diff --git a/distribution/docker/src/test/java/org/elasticsearch/docker/test/DockerYmlTestSuiteIT.java b/distribution/docker/src/test/java/org/elasticsearch/docker/test/DockerYmlTestSuiteIT.java index d3e475278c3fe..7ce27f90d9b0e 100644 --- a/distribution/docker/src/test/java/org/elasticsearch/docker/test/DockerYmlTestSuiteIT.java +++ b/distribution/docker/src/test/java/org/elasticsearch/docker/test/DockerYmlTestSuiteIT.java @@ -10,7 +10,6 @@ import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.client.Request; -import org.elasticsearch.common.CharArrays; import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; @@ -24,11 +23,8 @@ import java.io.IOException; import java.net.URISyntaxException; -import java.nio.CharBuffer; import java.nio.file.Files; import java.nio.file.Path; -import java.util.Arrays; -import java.util.Base64; public class DockerYmlTestSuiteIT extends ESClientYamlSuiteTestCase { @@ -130,22 +126,4 @@ protected String getProtocol() { } return "https"; } - - private static String basicAuthHeaderValue(String username, SecureString passwd) { - CharBuffer chars = CharBuffer.allocate(username.length() + passwd.length() + 1); - byte[] charBytes = null; - try { - chars.put(username).put(':').put(passwd.getChars()); - charBytes = CharArrays.toUtf8Bytes(chars.array()); - - //TODO we still have passwords in Strings in headers. Maybe we can look into using a CharSequence? - String basicToken = Base64.getEncoder().encodeToString(charBytes); - return "Basic " + basicToken; - } finally { - Arrays.fill(chars.array(), (char) 0); - if (charBytes != null) { - Arrays.fill(charBytes, (byte) 0); - } - } - } } diff --git a/docs/build.gradle b/docs/build.gradle index 41167e46a3db9..b099b8f0a1100 100644 --- a/docs/build.gradle +++ b/docs/build.gradle @@ -49,6 +49,7 @@ testClusters.integTest { // enable regexes in painless so our tests don't complain about example snippets that use them setting 'script.painless.regex.enabled', 'true' + setting 'xpack.security.enabled', 'false' setting 'path.repo', "${buildDir}/cluster/shared/repo" Closure configFile = { extraConfigFile it, file("src/test/cluster/config/$it") diff --git a/docs/reference/rest-api/usage.asciidoc b/docs/reference/rest-api/usage.asciidoc index 56233609165fc..a63e6739866a0 100644 --- a/docs/reference/rest-api/usage.asciidoc +++ b/docs/reference/rest-api/usage.asciidoc @@ -48,15 +48,7 @@ GET /_xpack/usage { "security" : { "available" : true, - "enabled" : false, - "ssl" : { - "http" : { - "enabled" : false - }, - "transport" : { - "enabled" : false - } - } + "enabled" : false }, "monitoring" : { "available" : true, diff --git a/modules/ingest-geoip/qa/file-based-update/build.gradle b/modules/ingest-geoip/qa/file-based-update/build.gradle index 4f2ed2e30a54f..507715e703b23 100644 --- a/modules/ingest-geoip/qa/file-based-update/build.gradle +++ b/modules/ingest-geoip/qa/file-based-update/build.gradle @@ -12,6 +12,8 @@ apply plugin: 'elasticsearch.rest-test' testClusters.all { testDistribution = 'DEFAULT' setting 'resource.reload.interval.high', '100ms' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } tasks.named("integTest").configure { diff --git a/modules/ingest-geoip/qa/file-based-update/src/test/java/org/elasticsearch/ingest/geoip/UpdateDatabasesIT.java b/modules/ingest-geoip/qa/file-based-update/src/test/java/org/elasticsearch/ingest/geoip/UpdateDatabasesIT.java index 9179fe7010237..918266ff78df7 100644 --- a/modules/ingest-geoip/qa/file-based-update/src/test/java/org/elasticsearch/ingest/geoip/UpdateDatabasesIT.java +++ b/modules/ingest-geoip/qa/file-based-update/src/test/java/org/elasticsearch/ingest/geoip/UpdateDatabasesIT.java @@ -11,6 +11,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.common.io.PathUtils; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.ObjectPath; import org.elasticsearch.common.xcontent.XContentHelper; import org.elasticsearch.common.xcontent.json.JsonXContent; @@ -53,4 +56,12 @@ private static Map toMap(Response response) throws IOException { return XContentHelper.convertToMap(JsonXContent.jsonXContent, EntityUtils.toString(response.getEntity()), false); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/plugins/examples/painless-whitelist/build.gradle b/plugins/examples/painless-whitelist/build.gradle index 9cd57a2d64799..4728919d271be 100644 --- a/plugins/examples/painless-whitelist/build.gradle +++ b/plugins/examples/painless-whitelist/build.gradle @@ -23,6 +23,7 @@ dependencies { testClusters.all { testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'false' } tasks.named("test").configure { enabled = false } diff --git a/qa/ccs-rolling-upgrade-remote-cluster/build.gradle b/qa/ccs-rolling-upgrade-remote-cluster/build.gradle index 47f0480f8c60e..79507e080da35 100644 --- a/qa/ccs-rolling-upgrade-remote-cluster/build.gradle +++ b/qa/ccs-rolling-upgrade-remote-cluster/build.gradle @@ -35,12 +35,14 @@ for (Version bwcVersion : BuildParams.bwcVersions.wireCompatible) { numberOfNodes = 2 versions = [bwcVersionStr, project.version] setting 'cluster.remote.node.attr', 'gateway' + setting 'xpack.security.enabled', 'false' } "${baseName}-remote" { numberOfNodes = 3 versions = [bwcVersionStr, project.version] firstNode.setting 'node.attr.gateway', 'true' lastNode.setting 'node.attr.gateway', 'true' + setting 'xpack.security.enabled', 'false' } } diff --git a/qa/ccs-unavailable-clusters/build.gradle b/qa/ccs-unavailable-clusters/build.gradle index 5f24db03aed06..6f6f08f4eb55f 100644 --- a/qa/ccs-unavailable-clusters/build.gradle +++ b/qa/ccs-unavailable-clusters/build.gradle @@ -10,6 +10,11 @@ apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.test-with-dependencies' +testClusters.matching { it.name == "integTest" }.configureEach { + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' +} + dependencies { testImplementation project(":client:rest-high-level") } diff --git a/qa/ccs-unavailable-clusters/src/test/java/org/elasticsearch/search/CrossClusterSearchUnavailableClusterIT.java b/qa/ccs-unavailable-clusters/src/test/java/org/elasticsearch/search/CrossClusterSearchUnavailableClusterIT.java index 6ee4423c7c661..00f0fb99f6c45 100644 --- a/qa/ccs-unavailable-clusters/src/test/java/org/elasticsearch/search/CrossClusterSearchUnavailableClusterIT.java +++ b/qa/ccs-unavailable-clusters/src/test/java/org/elasticsearch/search/CrossClusterSearchUnavailableClusterIT.java @@ -38,7 +38,9 @@ import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.node.DiscoveryNodes; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.search.aggregations.InternalAggregations; @@ -327,4 +329,12 @@ private HighLevelClient(RestClient restClient) { super(restClient, (client) -> {}, Collections.emptyList()); } } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/qa/die-with-dignity/build.gradle b/qa/die-with-dignity/build.gradle index 7818c2935dce3..77d9952277346 100644 --- a/qa/die-with-dignity/build.gradle +++ b/qa/die-with-dignity/build.gradle @@ -21,6 +21,8 @@ javaRestTest { testClusters.matching { it.name == "javaRestTest" }.configureEach { systemProperty "die.with.dignity.test", "whatever" + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } tasks.named("test").configure { diff --git a/qa/die-with-dignity/src/javaRestTest/java/org/elasticsearch/qa/die_with_dignity/DieWithDignityIT.java b/qa/die-with-dignity/src/javaRestTest/java/org/elasticsearch/qa/die_with_dignity/DieWithDignityIT.java index f53f5526a3d33..6ee6a5a67ed5f 100644 --- a/qa/die-with-dignity/src/javaRestTest/java/org/elasticsearch/qa/die_with_dignity/DieWithDignityIT.java +++ b/qa/die-with-dignity/src/javaRestTest/java/org/elasticsearch/qa/die_with_dignity/DieWithDignityIT.java @@ -10,7 +10,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.common.io.PathUtils; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import java.io.BufferedReader; @@ -26,6 +28,7 @@ import static org.hamcrest.Matchers.not; public class DieWithDignityIT extends ESRestTestCase { + public void testDieWithDignity() throws Exception { expectThrows( IOException.class, @@ -99,7 +102,9 @@ protected boolean preserveClusterUponCompletion() { @Override protected final Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); return Settings.builder().put(super.restClientSettings()) + .put(ThreadContext.PREFIX + ".Authorization", token) // increase the timeout here to 90 seconds to handle long waits for a green // cluster health. the waits for green need to be longer than a minute to // account for delayed shards diff --git a/qa/full-cluster-restart/build.gradle b/qa/full-cluster-restart/build.gradle index 2d55b4f84b4e1..fd58f10129a13 100644 --- a/qa/full-cluster-restart/build.gradle +++ b/qa/full-cluster-restart/build.gradle @@ -27,6 +27,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { setting 'indices.memory.shard_inactive_time', '60m' setting 'http.content_type.required', 'true' setting 'path.repo', "${buildDir}/cluster/shared/repo/${baseName}" + setting 'xpack.security.enabled', 'false' } } @@ -60,4 +61,4 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { tasks.register(bwcTaskName(bwcVersion)) { dependsOn tasks.named("${baseName}#upgradedClusterTest") } -} \ No newline at end of file +} diff --git a/qa/logging-config/build.gradle b/qa/logging-config/build.gradle index 9ab17185f2e17..c59f5cfb8f1b6 100644 --- a/qa/logging-config/build.gradle +++ b/qa/logging-config/build.gradle @@ -11,6 +11,10 @@ apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.standalone-test' +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + testClusters.integTest { /** * Provide a custom log4j configuration where layout is an old style pattern and confirm that Elasticsearch diff --git a/qa/mixed-cluster/build.gradle b/qa/mixed-cluster/build.gradle index 4995db6bbeb8a..c214efcb7ecbc 100644 --- a/qa/mixed-cluster/build.gradle +++ b/qa/mixed-cluster/build.gradle @@ -38,6 +38,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.wireCompatible) { numberOfNodes = 4 setting 'path.repo', "${buildDir}/cluster/shared/repo/${baseName}" + setting 'xpack.security.enabled', 'false' } } diff --git a/qa/multi-cluster-search/build.gradle b/qa/multi-cluster-search/build.gradle index dcc8a89071ad0..e59ed02d63d72 100644 --- a/qa/multi-cluster-search/build.gradle +++ b/qa/multi-cluster-search/build.gradle @@ -25,6 +25,7 @@ testClusters { 'remote-cluster' { numberOfNodes = 2 setting 'node.roles', '[data,ingest,master]' + setting 'xpack.security.enabled', 'false' } } @@ -38,6 +39,7 @@ testClusters.matching { it.name == "mixedClusterTest"}.configureEach { setting 'cluster.remote.my_remote_cluster.seeds', { "\"${testClusters.'remote-cluster'.getAllTransportPortURI().get(0)}\"" } setting 'cluster.remote.connections_per_cluster', '1' + setting 'xpack.security.enabled', 'false' } tasks.register("integTest") { diff --git a/qa/remote-clusters/src/test/java/org/elasticsearch/cluster/remote/test/AbstractMultiClusterRemoteTestCase.java b/qa/remote-clusters/src/test/java/org/elasticsearch/cluster/remote/test/AbstractMultiClusterRemoteTestCase.java index 77b8ed5c3ca08..0ae59b4f0416e 100644 --- a/qa/remote-clusters/src/test/java/org/elasticsearch/cluster/remote/test/AbstractMultiClusterRemoteTestCase.java +++ b/qa/remote-clusters/src/test/java/org/elasticsearch/cluster/remote/test/AbstractMultiClusterRemoteTestCase.java @@ -13,7 +13,6 @@ import org.elasticsearch.client.RequestOptions; import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestHighLevelClient; -import org.elasticsearch.common.CharArrays; import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; @@ -26,11 +25,8 @@ import java.io.IOException; import java.net.URISyntaxException; -import java.nio.CharBuffer; import java.nio.file.Files; import java.nio.file.Path; -import java.util.Arrays; -import java.util.Base64; import java.util.Collections; public abstract class AbstractMultiClusterRemoteTestCase extends ESRestTestCase { @@ -150,24 +146,6 @@ protected String getProtocol() { return "https"; } - private static String basicAuthHeaderValue(String username, SecureString passwd) { - CharBuffer chars = CharBuffer.allocate(username.length() + passwd.length() + 1); - byte[] charBytes = null; - try { - chars.put(username).put(':').put(passwd.getChars()); - charBytes = CharArrays.toUtf8Bytes(chars.array()); - - //TODO we still have passwords in Strings in headers. Maybe we can look into using a CharSequence? - String basicToken = Base64.getEncoder().encodeToString(charBytes); - return "Basic " + basicToken; - } finally { - Arrays.fill(chars.array(), (char) 0); - if (charBytes != null) { - Arrays.fill(charBytes, (byte) 0); - } - } - } - private String getProperty(String key) { String value = System.getProperty(key); if (value == null) { diff --git a/qa/repository-multi-version/build.gradle b/qa/repository-multi-version/build.gradle index 19f2d656c5f00..05bedf0bbd385 100644 --- a/qa/repository-multi-version/build.gradle +++ b/qa/repository-multi-version/build.gradle @@ -30,6 +30,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { version = v numberOfNodes = 2 setting 'path.repo', "${buildDir}/cluster/shared/repo/${baseName}" + setting 'xpack.security.enabled', 'false' } } @@ -76,4 +77,4 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { tasks.register(bwcTaskName(bwcVersion)) { dependsOn tasks.named("${baseName}#Step4NewClusterTest") } -} \ No newline at end of file +} diff --git a/qa/rolling-upgrade/build.gradle b/qa/rolling-upgrade/build.gradle index 7ed63292ba1a6..acdbd279c144f 100644 --- a/qa/rolling-upgrade/build.gradle +++ b/qa/rolling-upgrade/build.gradle @@ -39,6 +39,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.wireCompatible) { setting 'repositories.url.allowed_urls', 'http://snapshot.test*' setting 'path.repo', "${buildDir}/cluster/shared/repo/${baseName}" + setting 'xpack.security.enabled', 'false' setting 'http.content_type.required', 'true' } } diff --git a/qa/smoke-test-http/build.gradle b/qa/smoke-test-http/build.gradle index 6de9bcbb3af7e..30f0d29c22ae0 100644 --- a/qa/smoke-test-http/build.gradle +++ b/qa/smoke-test-http/build.gradle @@ -16,6 +16,10 @@ dependencies { testImplementation project(path: ':plugins:transport-nio') // for http } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("integTest").configure { /* * We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each diff --git a/qa/smoke-test-ingest-disabled/build.gradle b/qa/smoke-test-ingest-disabled/build.gradle index d657bfe78a4e6..ab992414630f1 100644 --- a/qa/smoke-test-ingest-disabled/build.gradle +++ b/qa/smoke-test-ingest-disabled/build.gradle @@ -14,6 +14,9 @@ apply plugin: 'elasticsearch.rest-resources' dependencies { testImplementation project(':modules:ingest-common') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} testClusters.integTest { setting 'node.roles', '[data,master,remote_cluster_client]' diff --git a/qa/smoke-test-ingest-with-all-dependencies/build.gradle b/qa/smoke-test-ingest-with-all-dependencies/build.gradle index c31b31e411195..b7a8df8cc2e15 100644 --- a/qa/smoke-test-ingest-with-all-dependencies/build.gradle +++ b/qa/smoke-test-ingest-with-all-dependencies/build.gradle @@ -19,6 +19,10 @@ dependencies { testImplementation project(':modules:reindex') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("testingConventions").configure { naming { IT { diff --git a/qa/smoke-test-multinode/build.gradle b/qa/smoke-test-multinode/build.gradle index 48d9e1e817b7c..0e7adfe05633e 100644 --- a/qa/smoke-test-multinode/build.gradle +++ b/qa/smoke-test-multinode/build.gradle @@ -23,6 +23,10 @@ testClusters.integTest { setting 'path.repo', repo.absolutePath } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + integTest { doFirst { project.delete(repo) diff --git a/qa/smoke-test-plugins/build.gradle b/qa/smoke-test-plugins/build.gradle index 740e913189289..67a54372e67e8 100644 --- a/qa/smoke-test-plugins/build.gradle +++ b/qa/smoke-test-plugins/build.gradle @@ -27,6 +27,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { pluginPaths.each { pluginPath -> plugin pluginPath } + setting 'xpack.security.enabled', 'false' } ext.expansions = [ diff --git a/qa/unconfigured-node-name/build.gradle b/qa/unconfigured-node-name/build.gradle index bc94289791a52..66c00eecda0d1 100644 --- a/qa/unconfigured-node-name/build.gradle +++ b/qa/unconfigured-node-name/build.gradle @@ -12,6 +12,10 @@ apply plugin: 'elasticsearch.testclusters' apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + testClusters.integTest { nameCustomization = { null } } diff --git a/qa/verify-version-constants/build.gradle b/qa/verify-version-constants/build.gradle index acc8d54902ab5..b8c8c6a879c28 100644 --- a/qa/verify-version-constants/build.gradle +++ b/qa/verify-version-constants/build.gradle @@ -22,6 +22,8 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { "${baseName}" { version = bwcVersion.toString() setting 'http.content_type.required', 'true' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } } diff --git a/qa/verify-version-constants/src/test/java/org/elasticsearch/qa/verify_version_constants/VerifyVersionConstantsIT.java b/qa/verify-version-constants/src/test/java/org/elasticsearch/qa/verify_version_constants/VerifyVersionConstantsIT.java index a883a5e137c7c..ee9e922e66871 100644 --- a/qa/verify-version-constants/src/test/java/org/elasticsearch/qa/verify_version_constants/VerifyVersionConstantsIT.java +++ b/qa/verify-version-constants/src/test/java/org/elasticsearch/qa/verify_version_constants/VerifyVersionConstantsIT.java @@ -11,6 +11,9 @@ import org.elasticsearch.Version; import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import org.elasticsearch.test.rest.yaml.ObjectPath; @@ -42,4 +45,12 @@ public boolean preserveClusterUponCompletion() { */ return true; } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java index 80b0c545eb68d..25baa7f95d48c 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java @@ -33,10 +33,12 @@ import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestClientBuilder; import org.elasticsearch.client.WarningsHandler; +import org.elasticsearch.common.CharArrays; import org.elasticsearch.common.CheckedRunnable; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.PathUtils; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.ssl.PemUtils; import org.elasticsearch.common.unit.TimeValue; @@ -68,6 +70,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.nio.CharBuffer; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; @@ -82,6 +85,7 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; +import java.util.Base64; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -302,6 +306,28 @@ public static RequestOptions expectWarnings(String... warnings) { return expectVersionSpecificWarnings(consumer -> consumer.current(warnings)); } + /** + * Construct a Basic auth header + * @param username user name + * @param passwd user password + */ + public static String basicAuthHeaderValue(String username, SecureString passwd) { + CharBuffer chars = CharBuffer.allocate(username.length() + passwd.length() + 1); + byte[] charBytes = null; + try { + chars.put(username).put(':').put(passwd.getChars()); + charBytes = CharArrays.toUtf8Bytes(chars.array()); + + String basicToken = Base64.getEncoder().encodeToString(charBytes); + return "Basic " + basicToken; + } finally { + Arrays.fill(chars.array(), (char) 0); + if (charBytes != null) { + Arrays.fill(charBytes, (byte) 0); + } + } + } + /** * Creates RequestOptions designed to ignore [types removal] warnings but nothing else * @deprecated this method is only required while we deprecate types and can be removed in 8.0 diff --git a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle index f0af6a5fe7f1d..355df38be0a30 100644 --- a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle +++ b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle @@ -15,13 +15,18 @@ testClusters { "leader-cluster" { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } "follow-cluster" { testDistribution = 'DEFAULT' setting 'xpack.monitoring.collection.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' - setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters."leader-cluster".getAllTransportPortURI().join(",")}\"" } + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' + setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters."leader-cluster".getAllTransportPortURI().join(",")}\"" + } } } diff --git a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java index 2cedcffb746ae..3782e95b33dd7 100644 --- a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java +++ b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java @@ -13,6 +13,9 @@ import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.logging.JsonLogLine; import org.elasticsearch.common.logging.JsonLogsStream; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.hamcrest.FeatureMatcher; import org.hamcrest.Matcher; import org.hamcrest.Matchers; @@ -124,4 +127,12 @@ private void createNewIndexAndIndexDocs(RestClient client, String index) throws } } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/ccr/qa/multi-cluster/build.gradle b/x-pack/plugin/ccr/qa/multi-cluster/build.gradle index d33401c3db27f..0a13e84eeed0d 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/build.gradle +++ b/x-pack/plugin/ccr/qa/multi-cluster/build.gradle @@ -13,11 +13,15 @@ testClusters { 'leader-cluster' { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' setting 'path.repo', "${buildDir}/cluster/shared/repo/leader-cluster" } 'middle-cluster' { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters.named('leader-cluster').get().getAllTransportPortURI().join(",")}\"" } } @@ -55,6 +59,8 @@ testClusters.matching { it.name == "follow-cluster" }.configureEach { testDistribution = 'DEFAULT' setting 'xpack.monitoring.collection.