Skip to content

Commit

Permalink
Factor out CA certificate in packaging tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@albertzaharovits
albertzaharovits committed Oct 13, 2021
1 parent 774c1f0 commit 1f3b26d
Show file tree
Hide file tree
Showing 10 changed files with 136 additions and 150 deletions.
8 changes: 1 addition & 7 deletions ...rc/test/java/org/elasticsearch/packaging/test/ArchiveGenerateInitialCredentialsTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@

package org.elasticsearch.packaging.test;

import org.apache.http.client.fluent.Request;
import org.elasticsearch.packaging.util.Distribution;
import org.elasticsearch.packaging.util.FileUtils;
import org.elasticsearch.packaging.util.ServerUtils;
Expand Down Expand Up @@ -83,12 +82,7 @@ public void test40VerifyAutogeneratedCredentials() throws Exception {
assertThat(parseElasticPassword(result.stdout), notNullValue());
assertThat(parseKibanaToken(result.stdout), notNullValue());
assertThat(parseFingerprint(result.stdout), notNullValue());
String response = ServerUtils.makeRequest(
Request.Get("https://localhost:9200"),
"elastic",
parseElasticPassword(result.stdout),
ServerUtils.getCaCert(installation)
);
String response = makeRequestAsElastic("https://localhost:9200", parseElasticPassword(result.stdout));
assertThat(response, containsString("You Know, for Search"));
}

Expand Down
60 changes: 18 additions & 42 deletions qa/os/src/test/java/org/elasticsearch/packaging/test/ArchiveTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@
import static org.elasticsearch.packaging.util.FileUtils.append;
import static org.elasticsearch.packaging.util.FileUtils.mv;
import static org.elasticsearch.packaging.util.FileUtils.rm;
import static org.elasticsearch.packaging.util.ServerUtils.makeRequest;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
Expand All @@ -53,16 +52,10 @@ public static void filterDistros() {
assumeTrue("only archives", distribution.isArchive());
}

private static String superuser = "test_superuser";
private static String superuserPassword = "test_superuser";

public void test10Install() throws Exception {
installation = installArchive(sh, distribution());
verifyArchiveInstallation(installation, distribution());
Result result = sh.run(
installation.executables().usersTool + " useradd " + superuser + " -p " + superuserPassword + " -r " + "superuser"
);
assumeTrue(result.isSuccess());
setFileSuperuser("test_superuser", "test_superuser_password");
// See https://bugs.openjdk.java.net/browse/JDK-8267701. In short, when generating PKCS#12 keystores in JDK 12 and later
// the MAC algorithm used for integrity protection is incompatible with any previous JDK version. This affects us as we generate
// PKCS12 keystores on startup ( with the bundled JDK ) but we also need to run certain tests with a JDK other than the bundled
Expand Down Expand Up @@ -208,7 +201,7 @@ public void test44AutoConfigurationNotTriggeredOnNotWriteableConfDir() throws Ex
startElasticsearch();
verifySecurityNotAutoConfigured(installation);
// the node still starts, with Security enabled, but without TLS auto-configured (so only authentication)
ServerUtils.runElasticsearchTests(superuser, superuserPassword, null);
runElasticsearchTests();
stopElasticsearch();
} finally {
Platforms.onWindows(() -> {
Expand Down Expand Up @@ -294,10 +287,8 @@ public void test52AutoConfigurationOnWindows() throws Exception {

public void test60StartAndStop() throws Exception {
startElasticsearch();

assertThat(installation.logs.resolve("gc.log"), fileExists());
ServerUtils.runElasticsearchTests(superuser, superuserPassword, ServerUtils.getCaCert(installation));

runElasticsearchTests();
stopElasticsearch();
}

Expand All @@ -312,7 +303,7 @@ public void test61EsJavaHomeOverride() throws Exception {
});

startElasticsearch();
ServerUtils.runElasticsearchTests(superuser, superuserPassword, ServerUtils.getCaCert(installation));
runElasticsearchTests();
stopElasticsearch();

String systemJavaHome1 = sh.getEnv().get("ES_JAVA_HOME");
Expand All @@ -339,7 +330,7 @@ public void test62JavaHomeIgnored() throws Exception {
assertThat(runResult.stderr, containsString("warning: ignoring JAVA_HOME=" + systemJavaHome + "; using bundled JDK"));

startElasticsearch();
ServerUtils.runElasticsearchTests(superuser, superuserPassword, ServerUtils.getCaCert(installation));
runElasticsearchTests();
stopElasticsearch();

