mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-07 13:38:49 +00:00
6a113ae499
This PR introduces a subproject in test/fixtures that contains a Vagrantfile used for standing up a KRB5 KDC (Kerberos). The PR also includes helper scripts for provisioning principals, a few changes to the HDFS Fixture to allow it to interface with the KDC, as well as a new suite of integration tests for the HDFS Repository plugin. The HDFS Repository plugin senses if the local environment can support the HDFS Fixture (Windows is generally a restricted environment). If it can use the regular fixture, it then tests if Vagrant is installed with a compatible version to determine if the secure test fixtures should be enabled. If the secure tests are enabled, then we create a Kerberos KDC fixture, tasks for adding the required principals, and an HDFS fixture configured for security. A new integration test task is also configured to use the KDC and secure HDFS fixture and to run a testing suite that uses authentication. At the end of the secure integration test the fixtures are torn down.
54 lines
2.0 KiB
Ruby
54 lines
2.0 KiB
Ruby
# -*- mode: ruby -*-
|
|
# vi: set ft=ruby :
|
|
|
|
# Licensed to Elasticsearch under one or more contributor
|
|
# license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright
|
|
# ownership. Elasticsearch licenses this file to you under
|
|
# the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# This Vagrantfile exists to define a virtual machine running MIT's Kerberos 5
|
|
# for usage as a testing fixture for the build process.
|
|
#
|
|
# In order to connect to the KDC process on this virtual machine, find and use
|
|
# the rendered krb5.conf file in the build output directory (build/conf).
|
|
#
|
|
# In order to provision principals in the KDC, use the provided addprinc.sh
|
|
# script with vagrant's ssh facility:
|
|
#
|
|
# vagrant ssh -c /vagrant/src/main/resources/provision/addprinc.sh principal
|
|
#
|
|
# You will find the newly created principal's keytab file in the build output
|
|
# directory (build/keytabs). Principal creation is idempotent, and will recopy
|
|
# existing user keytabs from the KDC if they already exist.
|
|
|
|
Vagrant.configure("2") do |config|
|
|
|
|
config.vm.define "krb5kdc" do |config|
|
|
config.vm.box = "elastic/ubuntu-14.04-x86_64"
|
|
end
|
|
|
|
config.vm.hostname = "kerberos.build.elastic.co"
|
|
|
|
if Vagrant.has_plugin?("vagrant-cachier")
|
|
config.cache.scope = :box
|
|
end
|
|
|
|
config.vm.network "forwarded_port", guest: 88, host: 60088, protocol: "tcp"
|
|
config.vm.network "forwarded_port", guest: 88, host: 60088, protocol: "udp"
|
|
|
|
config.vm.provision "shell", path: "src/main/resources/provision/installkdc.sh"
|
|
|
|
end
|