mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-07 21:48:39 +00:00
9b3fb66394
This commit adds new settings for the ssl keystore (not the ES keystore) passphrase settings. New setting names are used, instead of trying to support the existing names in both yml and the ES keystore, so that there does not need to be complicated logic between the two. Note that the old settings remain the only way to set the ssl passphrases for the transport client, but the Settings object for transport clients are created in memory by users, so they are already as "secure" as having a loaded ES keystore. Also note that in the long term future (6.x timeframe?) these settings should be deprecated and the keys/certs themselves should be moved into the ES keystore, so there will be no need for separate keystores/passphrases. relates elastic/elasticsearch#22475 Original commit: elastic/x-pack-elasticsearch@be5275fa3d
219 lines
8.3 KiB
Groovy
219 lines
8.3 KiB
Groovy
import org.elasticsearch.gradle.test.NodeInfo
|
|
import org.elasticsearch.gradle.test.RestIntegTestTask
|
|
import org.elasticsearch.gradle.Version
|
|
|
|
import java.nio.charset.StandardCharsets
|
|
import java.util.regex.Matcher
|
|
|
|
// Apply the java plugin to this project so the sources can be edited in an IDE
|
|
apply plugin: 'elasticsearch.build'
|
|
test.enabled = false
|
|
|
|
dependencies {
|
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')
|
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'testArtifacts')
|
|
}
|
|
|
|
|
|
Closure waitWithAuth = { NodeInfo node, AntBuilder ant ->
|
|
File tmpFile = new File(node.cwd, 'wait.success')
|
|
// wait up to twenty seconds
|
|
final long stopTime = System.currentTimeMillis() + 20000L;
|
|
Exception lastException = null;
|
|
while (System.currentTimeMillis() < stopTime) {
|
|
lastException = null;
|
|
// we use custom wait logic here as the elastic user is not available immediately and ant.get will fail when a 401 is returned
|
|
HttpURLConnection httpURLConnection = null;
|
|
try {
|
|
httpURLConnection = (HttpURLConnection) new URL("http://${node.httpUri()}/_cluster/health?wait_for_nodes=${node.config.numNodes}&wait_for_status=yellow").openConnection();
|
|
httpURLConnection.setRequestProperty("Authorization", "Basic " +
|
|
Base64.getEncoder().encodeToString("elastic:changeme".getBytes(StandardCharsets.UTF_8)));
|
|
httpURLConnection.setRequestMethod("GET");
|
|
httpURLConnection.setConnectTimeout(1000);
|
|
httpURLConnection.setReadTimeout(30000); // read needs to wait for nodes!
|
|
httpURLConnection.connect();
|
|
if (httpURLConnection.getResponseCode() == 200) {
|
|
tmpFile.withWriter StandardCharsets.UTF_8.name(), {
|
|
it.write(httpURLConnection.getInputStream().getText(StandardCharsets.UTF_8.name()))
|
|
}
|
|
break;
|
|
}
|
|
} catch (Exception e) {
|
|
logger.debug("failed to call cluster health", e)
|
|
lastException = e
|
|
} finally {
|
|
if (httpURLConnection != null) {
|
|
httpURLConnection.disconnect();
|
|
}
|
|
}
|
|
|
|
// did not start, so wait a bit before trying again
|
|
Thread.sleep(500L);
|
|
}
|
|
if (tmpFile.exists() == false && lastException != null) {
|
|
logger.error("final attempt of calling cluster health failed", lastException)
|
|
}
|
|
return tmpFile.exists()
|
|
}
|
|
|
|
Project mainProject = project
|
|
|
|
/**
|
|
* Subdirectories of this project are test rolling upgrades with various
|
|
* configuration options based on their name.
|
|
*/
|
|
subprojects {
|
|
Matcher m = project.name =~ /with(out)?-system-key/
|
|
if (false == m.matches()) {
|
|
throw new InvalidUserDataException("Invalid project name [${project.name}]")
|
|
}
|
|
boolean withSystemKey = m.group(1) == null
|
|
|
|
apply plugin: 'elasticsearch.standalone-test'
|
|
|
|
// Use resources from the rolling-upgrade project in subdirectories
|
|
sourceSets {
|
|
test {
|
|
java {
|
|
srcDirs = ["${mainProject.projectDir}/src/test/java"]
|
|
}
|
|
resources {
|
|
srcDirs = ["${mainProject.projectDir}/src/test/resources"]
|
|
}
|
|
}
|
|
}
|
|
|
|
String outputDir = "generated-resources/${project.name}"
|
|
|
|
// This is a top level task which we will add dependencies to below.
|
|
// It is a single task that can be used to backcompat tests against all versions.
|
|
task bwcTest {
|
|
description = 'Runs backwards compatibility tests.'