// if the JDK started with the bundled JDK then we know that JAVA_HOME was ignored
Expand All @@ -363,7 +354,7 @@ public void test63BundledJdkRemoved() throws Exception {
});

startElasticsearch();
ServerUtils.runElasticsearchTests(superuser, superuserPassword, ServerUtils.getCaCert(installation));
runElasticsearchTests();
stopElasticsearch();

String systemJavaHome1 = sh.getEnv().get("ES_JAVA_HOME");
Expand All @@ -384,7 +375,7 @@ public void test64JavaHomeWithSpecialCharacters() throws Exception {

// verify ES can start, stop and run plugin list
startElasticsearch();
ServerUtils.runElasticsearchTests(superuser, superuserPassword, ServerUtils.getCaCert(installation));
runElasticsearchTests();
stopElasticsearch();

String pluginListCommand = installation.bin + "/elasticsearch-plugin list";
Expand All @@ -409,7 +400,7 @@ public void test64JavaHomeWithSpecialCharacters() throws Exception {

// verify ES can start, stop and run plugin list
startElasticsearch();
ServerUtils.runElasticsearchTests(superuser, superuserPassword, ServerUtils.getCaCert(installation));
runElasticsearchTests();
stopElasticsearch();

String pluginListCommand = installation.bin + "/elasticsearch-plugin list";
Expand All @@ -427,7 +418,7 @@ public void test65ForceBundledJdkEmptyJavaHome() throws Exception {
sh.getEnv().put("ES_JAVA_HOME", "");

startElasticsearch();
ServerUtils.runElasticsearchTests(superuser, superuserPassword, ServerUtils.getCaCert(installation));
runElasticsearchTests();
stopElasticsearch();
}

Expand All @@ -439,7 +430,7 @@ public void test65ForceBundledJdkEmptyJavaHome() throws Exception {
public void test66InstallUnderPosix() throws Exception {
sh.getEnv().put("POSIXLY_CORRECT", "1");
startElasticsearch();
ServerUtils.runElasticsearchTests(superuser, superuserPassword, ServerUtils.getCaCert(installation));
runElasticsearchTests();
stopElasticsearch();
}

Expand All @@ -452,11 +443,11 @@ public void test70CustomPathConfAndJvmOptions() throws Exception {
sh.getEnv().put("ES_JAVA_OPTS", "-XX:-UseCompressedOops");
startElasticsearch();

final String nodesResponse = makeRequest(
final String nodesResponse = ServerUtils.makeRequest(
Request.Get("https://localhost:9200/_nodes"),
superuser,
superuserPassword,
ServerUtils.getCaCert(installation)
"test_superuser",
"test_superuser_password",
ServerUtils.getCaCert(tempConf)
);
assertThat(nodesResponse, containsString("\"heap_init_in_bytes\":536870912"));
assertThat(nodesResponse, containsString("\"using_compressed_ordinary_object_pointers\":\"false\""));
Expand All @@ -473,12 +464,7 @@ public void test71CustomJvmOptionsDirectoryFile() throws Exception {

startElasticsearch();

final String nodesResponse = makeRequest(
Request.Get("https://localhost:9200/_nodes"),
superuser,
superuserPassword,
ServerUtils.getCaCert(installation)
);
final String nodesResponse = makeRequest("https://localhost:9200/_nodes");
assertThat(nodesResponse, containsString("\"heap_init_in_bytes\":536870912"));

stopElasticsearch();
Expand All @@ -501,12 +487,7 @@ public void test72CustomJvmOptionsDirectoryFilesAreProcessedInSortedOrder() thro

startElasticsearch();

final String nodesResponse = makeRequest(
Request.Get("https://localhost:9200/_nodes"),
superuser,
superuserPassword,
ServerUtils.getCaCert(installation)
);
final String nodesResponse = makeRequest("https://localhost:9200/_nodes");
assertThat(nodesResponse, containsString("\"heap_init_in_bytes\":536870912"));
assertThat(nodesResponse, containsString("\"using_compressed_ordinary_object_pointers\":\"false\""));

