82 lines
4.9 KiB
Groovy
82 lines
4.9 KiB
Groovy
Project idpFixtureProject = xpackProject("test:idp-fixture")
|
|
|
|
apply plugin: 'elasticsearch.standalone-rest-test'
|
|
apply plugin: 'elasticsearch.rest-test'
|
|
apply plugin: 'elasticsearch.test.fixtures'
|
|
|
|
dependencies {
|
|
// "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here
|
|
testCompile project(path: xpackModule('core'), configuration: 'default')
|
|
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
|
testCompile project(path: xpackModule('security'), configuration: 'testArtifacts')
|
|
}
|
|
testFixtures.useFixture ":x-pack:test:idp-fixture"
|
|
|
|
String ephemeralPort;
|
|
task setupPorts {
|
|
// Don't attempt to get ephemeral ports when Docker is not available
|
|
onlyIf { idpFixtureProject.postProcessFixture.enabled }
|
|
dependsOn idpFixtureProject.postProcessFixture
|
|
doLast {
|
|
ephemeralPort = idpFixtureProject.postProcessFixture.ext."test.fixtures.oidc-provider.tcp.8080"
|
|
}
|
|
}
|
|
|
|
integTestCluster {
|
|
dependsOn setupPorts
|
|
setting 'xpack.license.self_generated.type', 'trial'
|
|
setting 'xpack.security.enabled', 'true'
|
|
setting 'xpack.security.http.ssl.enabled', 'false'
|
|
setting 'xpack.security.authc.token.enabled', 'true'
|
|
setting 'xpack.security.authc.realms.file.file.order', '0'
|
|
setting 'xpack.security.authc.realms.native.native.order', '1'
|
|
// OpenID Connect Realm 1 configured for authorization grant flow
|
|
setting 'xpack.security.authc.realms.oidc.c2id.order', '2'
|
|
setting 'xpack.security.authc.realms.oidc.c2id.op.issuer', 'http://localhost:8080'
|
|
setting 'xpack.security.authc.realms.oidc.c2id.op.authorization_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id-login"
|
|
setting 'xpack.security.authc.realms.oidc.c2id.op.token_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id/token"
|
|
setting 'xpack.security.authc.realms.oidc.c2id.op.userinfo_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id/userinfo"
|
|
setting 'xpack.security.authc.realms.oidc.c2id.op.jwkset_path', 'op-jwks.json'
|
|
setting 'xpack.security.authc.realms.oidc.c2id.rp.redirect_uri', 'https://my.fantastic.rp/cb'
|
|
setting 'xpack.security.authc.realms.oidc.c2id.rp.client_id', 'elasticsearch-rp'
|
|
keystoreSetting 'xpack.security.authc.realms.oidc.c2id.rp.client_secret', 'b07efb7a1cf6ec9462afe7b6d3ab55c6c7880262aa61ac28dded292aca47c9a2'
|
|
setting 'xpack.security.authc.realms.oidc.c2id.rp.response_type', 'code'
|
|
setting 'xpack.security.authc.realms.oidc.c2id.claims.principal', 'sub'
|
|
setting 'xpack.security.authc.realms.oidc.c2id.claims.name', 'name'
|
|
setting 'xpack.security.authc.realms.oidc.c2id.claims.mail', 'email'
|
|
setting 'xpack.security.authc.realms.oidc.c2id.claims.groups', 'groups'
|
|
// OpenID Connect Realm 2 configured for implicit flow
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.order', '3'
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.issuer', 'http://localhost:8080'
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.authorization_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id-login"
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.token_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id/token"
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.userinfo_endpoint', "http://127.0.0.1:${-> ephemeralPort}/c2id/userinfo"
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.op.jwkset_path', 'op-jwks.json'
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.redirect_uri', 'https://my.fantastic.rp/cb'
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.client_id', 'elasticsearch-rp'
|
|
keystoreSetting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.client_secret', 'b07efb7a1cf6ec9462afe7b6d3ab55c6c7880262aa61ac28dded292aca47c9a2'
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.rp.response_type', 'id_token token'
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.claims.principal', 'sub'
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.claims.name', 'name'
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.claims.mail', 'email'
|
|
setting 'xpack.security.authc.realms.oidc.c2id-implicit.claims.groups', 'groups'
|
|
setting 'xpack.ml.enabled', 'false'
|
|
|
|
extraConfigFile 'op-jwks.json', idpFixtureProject.file("oidc/op-jwks.json")
|
|
|
|
setupCommand 'setupTestAdmin',
|
|
'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser"
|
|
|
|
waitCondition = { node, ant ->
|
|
File tmpFile = new File(node.cwd, 'wait.success')
|
|
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
|
|
dest: tmpFile.toString(),
|
|
username: 'test_admin',
|
|
password: 'x-pack-test-password',
|
|
ignoreerrors: true,
|
|
retries: 10)
|
|
return tmpFile.exists()
|
|
}
|
|
}
|
|
|
|
thirdPartyAudit.enabled = false |