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters.named('leader-cluster').get().getAllTransportPortURI().join(",")}\"" } setting 'cluster.remote.middle_cluster.seeds', diff --git a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/AutoFollowIT.java b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/AutoFollowIT.java index 267f8c486a659..12224700490ca 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/AutoFollowIT.java +++ b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/AutoFollowIT.java @@ -16,7 +16,9 @@ import org.elasticsearch.client.RestClient; import org.elasticsearch.common.CheckedRunnable; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.ObjectPath; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.json.JsonXContent; @@ -771,7 +773,7 @@ private void deleteDataStream(RestClient client, String name) throws IOException Request deleteTemplateRequest = new Request("DELETE", "/_data_stream/" + name); assertOK(client.performRequest(deleteTemplateRequest)); } - + private Response getAutoFollowStats() throws IOException { final Request statsRequest = new Request("GET", "/_ccr/stats"); statsRequest.addParameter("pretty", Boolean.TRUE.toString()); @@ -792,4 +794,12 @@ private void assertLongBusy(CheckedRunnable runnable) throws Exceptio throw ae; } } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/ChainIT.java b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/ChainIT.java index 1a1cf44b858fd..5b857ebadcaad 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/ChainIT.java +++ b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/ChainIT.java @@ -8,7 +8,9 @@ package org.elasticsearch.xpack.ccr; import org.elasticsearch.client.RestClient; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; public class ChainIT extends ESCCRRestTestCase { @@ -67,4 +69,12 @@ public void testFollowIndex() throws Exception { } } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java index 1cf27112f0a56..e0ff2a02fc6bf 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java +++ b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java @@ -12,7 +12,9 @@ import org.elasticsearch.client.ResponseException; import org.elasticsearch.client.RestClient; import org.elasticsearch.cluster.metadata.DataStream; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.repositories.fs.FsRepository; import org.elasticsearch.rest.RestStatus; @@ -232,4 +234,12 @@ public void testFollowSearchableSnapshotsFails() throws Exception { assertThat(e.getResponse().getStatusLine().getStatusCode(), equalTo(400)); } } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/XPackUsageIT.java b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/XPackUsageIT.java index e41a95b957aaa..8493f0be79a44 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/XPackUsageIT.java +++ b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/XPackUsageIT.java @@ -8,6 +8,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.RestClient; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.ObjectPath; import java.io.IOException; @@ -91,4 +94,12 @@ private void assertIndexFollowingActive(String expectedFollowerIndex) throws IOE assertThat(followStatus, equalTo("active")); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/ccr/qa/non-compliant-license/build.gradle b/x-pack/plugin/ccr/qa/non-compliant-license/build.gradle index 6e4a8b1ef0114..a20fab7d86d65 100644 --- a/x-pack/plugin/ccr/qa/non-compliant-license/build.gradle +++ b/x-pack/plugin/ccr/qa/non-compliant-license/build.gradle @@ -12,11 +12,15 @@ dependencies { testClusters { 'leader-cluster' { testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } 'follow-cluster' { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters.'leader-cluster'.getAllTransportPortURI().join(",")}\"" } } diff --git a/x-pack/plugin/ccr/qa/non-compliant-license/src/test/java/org/elasticsearch/xpack/ccr/CcrMultiClusterLicenseIT.java b/x-pack/plugin/ccr/qa/non-compliant-license/src/test/java/org/elasticsearch/xpack/ccr/CcrMultiClusterLicenseIT.java index 88c490a30bfc4..7aa486d728737 100644 --- a/x-pack/plugin/ccr/qa/non-compliant-license/src/test/java/org/elasticsearch/xpack/ccr/CcrMultiClusterLicenseIT.java +++ b/x-pack/plugin/ccr/qa/non-compliant-license/src/test/java/org/elasticsearch/xpack/ccr/CcrMultiClusterLicenseIT.java @@ -9,6 +9,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.ResponseException; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import java.util.Locale; @@ -44,4 +47,11 @@ private static void assertNonCompliantLicense(final Request request, final Strin assertThat(e, hasToString(containsString(expected))); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/x-pack/plugin/ccr/qa/restart/build.gradle b/x-pack/plugin/ccr/qa/restart/build.gradle index 82fdb18eaa5e2..f143a4fade14d 100644 --- a/x-pack/plugin/ccr/qa/restart/build.gradle +++ b/x-pack/plugin/ccr/qa/restart/build.gradle @@ -12,12 +12,16 @@ testClusters { 'leader-cluster' { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } 'follow-cluster' { testDistribution = 'DEFAULT' setting 'xpack.monitoring.collection.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters.'leader-cluster'.getAllTransportPortURI().get(0)}\"" } nameCustomization = { 'follow' } diff --git a/x-pack/plugin/ccr/qa/restart/src/test/java/org/elasticsearch/xpack/ccr/RestartIT.java b/x-pack/plugin/ccr/qa/restart/src/test/java/org/elasticsearch/xpack/ccr/RestartIT.java index 858ffde006fa3..efb5e7a1a86cf 100644 --- a/x-pack/plugin/ccr/qa/restart/src/test/java/org/elasticsearch/xpack/ccr/RestartIT.java +++ b/x-pack/plugin/ccr/qa/restart/src/test/java/org/elasticsearch/xpack/ccr/RestartIT.java @@ -10,7 +10,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.RestClient; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import java.io.IOException; @@ -95,4 +97,12 @@ private void verifyFollower(final String index, final int numberOfDocuments, fin }); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/ccr/qa/security/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexSecurityIT.java b/x-pack/plugin/ccr/qa/security/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexSecurityIT.java index cc71e67daa26b..4b5788ceb5dd6 100644 --- a/x-pack/plugin/ccr/qa/security/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexSecurityIT.java +++ b/x-pack/plugin/ccr/qa/security/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexSecurityIT.java @@ -26,7 +26,6 @@ import java.util.Map; import java.util.concurrent.TimeUnit; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasSize; diff --git a/x-pack/plugin/core/src/yamlRestTest/java/org/elasticsearch/license/XPackCoreClientYamlTestSuiteIT.java b/x-pack/plugin/core/src/yamlRestTest/java/org/elasticsearch/license/XPackCoreClientYamlTestSuiteIT.java index ccaa10bd1d6c3..b010e6c1eb133 100644 --- a/x-pack/plugin/core/src/yamlRestTest/java/org/elasticsearch/license/XPackCoreClientYamlTestSuiteIT.java +++ b/x-pack/plugin/core/src/yamlRestTest/java/org/elasticsearch/license/XPackCoreClientYamlTestSuiteIT.java @@ -15,8 +15,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - public class XPackCoreClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String BASIC_AUTH_VALUE = diff --git a/x-pack/plugin/data-streams/qa/rest/build.gradle b/x-pack/plugin/data-streams/qa/rest/build.gradle index 204e5d9d1201c..bf18f2a8c071d 100644 --- a/x-pack/plugin/data-streams/qa/rest/build.gradle +++ b/x-pack/plugin/data-streams/qa/rest/build.gradle @@ -19,6 +19,7 @@ testClusters.all { setting 'xpack.license.self_generated.type', 'trial' // disable ILM history, since it disturbs tests using _all setting 'indices.lifecycle.history_index_enabled', 'false' + setting 'xpack.security.enabled', 'false' } if (BuildParams.inFipsJvm){ // These fail in CI but only when run as part of checkPart2 and not individually. diff --git a/x-pack/plugin/enrich/qa/common/build.gradle b/x-pack/plugin/enrich/qa/common/build.gradle index 72cd4bba91169..d4f5f678196d1 100644 --- a/x-pack/plugin/enrich/qa/common/build.gradle +++ b/x-pack/plugin/enrich/qa/common/build.gradle @@ -4,3 +4,9 @@ tasks.named("test").configure { enabled = false } dependencies { api project(':test:framework') } + +testClusters.all { + testDistribution = 'DEFAULT' + setting 'xpack.license.self_generated.type', 'basic' + setting 