mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-25 01:19:02 +00:00
c6de68c3b9
An issue was introduced due to the merge of authorization_realms with the change to use Affix Settings for realms. The ".type" setting no longer exists as the type is now part of the setting key.
98 lines
4.6 KiB
Groovy
98 lines
4.6 KiB
Groovy
Project idpFixtureProject = xpackProject("test:idp-fixture")
|
|
evaluationDependsOn(idpFixtureProject.path)
|
|
|
|
apply plugin: 'elasticsearch.vagrantsupport'
|
|
apply plugin: 'elasticsearch.standalone-rest-test'
|
|
apply plugin: 'elasticsearch.rest-test'
|
|
|
|
dependencies {
|
|
// "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here
|
|
testCompile project(path: xpackModule('core'), configuration: 'default')
|
|
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
|
testCompile project(path: xpackModule('security'), configuration: 'testArtifacts')
|
|
testCompile 'com.google.jimfs:jimfs:1.1'
|
|
}
|
|
|
|
task idpFixture {
|
|
dependsOn "vagrantCheckVersion", "virtualboxCheckVersion", idpFixtureProject.up
|
|
}
|
|
|
|
String outputDir = "${project.buildDir}/generated-resources/${project.name}"
|
|
task copyIdpCertificate(type: Copy) {
|
|
from idpFixtureProject.file('src/main/resources/certs/ca.crt');
|
|
into outputDir
|
|
}
|
|
if (project.rootProject.vagrantSupported) {
|
|
project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpCertificate)
|
|
integTestCluster.dependsOn idpFixture, copyIdpCertificate
|
|
integTest.finalizedBy idpFixtureProject.halt
|
|
} else {
|
|
integTest.enabled = false
|
|
testingConventions.enabled = false
|
|
}
|
|
|
|
integTestCluster {
|
|
setting 'xpack.license.self_generated.type', 'trial'
|
|
setting 'xpack.security.enabled', 'true'
|
|
setting 'xpack.security.http.ssl.enabled', 'false'
|
|
setting 'xpack.security.authc.token.enabled', 'true'
|
|
setting 'xpack.security.authc.realms.file.file.order', '0'
|
|
// SAML realm 1 (no authorization_realms)
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.order', '1'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.idp.entity_id', 'https://test.shibboleth.elastic.local/'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.idp.metadata.path', 'idp-metadata.xml'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.sp.entity_id', 'http://mock1.http.elastic.local/'
|
|
// The port in the ACS URL is fake - the test will bind the mock webserver
|
|
// to a random port and then whenever it needs to connect to a URL on the
|
|
// mock webserver it will replace 54321 with the real port
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.sp.acs', 'http://localhost:54321/saml/acs1'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.principal', 'uid'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.name', 'urn:oid:2.5.4.3'
|
|
// SAML realm 2 (uses authorization_realms)
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.order', '2'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.entity_id', 'https://test.shibboleth.elastic.local/'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.metadata.path', 'idp-metadata.xml'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.entity_id', 'http://mock2.http.elastic.local/'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.acs', 'http://localhost:54321/saml/acs2'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.attributes.principal', 'uid'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.authorization_realms', 'native'
|
|
setting 'xpack.security.authc.realms.native.native.order', '3'
|
|
|
|
setting 'xpack.ml.enabled', 'false'
|
|
|
|
extraConfigFile 'idp-metadata.xml', idpFixtureProject.file("src/main/resources/provision/generated/idp-metadata.xml")
|
|
|
|
setupCommand 'setupTestAdmin',
|
|
'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser"
|
|
|
|
waitCondition = { node, ant ->
|
|
File tmpFile = new File(node.cwd, 'wait.success')
|
|
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
|
|
dest: tmpFile.toString(),
|
|
username: 'test_admin',
|
|
password: 'x-pack-test-password',
|
|
ignoreerrors: true,
|
|
retries: 10)
|
|
return tmpFile.exists()
|
|
}
|
|
}
|
|
|
|
forbiddenPatterns {
|
|
exclude '**/*.der'
|
|
exclude '**/*.p12'
|
|
exclude '**/*.key'
|
|
}
|
|
|
|
thirdPartyAudit.excludes = [
|
|
// uses internal java api: sun.misc.Unsafe
|
|
'com.google.common.cache.Striped64',
|
|
'com.google.common.cache.Striped64$1',
|
|
'com.google.common.cache.Striped64$Cell',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
|
|
// missing
|
|
'com.ibm.icu.lang.UCharacter'
|
|
]
|