From 728cbb116416a0bd2683014387a63f92053f3c78 Mon Sep 17 00:00:00 2001 From: Tal Levy Date: Thu, 19 Jul 2018 16:37:49 -0700 Subject: [PATCH 1/2] add qa project for running ILM tests against security This is a bare-bones skeleton for running existing yaml tests with security enabled. Additional tests which test users and roles should follow --- .../build.gradle | 43 +++++++++++++++++ ...ycleWithSecurityClientYamlTestSuiteIT.java | 47 +++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle create mode 100644 x-pack/qa/smoke-test-index-lifecycle-with-security/src/test/java/org/elasticsearch/xpack/security/IndexLifecycleWithSecurityClientYamlTestSuiteIT.java diff --git a/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle b/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle new file mode 100644 index 0000000000000..02d8359fca6d2 --- /dev/null +++ b/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle @@ -0,0 +1,43 @@ +apply plugin: 'elasticsearch.standalone-rest-test' +apply plugin: 'elasticsearch.rest-test' + +dependencies { + testCompile project(path: xpackProject('plugin').path, configuration: 'testArtifacts') +} + +// bring in machine learning rest test suite +task copyILMRestTests(type: Copy) { + into project.sourceSets.test.output.resourcesDir + from project(xpackProject('plugin').path).sourceSets.test.resources.srcDirs + include 'rest-api-spec/test/index_lifecycle/**' +} + +integTestRunner { + systemProperty 'tests.rest.cluster.username', System.getProperty('tests.rest.cluster.username', 'test_user') + systemProperty 'tests.rest.cluster.password', System.getProperty('tests.rest.cluster.password', 'x-pack-test-password') +} + +integTestCluster { + dependsOn copyILMRestTests + setting 'xpack.index_lifecycle.enabled', 'true' + setting 'xpack.security.enabled', 'true' + setting 'xpack.watcher.enabled', 'false' + setting 'xpack.monitoring.enabled', 'false' + setting 'xpack.ml.enabled', 'false' + setting 'xpack.license.self_generated.type', 'trial' + setupCommand 'setupDummyUser', + 'bin/elasticsearch-users', + 'useradd', System.getProperty('tests.rest.cluster.username', 'test_user'), + '-p', System.getProperty('tests.rest.cluster.password', 'x-pack-test-password'), + '-r', 'superuser' + waitCondition = { node, ant -> + File tmpFile = new File(node.cwd, 'wait.success') + ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow", + dest: tmpFile.toString(), + username: 'test_user', + password: 'x-pack-test-password', + ignoreerrors: true, + retries: 10) + return tmpFile.exists() + } +} diff --git a/x-pack/qa/smoke-test-index-lifecycle-with-security/src/test/java/org/elasticsearch/xpack/security/IndexLifecycleWithSecurityClientYamlTestSuiteIT.java b/x-pack/qa/smoke-test-index-lifecycle-with-security/src/test/java/org/elasticsearch/xpack/security/IndexLifecycleWithSecurityClientYamlTestSuiteIT.java new file mode 100644 index 0000000000000..7c7892ec99267 --- /dev/null +++ b/x-pack/qa/smoke-test-index-lifecycle-with-security/src/test/java/org/elasticsearch/xpack/security/IndexLifecycleWithSecurityClientYamlTestSuiteIT.java @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +package org.elasticsearch.xpack.security; + +import com.carrotsearch.randomizedtesting.annotations.Name; +import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; +import com.carrotsearch.randomizedtesting.annotations.TimeoutSuite; +import org.apache.lucene.util.TimeUnits; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; +import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; +import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; + +import java.util.Objects; + +import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; + +@TimeoutSuite(millis = 30 * TimeUnits.MINUTE) // as default timeout seems not enough on the jenkins VMs +public class IndexLifecycleWithSecurityClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { + + private static final String USER = Objects.requireNonNull(System.getProperty("tests.rest.cluster.username")); + private static final String PASS = Objects.requireNonNull(System.getProperty("tests.rest.cluster.password")); + + public IndexLifecycleWithSecurityClientYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { + super(testCandidate); + } + + @ParametersFactory + public static Iterable parameters() throws Exception { + return ESClientYamlSuiteTestCase.createParameters(); + } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue(USER, new SecureString(PASS.toCharArray())); + return Settings.builder() + .put(super.restClientSettings()) + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } +} + From e55490b196508b543ab5aaddb8ee8ba26f1f18d8 Mon Sep 17 00:00:00 2001 From: Tal Levy Date: Fri, 20 Jul 2018 13:36:48 -0700 Subject: [PATCH 2/2] cleanup with suggestions from review --- .../build.gradle | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle b/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle index 02d8359fca6d2..7b931e5bedd1e 100644 --- a/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle +++ b/x-pack/qa/smoke-test-index-lifecycle-with-security/build.gradle @@ -5,16 +5,19 @@ dependencies { testCompile project(path: xpackProject('plugin').path, configuration: 'testArtifacts') } -// bring in machine learning rest test suite +// bring in ILM rest test suite task copyILMRestTests(type: Copy) { into project.sourceSets.test.output.resourcesDir - from project(xpackProject('plugin').path).sourceSets.test.resources.srcDirs + from xpackProject('plugin').sourceSets.test.resources.srcDirs include 'rest-api-spec/test/index_lifecycle/**' } +def clusterCredentials = [username: System.getProperty('tests.rest.cluster.username', 'test_user'), + password: System.getProperty('tests.rest.cluster.password', 'x-pack-test-password')] + integTestRunner { - systemProperty 'tests.rest.cluster.username', System.getProperty('tests.rest.cluster.username', 'test_user') - systemProperty 'tests.rest.cluster.password', System.getProperty('tests.rest.cluster.password', 'x-pack-test-password') + systemProperty 'tests.rest.cluster.username', clusterCredentials.username + systemProperty 'tests.rest.cluster.password', clusterCredentials.password } integTestCluster { @@ -27,15 +30,15 @@ integTestCluster { setting 'xpack.license.self_generated.type', 'trial' setupCommand 'setupDummyUser', 'bin/elasticsearch-users', - 'useradd', System.getProperty('tests.rest.cluster.username', 'test_user'), - '-p', System.getProperty('tests.rest.cluster.password', 'x-pack-test-password'), + 'useradd', clusterCredentials.username, + '-p', clusterCredentials.password, '-r', 'superuser' waitCondition = { node, ant -> File tmpFile = new File(node.cwd, 'wait.success') ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow", dest: tmpFile.toString(), - username: 'test_user', - password: 'x-pack-test-password', + username: clusterCredentials.username, + password: clusterCredentials.password, ignoreerrors: true, retries: 10) return tmpFile.exists()