'xpack.security.enabled', 'false' +} diff --git a/x-pack/plugin/enrich/qa/rest-with-advanced-security/src/javaRestTest/java/org/elasticsearch/xpack/enrich/EnrichAdvancedSecurityIT.java b/x-pack/plugin/enrich/qa/rest-with-advanced-security/src/javaRestTest/java/org/elasticsearch/xpack/enrich/EnrichAdvancedSecurityIT.java index f2b4abd1274e8..f0cb70b80f4a6 100644 --- a/x-pack/plugin/enrich/qa/rest-with-advanced-security/src/javaRestTest/java/org/elasticsearch/xpack/enrich/EnrichAdvancedSecurityIT.java +++ b/x-pack/plugin/enrich/qa/rest-with-advanced-security/src/javaRestTest/java/org/elasticsearch/xpack/enrich/EnrichAdvancedSecurityIT.java @@ -6,7 +6,6 @@ */ package org.elasticsearch.xpack.enrich; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.nullValue; diff --git a/x-pack/plugin/enrich/qa/rest/build.gradle b/x-pack/plugin/enrich/qa/rest/build.gradle index 33c7c294727a6..99d2e43ac60d5 100644 --- a/x-pack/plugin/enrich/qa/rest/build.gradle +++ b/x-pack/plugin/enrich/qa/rest/build.gradle @@ -23,4 +23,5 @@ testClusters.all { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' setting 'xpack.monitoring.collection.enabled', 'true' + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/stats/EqlUsageRestTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/stats/EqlUsageRestTestCase.java index 0be63e25274a5..d64543c91d4a6 100644 --- a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/stats/EqlUsageRestTestCase.java +++ b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/stats/EqlUsageRestTestCase.java @@ -9,6 +9,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.RestHighLevelClient; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.XContentHelper; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.test.eql.DataLoader; @@ -380,4 +383,12 @@ private RestHighLevelClient highLevelClient() { } return highLevelClient; } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/x-pack/plugin/eql/qa/correctness/build.gradle b/x-pack/plugin/eql/qa/correctness/build.gradle index 00078b324fba2..2f7fbc93d3702 100644 --- a/x-pack/plugin/eql/qa/correctness/build.gradle +++ b/x-pack/plugin/eql/qa/correctness/build.gradle @@ -40,6 +40,8 @@ testClusters { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' jvmArgs '-Xms4g', '-Xmx4g' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } runTask { jvmArgs '-Xms8g', '-Xmx8g' diff --git a/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java b/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java index b05d513eae76d..e846ff363b4f3 100644 --- a/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java +++ b/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java @@ -20,7 +20,9 @@ import org.elasticsearch.client.RestHighLevelClient; import org.elasticsearch.client.eql.EqlSearchRequest; import org.elasticsearch.client.eql.EqlSearchResponse; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.test.rest.ESRestTestCase; import org.junit.After; @@ -84,6 +86,12 @@ protected boolean preserveClusterUponCompletion() { return true; } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder().put(ThreadContext.PREFIX + ".Authorization", token).build(); + } + @Override protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { RestClientBuilder builder = RestClient.builder(hosts); diff --git a/x-pack/plugin/eql/qa/mixed-node/build.gradle b/x-pack/plugin/eql/qa/mixed-node/build.gradle index 56196d10af594..e02130fe89f52 100644 --- a/x-pack/plugin/eql/qa/mixed-node/build.gradle +++ b/x-pack/plugin/eql/qa/mixed-node/build.gradle @@ -32,7 +32,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.wireCompatible.findAll { it.on setting 'xpack.security.enabled', 'false' setting 'xpack.watcher.enabled', 'false' setting 'xpack.ml.enabled', 'false' - setting 'xpack.eql.enabled', 'true' + setting 'xpack.eql.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' // for debugging purposes // setting 'logger.org.elasticsearch.xpack.eql.plugin.TransportEqlSearchAction', 'TRACE' diff --git a/x-pack/plugin/eql/qa/rest/build.gradle b/x-pack/plugin/eql/qa/rest/build.gradle index a4df7fd11736e..bd817f97ccbd5 100644 --- a/x-pack/plugin/eql/qa/rest/build.gradle +++ b/x-pack/plugin/eql/qa/rest/build.gradle @@ -22,4 +22,5 @@ testClusters.all { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' setting 'xpack.monitoring.collection.enabled', 'true' + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/eql/qa/rest/src/javaRestTest/java/org/elasticsearch/xpack/eql/EqlRestIT.java b/x-pack/plugin/eql/qa/rest/src/javaRestTest/java/org/elasticsearch/xpack/eql/EqlRestIT.java index 14150a830dccd..63158dcc501d9 100644 --- a/x-pack/plugin/eql/qa/rest/src/javaRestTest/java/org/elasticsearch/xpack/eql/EqlRestIT.java +++ b/x-pack/plugin/eql/qa/rest/src/javaRestTest/java/org/elasticsearch/xpack/eql/EqlRestIT.java @@ -7,7 +7,18 @@ package org.elasticsearch.xpack.eql; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.eql.EqlRestTestCase; public class EqlRestIT extends EqlRestTestCase { + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/x-pack/plugin/fleet/build.gradle b/x-pack/plugin/fleet/build.gradle index bc135af76077c..b1abb6eb58675 100644 --- a/x-pack/plugin/fleet/build.gradle +++ b/x-pack/plugin/fleet/build.gradle @@ -24,4 +24,6 @@ dependencies { testClusters.all { testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'true' + user username: 'x_pack_rest_user', password: 'x-pack-test-password', role: 'superuser' } diff --git a/x-pack/plugin/ilm/qa/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java b/x-pack/plugin/ilm/qa/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java index 19810778eeac4..4cdca0674c63a 100644 --- a/x-pack/plugin/ilm/qa/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java +++ b/x-pack/plugin/ilm/qa/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java @@ -62,7 +62,6 @@ import static java.util.Collections.singletonMap; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.greaterThanOrEqualTo; diff --git a/x-pack/plugin/logstash/build.gradle b/x-pack/plugin/logstash/build.gradle index d7ba5b977d209..9a3649b2e3b0d 100644 --- a/x-pack/plugin/logstash/build.gradle +++ b/x-pack/plugin/logstash/build.gradle @@ -19,4 +19,6 @@ dependencies { testClusters.all { testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'true' + user username: 'x_pack_rest_user', password: 'x-pack-test-password', role: 'superuser' } diff --git a/x-pack/plugin/repositories-metering-api/build.gradle b/x-pack/plugin/repositories-metering-api/build.gradle index 37e325d6c0dbf..620b3e79a2b9e 100644 --- a/x-pack/plugin/repositories-metering-api/build.gradle +++ b/x-pack/plugin/repositories-metering-api/build.gradle @@ -14,4 +14,8 @@ dependencies { testImplementation(testArtifact(project(xpackModule('core')))) } -addQaCheckDependencies() \ No newline at end of file +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + +addQaCheckDependencies() diff --git a/x-pack/plugin/repositories-metering-api/qa/azure/build.gradle b/x-pack/plugin/repositories-metering-api/qa/azure/build.gradle index b48c1c8e74683..05dfa2dd82b47 100644 --- a/x-pack/plugin/repositories-metering-api/qa/azure/build.gradle +++ b/x-pack/plugin/repositories-metering-api/qa/azure/build.gradle @@ -48,6 +48,10 @@ if (useFixture) { testFixtures.useFixture(fixture.path, 'azure-fixture-repositories-metering') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("integTest") { dependsOn ":plugins:repository-azure:bundlePlugin" systemProperty 'test.azure.container', azureContainer diff --git