mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-17 10:25:15 +00:00
b8733eab00
The change replaces the Vagrant box based fixture with a fixture based on docker compose and 2 docker images, one for an openldap server and one for a Shibboleth SAML Identity Provider. The configuration of both openldap and shibboleth is identical to the previous one, in order to minimize required changes in the tests
94 lines
4.5 KiB
Groovy
94 lines
4.5 KiB
Groovy
Project idpFixtureProject = xpackProject("test:idp-fixture")
|
|
evaluationDependsOn(idpFixtureProject.path)
|
|
|
|
apply plugin: 'elasticsearch.standalone-rest-test'
|
|
apply plugin: 'elasticsearch.rest-test'
|
|
apply plugin: 'elasticsearch.test.fixtures'
|
|
|
|
dependencies {
|
|
// "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here
|
|
testCompile project(path: xpackModule('core'), configuration: 'default')
|
|
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
|
testCompile project(path: xpackModule('security'), configuration: 'testArtifacts')
|
|
testCompile 'com.google.jimfs:jimfs:1.1'
|
|
}
|
|
testFixtures.useFixture ":x-pack:test:idp-fixture"
|
|
|
|
|
|
String outputDir = "${project.buildDir}/generated-resources/${project.name}"
|
|
task copyIdpCertificate(type: Copy) {
|
|
from idpFixtureProject.file('idp/shibboleth-idp/credentials/idp-browser.pem');
|
|
into outputDir
|
|
}
|
|
project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpCertificate)
|
|
integTestCluster.dependsOn copyIdpCertificate
|
|
|
|
integTestCluster {
|
|
setting 'xpack.license.self_generated.type', 'trial'
|
|
setting 'xpack.security.enabled', 'true'
|
|
setting 'xpack.security.http.ssl.enabled', 'false'
|
|
setting 'xpack.security.authc.token.enabled', 'true'
|
|
setting 'xpack.security.authc.realms.file.file.order', '0'
|
|
// SAML realm 1 (no authorization_realms)
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.order', '1'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.idp.entity_id', 'https://test.shibboleth.elastic.local/'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.idp.metadata.path', 'idp-metadata.xml'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.sp.entity_id', 'http://mock1.http.elastic.local/'
|
|
// The port in the ACS URL is fake - the test will bind the mock webserver
|
|
// to a random port and then whenever it needs to connect to a URL on the
|
|
// mock webserver it will replace 54321 with the real port
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.sp.acs', 'http://localhost:54321/saml/acs1'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.principal', 'uid'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth.attributes.name', 'urn:oid:2.5.4.3'
|
|
// SAML realm 2 (uses authorization_realms)
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.order', '2'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.entity_id', 'https://test.shibboleth.elastic.local/'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.idp.metadata.path', 'idp-metadata.xml'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.entity_id', 'http://mock2.http.elastic.local/'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.sp.acs', 'http://localhost:54321/saml/acs2'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.attributes.principal', 'uid'
|
|
setting 'xpack.security.authc.realms.saml.shibboleth_native.authorization_realms', 'native'
|
|
setting 'xpack.security.authc.realms.native.native.order', '3'
|
|
|
|
setting 'xpack.ml.enabled', 'false'
|
|
|
|
extraConfigFile 'idp-metadata.xml', idpFixtureProject.file("idp/shibboleth-idp/metadata/idp-metadata.xml")
|
|
|
|
setupCommand 'setupTestAdmin',
|
|
'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser"
|
|
|
|
waitCondition = { node, ant ->
|
|
File tmpFile = new File(node.cwd, 'wait.success')
|
|
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
|
|
dest: tmpFile.toString(),
|
|
username: 'test_admin',
|
|
password: 'x-pack-test-password',
|
|
ignoreerrors: true,
|
|
retries: 10)
|
|
return tmpFile.exists()
|
|
}
|
|
}
|
|
|
|
forbiddenPatterns {
|
|
exclude '**/*.der'
|
|
exclude '**/*.p12'
|
|
exclude '**/*.key'
|
|
}
|
|
|
|
thirdPartyAudit {
|
|
ignoreViolations (
|
|
// uses internal java api: sun.misc.Unsafe
|
|
'com.google.common.cache.Striped64',
|
|
'com.google.common.cache.Striped64$1',
|
|
'com.google.common.cache.Striped64$Cell',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1'
|
|
)
|
|
|
|
ignoreMissingClasses (
|
|
'com.ibm.icu.lang.UCharacter'
|
|
)
|
|
}
|