mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-08 22:14:59 +00:00
6a113ae499
This PR introduces a subproject in test/fixtures that contains a Vagrantfile used for standing up a KRB5 KDC (Kerberos). The PR also includes helper scripts for provisioning principals, a few changes to the HDFS Fixture to allow it to interface with the KDC, as well as a new suite of integration tests for the HDFS Repository plugin. The HDFS Repository plugin senses if the local environment can support the HDFS Fixture (Windows is generally a restricted environment). If it can use the regular fixture, it then tests if Vagrant is installed with a compatible version to determine if the secure test fixtures should be enabled. If the secure tests are enabled, then we create a Kerberos KDC fixture, tasks for adding the required principals, and an HDFS fixture configured for security. A new integration test task is also configured to use the KDC and secure HDFS fixture and to run a testing suite that uses authentication. At the end of the secure integration test the fixtures are torn down.
85 lines
2.5 KiB
Groovy
85 lines
2.5 KiB
Groovy
/*
|
|
* Licensed to Elasticsearch under one or more contributor
|
|
* license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright
|
|
* ownership. Elasticsearch licenses this file to you under
|
|
* the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing,
|
|
* software distributed under the License is distributed on an
|
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
* KIND, either express or implied. See the License for the
|
|
* specific language governing permissions and limitations
|
|
* under the License.
|
|
*/
|
|
|
|
apply plugin: 'elasticsearch.build'
|
|
|
|
Map<String, String> vagrantEnvVars = [
|
|
'VAGRANT_CWD' : "${project.projectDir.absolutePath}",
|
|
'VAGRANT_VAGRANTFILE' : 'Vagrantfile',
|
|
'VAGRANT_PROJECT_DIR' : "${project.projectDir.absolutePath}"
|
|
]
|
|
|
|
String box = "krb5kdc"
|
|
|
|
List<String> defaultPrincipals = [ "elasticsearch" ]
|
|
|
|
task update(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
|
|
command 'box'
|
|
subcommand 'update'
|
|
boxName box
|
|
environmentVars vagrantEnvVars
|
|
}
|
|
|
|
task up(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
|
|
command 'up'
|
|
args '--provision', '--provider', 'virtualbox'
|
|
boxName box
|
|
environmentVars vagrantEnvVars
|
|
dependsOn update
|
|
}
|
|
|
|
task addDefaultPrincipals {
|
|
dependsOn up
|
|
}
|
|
|
|
for (String principal : defaultPrincipals) {
|
|
Task addTask = project.tasks.create("addPrincipal#${principal}", org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
|
|
command 'ssh'
|
|
args '--command', "sudo bash /vagrant/src/main/resources/provision/addprinc.sh $principal"
|
|
boxName box
|
|
environmentVars vagrantEnvVars
|
|
dependsOn up
|
|
}
|
|
addDefaultPrincipals.dependsOn(addTask)
|
|
}
|
|
|
|
task halt(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
|
|
command 'halt'
|
|
boxName box
|
|
environmentVars vagrantEnvVars
|
|
}
|
|
|
|
task destroy(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
|
|
command 'destroy'
|
|
args '-f'
|
|
boxName box
|
|
environmentVars vagrantEnvVars
|
|
dependsOn halt
|
|
}
|
|
|
|
thirdPartyAudit.enabled = false
|
|
licenseHeaders.enabled = false
|
|
test.enabled = false
|
|
|
|
// installKDC uses tabs in it for the Kerberos ACL file.
|
|
// Ignore it for pattern checking.
|
|
forbiddenPatterns {
|
|
exclude "**/installkdc.sh"
|
|
}
|