Expand All @@ -523,7 +504,7 @@ public void test73CustomJvmOptionsDirectoryFilesWithoutOptionsExtensionIgnored()
append(jvmOptionsIgnored, "-Xthis_is_not_a_valid_option\n");

startElasticsearch();
ServerUtils.runElasticsearchTests(superuser, superuserPassword, ServerUtils.getCaCert(installation));
runElasticsearchTests();
stopElasticsearch();
} finally {
rm(jvmOptionsIgnored);
Expand All @@ -535,12 +516,7 @@ public void test80RelativePathConf() throws Exception {
append(tempConf.resolve("elasticsearch.yml"), "node.name: relative");
startElasticsearch();

final String nodesResponse = makeRequest(
Request.Get("https://localhost:9200/_nodes"),
superuser,
superuserPassword,
ServerUtils.getCaCert(installation)
);
final String nodesResponse = makeRequest("https://localhost:9200/_nodes");
assertThat(nodesResponse, containsString("\"name\":\"relative\""));

stopElasticsearch();
Expand Down
17 changes: 4 additions & 13 deletions qa/os/src/test/java/org/elasticsearch/packaging/test/ConfigurationTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,31 +12,22 @@
import org.elasticsearch.packaging.util.FileUtils;
import org.elasticsearch.packaging.util.Platforms;
import org.elasticsearch.packaging.util.ServerUtils;
import org.elasticsearch.packaging.util.Shell;
import org.junit.Before;

import static org.elasticsearch.packaging.util.FileUtils.append;
import static org.elasticsearch.packaging.util.ServerUtils.makeRequest;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.junit.Assume.assumeFalse;

public class ConfigurationTests extends PackagingTestCase {

private static String superuser = "test_superuser";
private static String superuserPassword = "test_superuser";

@Before
public void filterDistros() {
assumeFalse("no docker", distribution.isDocker());
}

public void test10Install() throws Exception {
install();
Shell.Result result = sh.run(
installation.executables().usersTool + " useradd " + superuser + " -p " + superuserPassword + " -r " + "superuser"
);
assertThat(result.isSuccess(), is(true));
setFileSuperuser("test_superuser", "test_superuser_password");
}

public void test20HostnameSubstitution() throws Exception {
Expand All @@ -53,10 +44,10 @@ public void test20HostnameSubstitution() throws Exception {
// security auto-config requires that the archive owner and the node process user be the same
Platforms.onWindows(() -> sh.chown(confPath, installation.getOwner()));
assertWhileRunning(() -> {
final String nameResponse = makeRequest(
final String nameResponse = ServerUtils.makeRequest(
Request.Get(protocol + "://localhost:9200/_cat/nodes?h=name"),
superuser,
superuserPassword,
"test_superuser",
"test_superuser_password",
ServerUtils.getCaCert(confPath)
).strip();
assertThat(nameResponse, equalTo("mytesthost"));
Expand Down
44 changes: 19 additions & 25 deletions qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,6 @@
*/
public class DockerTests extends PackagingTestCase {
private Path tempDir;
private static final String USERNAME = "elastic";
private static final String PASSWORD = "nothunter2";

@BeforeClass
Expand Down Expand Up @@ -125,13 +124,8 @@ public void test010Install() throws Exception {
* Check that security is enabled
*/
public void test011SecurityEnabledStatus() throws Exception {
waitForElasticsearch(installation, USERNAME, PASSWORD);
final int statusCode = ServerUtils.makeRequestAndGetStatus(
Request.Get("https://localhost:9200"),
USERNAME,
"wrong_password",
ServerUtils.getCaCert(installation)
);
waitForElasticsearch(installation, "elastic", PASSWORD);
final int statusCode = makeRequestAsElastic("wrong_password");
assertThat(statusCode, equalTo(401));
}

Expand Down Expand Up @@ -226,7 +220,7 @@ public void test041AmazonCaCertsAreInTheKeystore() {
* Check that when the keystore is created on startup, it is created with the correct permissions.
*/
public void test042KeystorePermissionsAreCorrect() {
waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);

assertThat(installation.config("elasticsearch.keystore"), file(p660));
}
Expand All @@ -236,11 +230,11 @@ public void test042KeystorePermissionsAreCorrect() {
* is minimally functional.
*/
public void test050BasicApiTests() throws Exception {
waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);

assertTrue(existsInContainer(installation.logs.resolve("gc.log")));

ServerUtils.runElasticsearchTests(USERNAME, PASSWORD, ServerUtils.getCaCert(installation));
runElasticsearchTestsAsElastic(PASSWORD);
}