|
|
group = 'verification'
|
|
}
|
|
|
|
String output = "generated-resources/${project.name}"
|
|
task copyTestNodeKeystore(type: Copy) {
|
|
from project(':x-pack-elasticsearch:plugin')
|
|
.file('src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks')
|
|
into outputDir
|
|
}
|
|
|
|
for (Version version : indexCompatVersions) {
|
|
String baseName = "v${version}"
|
|
|
|
Task oldClusterTest = tasks.create(name: "${baseName}#oldClusterTest", type: RestIntegTestTask) {
|
|
mustRunAfter(precommit)
|
|
}
|
|
|
|
Object extension = extensions.findByName("${baseName}#oldClusterTestCluster")
|
|
configure(extensions.findByName("${baseName}#oldClusterTestCluster")) {
|
|
dependsOn copyTestNodeKeystore
|
|
plugin ':x-pack-elasticsearch:plugin'
|
|
distribution = 'zip'
|
|
bwcVersion = version
|
|
numBwcNodes = 2
|
|
numNodes = 2
|
|
clusterName = 'full-cluster-restart'
|
|
waitCondition = waitWithAuth
|
|
setting 'xpack.security.transport.ssl.enabled', 'true'
|
|
setting 'xpack.ssl.keystore.path', 'testnode.jks'
|
|
setting 'xpack.ssl.keystore.password', 'testnode'
|
|
setting 'xpack.security.authc.realms.native.type', 'native'
|
|
setting 'xpack.security.authc.realms.native.order', '0'
|
|
dependsOn copyTestNodeKeystore
|
|
extraConfigFile 'testnode.jks', new File(outputDir + '/testnode.jks')
|
|
if (withSystemKey) {
|
|
if (version.onOrAfter('5.1.0')) {
|
|
// The setting didn't exist until 5.1.0
|
|
setting 'xpack.security.system_key.required', 'true'
|
|
}
|
|
extraConfigFile 'x-pack/system_key',
|
|
"${mainProject.projectDir}/src/test/resources/system_key"
|
|
}
|
|
}
|
|
|
|
Task oldClusterTestRunner = tasks.getByName("${baseName}#oldClusterTestRunner")
|
|
oldClusterTestRunner.configure {
|
|
systemProperty 'tests.is_old_cluster', 'true'
|
|
systemProperty 'tests.old_cluster_version', version.toString().minus("-SNAPSHOT")
|
|
}
|
|
|
|
Task upgradedClusterTest = tasks.create(name: "${baseName}#upgradedClusterTest", type: RestIntegTestTask)
|
|
|
|
configure(extensions.findByName("${baseName}#upgradedClusterTestCluster")) {
|
|
dependsOn oldClusterTestRunner,
|
|
"${baseName}#oldClusterTestCluster#node0.stop",
|
|
"${baseName}#oldClusterTestCluster#node1.stop"
|
|
plugin ':x-pack-elasticsearch:plugin'
|
|
distribution = 'zip'
|
|
numNodes = 2
|
|
clusterName = 'full-cluster-restart'
|
|
dataDir = { nodeNum -> oldClusterTest.nodes[nodeNum].dataDir }
|
|
waitCondition = waitWithAuth
|
|
setting 'xpack.ssl.keystore.path', 'testnode.jks'
|
|
keystoreSetting 'xpack.ssl.keystore.secure_password', 'testnode'
|
|
setting 'xpack.security.authc.realms.native.type', 'native'
|
|
setting 'xpack.security.authc.realms.native.order', '0'
|
|
dependsOn copyTestNodeKeystore
|
|
extraConfigFile 'testnode.jks', new File(outputDir + '/testnode.jks')
|
|
if (withSystemKey) {
|
|
setting 'xpack.security.system_key.required', 'true'
|
|
extraConfigFile 'x-pack/system_key',
|
|
"${mainProject.projectDir}/src/test/resources/system_key"
|
|
}
|
|
}
|
|
|
|
Task upgradedClusterTestRunner = tasks.getByName("${baseName}#upgradedClusterTestRunner")
|
|
upgradedClusterTestRunner.configure {
|
|
systemProperty 'tests.is_old_cluster', 'false'
|
|
systemProperty 'tests.old_cluster_version', version.toString().minus("-SNAPSHOT")
|
|
}
|
|
|
|
Task versionBwcTest = tasks.create(name: "${baseName}#bwcTest") {
|
|
dependsOn = [upgradedClusterTest]
|
|
}
|
|
|
|
if (project.bwc_tests_enabled) {
|
|
bwcTest.dependsOn(versionBwcTest)
|
|
}
|
|
}
|
|
|
|
test.enabled = false // no unit tests for full cluster restarts, only the rest integration test
|
|
|
|
// basic integ tests includes testing bwc against the most recent version
|
|
task integTest {
|
|
if (project.bwc_tests_enabled) {
|
|
dependsOn = ["v${wireCompatVersions[-1]}#bwcTest"]
|
|
}
|
|
}
|
|
check.dependsOn(integTest)
|
|
|
|
dependencies {
|
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')
|
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'testArtifacts')
|
|
}
|
|
|
|
// copy x-pack plugin info so it is on the classpath and security manager has the right permissions
|
|
task copyXPackRestSpec(type: Copy) {
|
|
dependsOn(project.configurations.restSpec, 'processTestResources')
|
|
from project(':x-pack-elasticsearch:plugin').sourceSets.test.resources
|
|
include 'rest-api-spec/api/**'
|
|
into project.sourceSets.test.output.resourcesDir
|
|
}
|
|
|
|
task copyXPackPluginProps(type: Copy) {
|
|
dependsOn(copyXPackRestSpec)
|
|
from project(':x-pack-elasticsearch:plugin').file('src/main/plugin-metadata')
|
|
from project(':x-pack-elasticsearch:plugin').tasks.pluginProperties
|
|
into outputDir
|
|
}
|
|
project.sourceSets.test.output.dir(outputDir, builtBy: copyXPackPluginProps)
|
|
|
|
repositories {
|
|
maven {
|
|
url "https://artifacts.elastic.co/maven"
|
|
}
|
|
}
|
|
}
|