100 lines
4.5 KiB
Groovy
100 lines
4.5 KiB
Groovy
Project idpFixtureProject = xpackProject("test:idp-fixture")
|
|
|
|
apply plugin: 'elasticsearch.testclusters'
|
|
apply plugin: 'elasticsearch.standalone-rest-test'
|
|
apply plugin: 'elasticsearch.rest-test'
|
|
apply plugin: 'elasticsearch.test.fixtures'
|
|
|
|
dependencies {
|
|
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
|
testCompile 'com.google.jimfs:jimfs:1.1'
|
|
}
|
|
testFixtures.useFixture ":x-pack:test:idp-fixture"
|
|
|
|
|
|
String outputDir = "${project.buildDir}/generated-resources/${project.name}"
|
|
task copyIdpFiles(type: Copy) {
|
|
from idpFixtureProject.files('idp/shibboleth-idp/credentials/idp-browser.pem', 'idp/shibboleth-idp/metadata/idp-metadata.xml');
|
|
into outputDir
|
|
}
|
|
project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpFiles)
|
|
|
|
task setupPorts {
|
|
dependsOn copyIdpFiles, idpFixtureProject.postProcessFixture
|
|
// Don't attempt to get ephemeral ports when Docker is not available
|
|
onlyIf { idpFixtureProject.postProcessFixture.enabled }
|
|
doLast {
|
|
String portString = idpFixtureProject.postProcessFixture.ext."test.fixtures.shibboleth-idp.tcp.4443"
|
|
int ephemeralPort = Integer.valueOf(portString)
|
|
File idpMetaFile = file("$outputDir/idp-metadata.xml")
|
|
List<String> lines = idpMetaFile.readLines("UTF-8")
|
|
StringBuilder content = new StringBuilder()
|
|
for (String line : lines) {
|
|
content.append(line.replace("localhost:4443", "localhost:" + ephemeralPort))
|
|
}
|
|
idpMetaFile.delete()
|
|
idpMetaFile.createNewFile()
|
|
idpMetaFile.write(content.toString(), "UTF-8")
|
|
}
|
|
}
|
|
|
|
|
|
integTest.runner.dependsOn setupPorts
|
|
|
|
testClusters.integTest {
|
|
testDistribution = 'DEFAULT'
|
|
setting 'xpack.license.self_generated.type', 'trial'
|
|
setting 'xpack.security.enabled', 'true'
|
|
setting 'xpack.security.http.ssl.enabled', 'false'
|
|
setting 'xpack.security.authc.token.enabled', 'true'
|
|
setting 'xpack.security.authc.realms.file.file.order', '0'
|
|
// SAML realm 1 (no authorization_realms)
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.order', '1'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.idp.entity_id', 'https://test.shibboleth.elastic.local/'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.idp.metadata.path', 'idp-metadata.xml'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.sp.entity_id', 'http://mock1.http.elastic.local/'
|
|
// The port in the ACS URL is fake - the test will bind the mock webserver
|
|
// to a random port and then whenever it needs to connect to a URL on the
|
|
// mock webserver it will replace 54321 with the real port
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.sp.acs', 'http://localhost:54321/saml/acs1'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.principal', 'uid'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.name', 'urn:oid:2.5.4.3'
|
|
// SAML realm 2 (uses authorization_realms)
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.order', '2'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.entity_id', 'https://test.shibboleth.elastic.local/'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.metadata.path', 'idp-metadata.xml'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.entity_id', 'http://mock2.http.elastic.local/'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.acs', 'http://localhost:54321/saml/acs2'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.attributes.principal', 'uid'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.authorization_realms', 'native'
|
|
setting 'xpack.security.authc.realms.native.native.order', '3'
|
|
|
|
setting 'xpack.ml.enabled', 'false'
|
|
setting 'logger.org.elasticsearch.xpack.security', 'TRACE'
|
|
|
|
extraConfigFile 'idp-metadata.xml', file(outputDir + "/idp-metadata.xml")
|
|
|
|
user username: "test_admin", password: 'x-pack-test-password'
|
|
}
|
|
|
|
forbiddenPatterns {
|
|
exclude '**/*.der'
|
|
exclude '**/*.p12'
|
|
exclude '**/*.key'
|
|
}
|
|
|
|
thirdPartyAudit {
|
|
ignoreViolations (
|
|
// uses internal java api: sun.misc.Unsafe
|
|
'com.google.common.cache.Striped64',
|
|
'com.google.common.cache.Striped64$1',
|
|
'com.google.common.cache.Striped64$Cell',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1'
|
|
)
|
|
|
|
ignoreMissingClasses (
|
|
'com.ibm.icu.lang.UCharacter'
|
|
)
|
|
}
|