OpenSearch/x-pack/qa/saml-idp-tests/build.gradle

108 lines
5.1 KiB
Groovy

Project idpFixtureProject = xpackProject("test:idp-fixture")
apply plugin: 'elasticsearch.testclusters'
apply plugin: 'elasticsearch.standalone-rest-test'
apply plugin: 'elasticsearch.rest-test'
apply plugin: 'elasticsearch.test.fixtures'
dependencies {
testImplementation project(path: xpackModule('core'), configuration: 'testArtifacts')
testImplementation 'com.google.jimfs:jimfs:1.1'
}
testFixtures.useFixture ":x-pack:test:idp-fixture"
String outputDir = "${project.buildDir}/generated-resources/${project.name}"
task copyIdpFiles(type: Copy) {
from idpFixtureProject.files('idp/shibboleth-idp/credentials/idp-browser.pem', 'idp/shibboleth-idp/metadata/idp-metadata.xml');
into outputDir
}
project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpFiles)
task setupPorts {
dependsOn copyIdpFiles, idpFixtureProject.postProcessFixture
// Don't attempt to get ephemeral ports when Docker is not available
onlyIf { idpFixtureProject.postProcessFixture.state.skipped == false }
doLast {
String portString = idpFixtureProject.postProcessFixture.ext."test.fixtures.shibboleth-idp.tcp.4443"
int ephemeralPort = Integer.valueOf(portString)
File idpMetaFile = file("$outputDir/idp-metadata.xml")
List<String> lines = idpMetaFile.readLines("UTF-8")
StringBuilder content = new StringBuilder()
for (String line : lines) {
content.append(line.replace("localhost:4443", "localhost:" + ephemeralPort))
}
idpMetaFile.delete()
idpMetaFile.createNewFile()
idpMetaFile.write(content.toString(), "UTF-8")
}
}
integTest.runner.dependsOn setupPorts
testClusters.integTest {
testDistribution = 'DEFAULT'
setting 'xpack.license.self_generated.type', 'trial'
setting 'xpack.security.enabled', 'true'
setting 'xpack.security.http.ssl.enabled', 'false'
setting 'xpack.security.authc.token.enabled', 'true'
setting 'xpack.security.authc.realms.file.file.order', '0'
// SAML realm 1 (no authorization_realms)
setting 'xpack.security.authc.realms.saml.shibboleth.order', '1'
setting 'xpack.security.authc.realms.saml.shibboleth.idp.entity_id', 'https://test.shibboleth.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth.idp.metadata.path', 'idp-metadata.xml'
setting 'xpack.security.authc.realms.saml.shibboleth.sp.entity_id', 'http://mock1.http.elastic.local/'
// The port in the ACS URL is fake - the test will bind the mock webserver
// to a random port and then whenever it needs to connect to a URL on the
// mock webserver it will replace 54321 with the real port
setting 'xpack.security.authc.realms.saml.shibboleth.sp.acs', 'http://localhost:54321/saml/acs1'
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.principal', 'uid'
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.name', 'urn:oid:2.5.4.3'
// SAML realm 2 (uses authorization_realms)
setting 'xpack.security.authc.realms.saml.shibboleth_native.order', '2'
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.entity_id', 'https://test.shibboleth.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.metadata.path', 'idp-metadata.xml'
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.entity_id', 'http://mock2.http.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.acs', 'http://localhost:54321/saml/acs2'
setting 'xpack.security.authc.realms.saml.shibboleth_native.attributes.principal', 'uid'
setting 'xpack.security.authc.realms.saml.shibboleth_native.authorization_realms', 'native'
// SAML realm 3 (used for negative tests with multiple realms)
setting 'xpack.security.authc.realms.saml.shibboleth_negative.order', '3'
setting 'xpack.security.authc.realms.saml.shibboleth_negative.idp.entity_id', 'https://test.shibboleth.elastic.local/'
setting 'xpack.security.authc.realms.saml.shibboleth_negative.idp.metadata.path', 'idp-metadata.xml'
setting 'xpack.security.authc.realms.saml.shibboleth_negative.sp.entity_id', 'somethingwronghere'
setting 'xpack.security.authc.realms.saml.shibboleth_negative.sp.acs', 'http://localhost:54321/saml/acs3'
setting 'xpack.security.authc.realms.saml.shibboleth_negative.attributes.principal', 'uid'
setting 'xpack.security.authc.realms.saml.shibboleth_negative.authorization_realms', 'native'
setting 'xpack.security.authc.realms.native.native.order', '4'
setting 'xpack.ml.enabled', 'false'
setting 'logger.org.elasticsearch.xpack.security', 'TRACE'
extraConfigFile 'idp-metadata.xml', file(outputDir + "/idp-metadata.xml")
user username: "test_admin", password: 'x-pack-test-password'
}
forbiddenPatterns {
exclude '**/*.der'
exclude '**/*.p12'
exclude '**/*.key'
}
thirdPartyAudit {
ignoreViolations(
// uses internal java api: sun.misc.Unsafe
'com.google.common.cache.Striped64',
'com.google.common.cache.Striped64$1',
'com.google.common.cache.Striped64$Cell',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1'
)
ignoreMissingClasses(
'com.ibm.icu.lang.UCharacter'
)
}