a/x-pack/plugin/repositories-metering-api/qa/gcs/build.gradle b/x-pack/plugin/repositories-metering-api/qa/gcs/build.gradle index 6647e7a370ab2..7f9996af0257c 100644 --- a/x-pack/plugin/repositories-metering-api/qa/gcs/build.gradle +++ b/x-pack/plugin/repositories-metering-api/qa/gcs/build.gradle @@ -50,6 +50,10 @@ if (!gcsServiceAccount && !gcsBucket && !gcsBasePath) { serviceAccountFile = new File(gcsServiceAccount) } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + /** A service account file that points to the Google Cloud Storage service emulated by the fixture **/ tasks.register("createServiceAccountFile") { doLast { diff --git a/x-pack/plugin/repositories-metering-api/qa/s3/build.gradle b/x-pack/plugin/repositories-metering-api/qa/s3/build.gradle index 8bdf19b7cbca4..d6d0b7f49ba8f 100644 --- a/x-pack/plugin/repositories-metering-api/qa/s3/build.gradle +++ b/x-pack/plugin/repositories-metering-api/qa/s3/build.gradle @@ -67,6 +67,7 @@ testClusters.integTest { } else { println "Using an external service to test " + project.name } + setting 'xpack.security.enabled', 'false' } tasks.register("s3ThirdPartyTest").configure { diff --git a/x-pack/plugin/rollup/qa/rest/build.gradle b/x-pack/plugin/rollup/qa/rest/build.gradle index 3a49955e93fe5..370a279d3779a 100644 --- a/x-pack/plugin/rollup/qa/rest/build.gradle +++ b/x-pack/plugin/rollup/qa/rest/build.gradle @@ -23,6 +23,7 @@ testClusters.all { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' systemProperty 'es.rollup_v2_feature_flag_enabled', 'true' + setting 'xpack.security.enabled', 'false' } tasks.named("test").configure{enabled = false } diff --git a/x-pack/plugin/searchable-snapshots/qa/azure/build.gradle b/x-pack/plugin/searchable-snapshots/qa/azure/build.gradle index a6fbfcea0582e..b19a08ed061f3 100644 --- a/x-pack/plugin/searchable-snapshots/qa/azure/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/azure/build.gradle @@ -59,6 +59,7 @@ testClusters.integTest { } setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'false' if (useFixture) { def fixtureAddress = { fixtureName -> diff --git a/x-pack/plugin/searchable-snapshots/qa/gcs/build.gradle b/x-pack/plugin/searchable-snapshots/qa/gcs/build.gradle index 67ceaec677161..c04c11323b2c6 100644 --- a/x-pack/plugin/searchable-snapshots/qa/gcs/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/gcs/build.gradle @@ -111,6 +111,8 @@ testClusters.integTest { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/searchable-snapshots/qa/hdfs/build.gradle b/x-pack/plugin/searchable-snapshots/qa/hdfs/build.gradle index ca13e7290965f..5e514d71e81b7 100644 --- a/x-pack/plugin/searchable-snapshots/qa/hdfs/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/hdfs/build.gradle @@ -134,6 +134,8 @@ testClusters.configureEach { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } testClusters.matching { it.name == "integTestSecure" }.configureEach { diff --git a/x-pack/plugin/searchable-snapshots/qa/minio/build.gradle b/x-pack/plugin/searchable-snapshots/qa/minio/build.gradle index cd95df231e0ee..1c9f08327a383 100644 --- a/x-pack/plugin/searchable-snapshots/qa/minio/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/minio/build.gradle @@ -43,5 +43,7 @@ testClusters.integTest { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/searchable-snapshots/qa/rest/build.gradle b/x-pack/plugin/searchable-snapshots/qa/rest/build.gradle index d3d83808ad3ed..99c0dacab4414 100644 --- a/x-pack/plugin/searchable-snapshots/qa/rest/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/rest/build.gradle @@ -24,4 +24,6 @@ testClusters.all { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/searchable-snapshots/qa/s3/build.gradle b/x-pack/plugin/searchable-snapshots/qa/s3/build.gradle index 3258284d3a593..f2676e3e86d38 100644 --- a/x-pack/plugin/searchable-snapshots/qa/s3/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/s3/build.gradle @@ -70,6 +70,8 @@ testClusters.integTest { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } tasks.register("s3ThirdPartyTest") { diff --git a/x-pack/plugin/searchable-snapshots/qa/url/build.gradle b/x-pack/plugin/searchable-snapshots/qa/url/build.gradle index 9ff963715a0a4..e4ffce305b8df 100644 --- a/x-pack/plugin/searchable-snapshots/qa/url/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/url/build.gradle @@ -43,4 +43,6 @@ testClusters.matching { it.name == "integTest" }.configureEach { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/security/qa/basic-enable-security/build.gradle b/x-pack/plugin/security/qa/basic-enable-security/build.gradle index 5d710ceffdc10..99afa12a831a8 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/build.gradle +++ b/x-pack/plugin/security/qa/basic-enable-security/build.gradle @@ -4,6 +4,9 @@ import org.elasticsearch.gradle.info.BuildParams apply plugin: 'elasticsearch.java-rest-test' +//randomise between implicitly and explicitly disabled security +boolean implicitlyDisabledSecurity = (new Random(Long.parseUnsignedLong(BuildParams.testSeed.tokenize(':').get(0), 16))).nextBoolean() + dependencies { javaRestTestImplementation(testArtifact(project(xpackModule('security')))) javaRestTestImplementation(testArtifact(project(xpackModule('core')))) @@ -11,7 +14,9 @@ dependencies { tasks.named("javaRestTest").configure { description = "Run tests against a cluster that doesn't have security" - systemProperty 'tests.has_security', 'false' + if (!implicitlyDisabledSecurity) { + systemProperty 'tests.has_security', 'false' + } } if (BuildParams.inFipsJvm){ @@ -25,11 +30,14 @@ testClusters { numberOfNodes = 2 setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'basic' - setting 'xpack.security.enabled', 'false' + if (!implicitlyDisabledSecurity) { + setting 'xpack.security.enabled', 'false' + } } } -tasks.register("javaRestTestWithSecurity", StandaloneRestIntegTestTask) { +tasks.register("javaRestTestWithSecurityEnabled", StandaloneRestIntegTestTask) { + mustRunAfter("javaRestTest") description = "Run tests against a cluster that has security enabled" dependsOn "javaRestTest" useCluster testClusters.javaRestTest @@ -64,5 +72,5 @@ tasks.register("javaRestTestWithSecurity", StandaloneRestIntegTestTask) { nonInputProperties.systemProperty 'tests.rest.cluster', "${-> testClusters.javaRestTest.getAllHttpSocketURI().join(",")}" } } -tasks.named("check").configure { dependsOn("javaRestTestWithSecurity") } +tasks.named("check").configure { dependsOn("javaRestTestWithSecurityEnabled") } diff --git a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java index f43e2f7c75a2a..69e1c0bd91d32 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java @@ -6,10 +6,14 @@ */ package org.elasticsearch.xpack.security; +import org.apache.http.HttpHost; import org.apache.http.util.EntityUtils; +import org.elasticsearch.Version; import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; +import org.elasticsearch.client.RestClient; +import org.elasticsearch.client.RestClientBuilder; import org.elasticsearch.common.Booleans; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; @@ -17,14 +21,15 @@ import org.elasticsearch.test.rest.ESRestTestCase; import org.elasticsearch.test.rest.yaml.ObjectPath; import org.elasticsearch.xpack.security.authc.InternalRealms; +import org.hamcrest.Matchers; import org.junit.BeforeClass; import java.io.IOException; import java.util.Arrays; +import java.util.List; import java.util.Locale; import java.util.Map; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.contains; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; @@ -33,11 +38,13 @@ public class EnableSecurityOnBasicLicenseIT extends ESRestTestCase { private static boolean securityEnabled; + private static boolean securityExplicitlySet; @BeforeClass public static void checkTestMode() { final String hasSecurity = System.getProperty("tests.has_security"); - securityEnabled = Booleans.parseBoolean(hasSecurity); + securityExplicitlySet = hasSecurity != null; + securityEnabled = hasSecurity == null ? false : Booleans.parseBoolean(hasSecurity); } @Override @@ -58,10 +65,24 @@ protected Settings restClientSettings() { @Override protected boolean preserveClusterUponCompletion() { - // If this is the first run (security not yet enabled), then don't clean up afterwards because we want to test restart with data + // If this is one of the first two runs (security not yet enabled), then don't clean up afterwards because we want to test restart + // with data return securityEnabled == false; } + @Override + protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { + RestClientBuilder builder = RestClient.builder(hosts); + configureClient(builder, settings); + if (System.getProperty("tests.has_security") != null) { + builder.setStrictDeprecationMode(true); + } else { + builder.setStrictDeprecationMode(false); + } + return builder.build(); + } + + public void testSecuritySetup() throws Exception { logger.info("Security status: {}", securityEnabled); logger.info("Cluster:\n{}", getClusterInfo()); @@ -74,7 +95,8 @@ public void testSecuritySetup() throws Exception { } checkAllowedWrite("index_allowed"); - // Security runs second, and should see the doc from the first (non-security) run + // Security runs third, and should see the docs from the first two (non-security) runs + // Security explicitly disabled runs second and should see the doc from the first (implicitly disabled) run final int expectedIndexCount = securityEnabled ? 2 : 1; checkIndexCount("index_allowed", expectedIndexCount); @@ -84,6 +106,22 @@ public void testSecuritySetup() throws Exception { } else { checkAllowedWrite(otherIndex); } + checkSecurityDisabledWarning(); + } + + public void checkSecurityDisabledWarning() throws Exception { + final Request request = new Request("GET", "/_cat/indices"); + Response response = client().performRequest(request); + List warningHeaders = response.getWarnings(); + if (securityExplicitlySet) { + assertThat (warningHeaders, Matchers.empty()); + } else { + assertThat (warningHeaders, Matchers.hasSize(1)); + assertThat (warningHeaders.get(0), + containsString("Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be " + + "accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security.")); + } } private String getClusterInfo() throws IOException { diff --git a/x-pack/plugin/security/qa/security-not-enabled/build.gradle b/x-pack/plugin/security/qa/security-not-enabled/build.gradle index 4526d44576e9f..9b9ba98f53f8a 100644 --- a/x-pack/plugin/security/qa/security-not-enabled/build.gradle +++ b/x-pack/plugin/security/qa/security-not-enabled/build.gradle @@ -21,4 +21,5 @@ testClusters.all { // We run with a trial license, but do not enable security. // This means the security plugin is loaded and all feature are permitted, but they are not enabled setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java index 4ca468619d1ac..c26804c9d1122 100644 --- a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java +++ b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java @@ -18,7 +18,6 @@ import java.io.IOException; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.matchesRegex; public class CatIndicesWithSecurityIT extends ESRestTestCase { diff --git a/x-pack/plugin/security/qa/tls-basic/build.gradle b/x-pack/plugin/security/qa/tls-basic/build.gradle index a23784471b0b4..95dbe11249b0c 100644 --- a/x-pack/plugin/security/qa/tls-basic/build.gradle +++ b/x-pack/plugin/security/qa/tls-basic/build.gradle @@ -24,6 +24,7 @@ testClusters.javaRestTest { setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'basic' + setting 'xpack.security.enabled', 'true' setting 'xpack.security.http.ssl.enabled', 'true' setting 'xpack.security.http.ssl.certificate', 'http.crt' setting 'xpack.security.http.ssl.key', 'http.key' @@ -34,5 +35,6 @@ testClusters.javaRestTest { setting 'xpack.security.transport.ssl.key', 'transport.key' setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password' setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt' + user username: 'admin', password: 'admin-password', role: 'superuser' } diff --git a/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java b/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java index b08265a16965c..5f76628accf73 100644 --- a/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java @@ -10,7 +10,9 @@ import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; import org.elasticsearch.common.io.PathUtils; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import org.elasticsearch.test.rest.yaml.ObjectPath; import org.junit.AfterClass; @@ -55,7 +57,9 @@ protected String getProtocol() { @Override protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) .put(TRUSTSTORE_PATH, httpTrustStore) .put(TRUSTSTORE_PASSWORD, "password") .build(); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java index 1b996539463a9..6e4dccd2a69f6 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java @@ -11,8 +11,10 @@ import org.apache.logging.log4j.message.ParameterizedMessage; import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ExceptionsHelper; +import org.elasticsearch.Version; import org.elasticsearch.action.ActionListener; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.HeaderWarning; import org.elasticsearch.common.util.Maps; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.http.HttpChannel; @@ -88,6 +90,11 @@ public void handleRequest(RestRequest request, RestChannel channel, NodeClient c e -> handleException("Secondary authentication", request, channel, e))); }, e -> handleException("Authentication", request, channel, e))); } else { + if (request.method() != Method.OPTIONS) { + HeaderWarning.addWarning("Elasticsearch built-in security features are not enabled. Without authentication, your cluster " + + "could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + + "." + Version.CURRENT.minor + "/security-minimal-setup.html to enable security."); + } restHandler.handleRequest(request, channel, client); } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java index b42fdf26891de..da71f41bb8604 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java @@ -9,6 +9,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.elasticsearch.Version; import org.elasticsearch.license.LicenseStateListener; import org.elasticsearch.license.XPackLicenseState; @@ -40,6 +41,11 @@ public synchronized void licenseStateChanged() { // old state might be null (undefined) so do Object comparison if (Objects.equals(newState, securityEnabled) == false) { logger.info("Active license is now [{}]; Security is {}", licenseState.getOperationMode(), newState ? "enabled" : "disabled"); + if (newState == false) { + logger.warn("Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be " + + "accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security."); + } this.securityEnabled = newState; } } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java index bea79cd15d3ec..3df9881e3070a 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java @@ -9,6 +9,7 @@ import com.nimbusds.jose.util.StandardCharset; import