InetAddress resolvedAddress = InetAddress.getByName('127.0.0.1') return "HTTP/" + resolvedAddress.getCanonicalHostName() } } String realm = "BUILD.ELASTIC.CO" task 'addPrincipal#peppa'(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) { command 'ssh' args '--command', "sudo bash /vagrant/src/main/resources/provision/addprinc.sh peppa " boxName box environmentVars vagrantEnvVars dependsOn krb5kdcFixture } task 'addPrincipal#george'(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) { command 'ssh' args '--command', "sudo bash /vagrant/src/main/resources/provision/addprinc.sh george dino" boxName box environmentVars vagrantEnvVars dependsOn krb5kdcFixture } task 'addPrincipal#HTTP'(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) { command 'ssh' args '--command', "sudo bash /vagrant/src/main/resources/provision/addprinc.sh $httpPrincipal" boxName box environmentVars vagrantEnvVars dependsOn krb5kdcFixture } task krb5AddPrincipals { dependsOn krb5kdcFixture, 'addPrincipal#peppa', 'addPrincipal#george', 'addPrincipal#HTTP' } def generatedResources = "$buildDir/generated-resources/keytabs" task copyKeytabToGeneratedResources(type: Copy) { Path peppaKeytab = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("keytabs").resolve("peppa.keytab").toAbsolutePath() from peppaKeytab; into generatedResources dependsOn krb5AddPrincipals } integTestCluster { // force localhost IPv4 otherwise it is a chicken and egg problem where we need the keytab for the hostname when starting the cluster // but do not know the exact address that is first in the http ports file setting 'http.host', '127.0.0.1' setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.security.enabled', 'true' setting 'xpack.security.authc.realms.file.type', 'file' setting 'xpack.security.authc.realms.file.order', '0' setting 'xpack.ml.enabled', 'false' setting 'xpack.security.audit.enabled', 'true' // Kerberos realm setting 'xpack.security.authc.realms.kerberos.type', 'kerberos' setting 'xpack.security.authc.realms.kerberos.order', '1' setting 'xpack.security.authc.realms.kerberos.keytab.path', 'es.keytab' setting 'xpack.security.authc.realms.kerberos.krb.debug', 'true' setting 'xpack.security.authc.realms.kerberos.remove_realm_name', 'false' Path krb5conf = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("conf").resolve("krb5.conf").toAbsolutePath() String jvmArgsStr = " -Djava.security.krb5.conf=${krb5conf}" + " -Dsun.security.krb5.debug=true" jvmArgs jvmArgsStr Path esKeytab = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("keytabs") .resolve("$httpPrincipal".replace('/', '_') + ".keytab").toAbsolutePath() extraConfigFile("es.keytab", "${esKeytab}") setupCommand 'setupTestAdmin', 'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser" waitCondition = { node, ant -> File tmpFile = new File(node.cwd, 'wait.success') ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow", dest: tmpFile.toString(), username: 'test_admin', password: 'x-pack-test-password', ignoreerrors: true, retries: 10) return tmpFile.exists() } } integTestRunner { Path peppaKeytab = Paths.get("${project.buildDir}", "generated-resources", "keytabs", "peppa.keytab") systemProperty 'test.userkt', "peppa@${realm}" systemProperty 'test.userkt.keytab', "${peppaKeytab}" systemProperty 'test.userpwd', "george@${realm}" systemProperty 'test.userpwd.password', "dino" systemProperty 'tests.security.manager', 'true' Path krb5conf = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("conf").resolve("krb5.conf").toAbsolutePath() List jvmargs = ["-Djava.security.krb5.conf=${krb5conf}","-Dsun.security.krb5.debug=true"] jvmArgs jvmargs } if (project.rootProject.vagrantSupported == false) { integTest.enabled = false } else { project.sourceSets.test.output.dir(generatedResources) integTestCluster.dependsOn krb5AddPrincipals, krb5kdcFixture, copyKeytabToGeneratedResources integTest.finalizedBy project(':test:fixtures:krb5kdc-fixture').halt }