/**
Expand Down Expand Up @@ -276,9 +270,9 @@ public void test070BindMountCustomPathConfAndJvmOptions() throws Exception {
.envVar("ELASTIC_PASSWORD", PASSWORD)
);

waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);

final JsonNode nodes = getJson("/_nodes", USERNAME, PASSWORD, ServerUtils.getCaCert(installation)).get("nodes");
final JsonNode nodes = getJson("/_nodes", "elastic", PASSWORD, ServerUtils.getCaCert(installation)).get("nodes");
final String nodeId = nodes.fieldNames().next();

final int heapSize = nodes.at("/" + nodeId + "/jvm/mem/heap_init_in_bytes").intValue();
Expand All @@ -304,9 +298,9 @@ public void test071BindMountCustomPathWithDifferentUID() throws Exception {
distribution(),
builder().volume(tempEsDataDir.toAbsolutePath(), installation.data).envVar("ELASTIC_PASSWORD", PASSWORD)
);
waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);

final JsonNode nodes = getJson("/_nodes", USERNAME, PASSWORD, ServerUtils.getCaCert(installation));
final JsonNode nodes = getJson("/_nodes", "elastic", PASSWORD, ServerUtils.getCaCert(installation));

assertThat(nodes.at("/_nodes/total").intValue(), equalTo(1));
assertThat(nodes.at("/_nodes/successful").intValue(), equalTo(1));
Expand Down Expand Up @@ -360,7 +354,7 @@ public void test072RunEsAsDifferentUserAndGroup() throws Exception {
.volume(tempEsLogsDir.toAbsolutePath(), installation.logs)
);

waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);
rmDirWithPrivilegeEscalation(tempEsConfigDir);
rmDirWithPrivilegeEscalation(tempEsDataDir);
rmDirWithPrivilegeEscalation(tempEsLogsDir);
Expand All @@ -374,7 +368,7 @@ public void test073RunEsAsDifferentUserAndGroupWithoutBindMounting() {
// Restart the container
runContainer(distribution(), builder().extraArgs("--group-add 0").uid(501, 501).envVar("ELASTIC_PASSWORD", PASSWORD));

waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);
}

/**
Expand Down Expand Up @@ -778,7 +772,7 @@ public void test110OrgOpencontainersLabels() throws Exception {
* Check that the container logs contain the expected content for Elasticsearch itself.
*/
public void test120DockerLogsIncludeElasticsearchLogs() {
waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);
final Result containerLogs = getContainerLogs();

assertThat("Container logs should contain full class names", containerLogs.stdout, containsString("org.elasticsearch.node.Node"));
Expand All @@ -791,7 +785,7 @@ public void test120DockerLogsIncludeElasticsearchLogs() {
public void test121CanUseStackLoggingConfig() {
runContainer(distribution(), builder().envVar("ES_LOG_STYLE", "file").envVar("ELASTIC_PASSWORD", PASSWORD));

waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);

final Result containerLogs = getContainerLogs();
final List<String> stdout = containerLogs.stdout.lines().collect(Collectors.toList());
Expand All @@ -806,7 +800,7 @@ public void test121CanUseStackLoggingConfig() {
public void test122CanUseDockerLoggingConfig() {
runContainer(distribution(), builder().envVar("ES_LOG_STYLE", "console").envVar("ELASTIC_PASSWORD", PASSWORD));

waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);

final Result containerLogs = getContainerLogs();
final List<String> stdout = containerLogs.stdout.lines().collect(Collectors.toList());
Expand All @@ -830,12 +824,12 @@ public void test123CannotUseUnknownLoggingConfig() {
public void test124CanRestartContainerWithStackLoggingConfig() {
runContainer(distribution(), builder().envVar("ES_LOG_STYLE", "file").envVar("ELASTIC_PASSWORD", PASSWORD));

waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);

restartContainer();

// If something went wrong running Elasticsearch the second time, this will fail.
waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);
}

/**
Expand Down Expand Up @@ -871,9 +865,9 @@ public void test131InitProcessHasCorrectPID() {
* Check that Elasticsearch reports per-node cgroup information.
*/
public void test140CgroupOsStatsAreAvailable() throws Exception {
waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);

final JsonNode nodes = getJson("/_nodes/stats/os", USERNAME, PASSWORD, ServerUtils.getCaCert(installation)).get("nodes");
final JsonNode nodes = getJson("/_nodes/stats/os", "elastic", PASSWORD, ServerUtils.getCaCert(installation)).get("nodes");

final String nodeId = nodes.fieldNames().next();

Expand Down Expand Up @@ -907,7 +901,7 @@ public void test150MachineDependentHeap() throws Exception {
builder().memory("942m").volume(jvmOptionsPath, containerJvmOptionsPath).envVar("ELASTIC_PASSWORD", PASSWORD)
);

waitForElasticsearch(installation, USERNAME, PASSWORD);
waitForElasticsearch(installation, "elastic", PASSWORD);

// Grab the container output and find the line where it print the JVM arguments. This will
// let us see what the automatic heap sizing calculated.
Expand Down
Loading

0 comments on commit 1f3b26d

Please sign in to comment.