org.apache.lucene.util.SetOnce; import org.elasticsearch.ElasticsearchException; +import org.elasticsearch.Version; import org.elasticsearch.action.ActionListener; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.bytes.BytesArray; @@ -144,6 +145,9 @@ public void testProcessBasicLicense() throws Exception { RestRequest request = mock(RestRequest.class); when(licenseState.isSecurityEnabled()).thenReturn(false); filter.handleRequest(request, channel, null); + assertWarnings("Elasticsearch built-in security features are not enabled. Without authentication, your cluster " + + "could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security."); verify(restHandler).handleRequest(request, channel, null); verifyZeroInteractions(channel, authcService); } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java index d28eecad35ec7..4dffe7b93e4cf 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java @@ -10,6 +10,7 @@ import org.apache.logging.log4j.Level; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.elasticsearch.Version; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.license.License; import org.elasticsearch.license.XPackLicenseState; @@ -63,7 +64,14 @@ public void testSecurityEnabledToDisabled() { Level.INFO, "Active license is now [PLATINUM]; Security is enabled" )); - + logAppender.addExpectation(new MockLogAppender.SeenEventExpectation( + "built-in security features are not enabled", + listener.getClass().getName(), + Level.WARN, + "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible " + + "to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security." + )); when(licenseState.isSecurityEnabled()).thenReturn(false); when(licenseState.getOperationMode()).thenReturn(License.OperationMode.BASIC); logAppender.addExpectation(new MockLogAppender.SeenEventExpectation( @@ -87,6 +95,14 @@ public void testSecurityDisabledToEnabled() { Level.INFO, "Active license is now [TRIAL]; Security is disabled" )); + logAppender.addExpectation(new MockLogAppender.SeenEventExpectation( + "built-in security features are not enabled", + listener.getClass().getName(), + Level.WARN, + "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible " + + "to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security." + )); listener.licenseStateChanged(); when(licenseState.getOperationMode()).thenReturn(License.OperationMode.BASIC); diff --git a/x-pack/plugin/shutdown/qa/multi-node/build.gradle b/x-pack/plugin/shutdown/qa/multi-node/build.gradle index 40205e8aa6a01..8e2a374637865 100644 --- a/x-pack/plugin/shutdown/qa/multi-node/build.gradle +++ b/x-pack/plugin/shutdown/qa/multi-node/build.gradle @@ -17,4 +17,6 @@ testClusters.all { numberOfNodes = 4 systemProperty 'es.shutdown_feature_flag_enabled', 'true' + setting 'xpack.security.enabled', 'true' + user username: clusterCredentials.username, password: clusterCredentials.password, role: 'superuser' } diff --git a/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java b/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java index ad88b24ae2844..b99571e69db75 100644 --- a/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java +++ b/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java @@ -8,6 +8,9 @@ package org.elasticsearch.xpack.shutdown; import org.elasticsearch.client.Request; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import java.io.IOException; @@ -62,4 +65,13 @@ private void assertNoShuttingDownNodes(String nodeIdToShutdown) throws IOExcepti List> nodesArray = (List>) statusResponse.get("nodes"); assertThat(nodesArray, empty()); } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue( + System.getProperty("tests.rest.cluster.username"), + new SecureString(System.getProperty("tests.rest.cluster.password").toCharArray()) + ); + return Settings.builder().put(ThreadContext.PREFIX + ".Authorization", token).build(); + } } diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/azure/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/azure/build.gradle index e946c825c435a..a568112ea190f 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/azure/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/azure/build.gradle @@ -48,6 +48,10 @@ if (useFixture) { testFixtures.useFixture(fixture.path, 'azure-fixture-repository-test-kit') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("integTest").configure { systemProperty 'test.azure.container', azureContainer nonInputProperties.systemProperty 'test.azure.base_path', azureBasePath + "_repository_test_kit_tests_" + BuildParams.testSeed diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/gcs/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/gcs/build.gradle index df678b3673b28..dd5dcdab36e42 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/gcs/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/gcs/build.gradle @@ -107,6 +107,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { } else { println "Using an external service to test " + project.name } + setting 'xpack.security.enabled', 'false' } tasks.register("gcsThirdPartyTest") { diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/minio/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/minio/build.gradle index 0f73503021d28..f248fd778ddb1 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/minio/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/minio/build.gradle @@ -46,5 +46,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { keystore 's3.client.repository_test_kit.secret_key', 's3_test_secret_key' setting 's3.client.repository_test_kit.protocol', 'http' setting 's3.client.repository_test_kit.endpoint', { "${-> fixtureAddress()}" }, IGNORE_VALUE + + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/rest/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/rest/build.gradle index 7b11e8637f61a..9572362314f77 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/rest/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/rest/build.gradle @@ -17,6 +17,7 @@ tasks.named("integTest").configure { testClusters.matching { it.name == "integTest" }.configureEach { testDistribution = 'DEFAULT' setting 'path.repo', repoDir.absolutePath + setting 'xpack.security.enabled', 'false' } restResources { diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/s3/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/s3/build.gradle index 33b65606b7624..0d18dbd98e305 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/s3/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/s3/build.gradle @@ -72,6 +72,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { } else { println "Using an external service to test " + project.name } + setting 'xpack.security.enabled', 'false' } tasks.register("s3ThirdPartyTest") { diff --git a/x-pack/plugin/spatial/build.gradle b/x-pack/plugin/spatial/build.gradle index 8a196b50b9cb9..5eb9b0b403105 100644 --- a/x-pack/plugin/spatial/build.gradle +++ b/x-pack/plugin/spatial/build.gradle @@ -29,4 +29,5 @@ restResources { testClusters.all { setting 'xpack.license.self_generated.type', 'trial' testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/sql/qa/jdbc/security/src/test/java/org/elasticsearch/xpack/sql/qa/jdbc/security/JdbcConnectionIT.java b/x-pack/plugin/sql/qa/jdbc/security/src/test/java/org/elasticsearch/xpack/sql/qa/jdbc/security/JdbcConnectionIT.java index 520c981c5eedd..b26b9bbeea297 100644 --- a/x-pack/plugin/sql/qa/jdbc/security/src/test/java/org/elasticsearch/xpack/sql/qa/jdbc/security/JdbcConnectionIT.java +++ b/x-pack/plugin/sql/qa/jdbc/security/src/test/java/org/elasticsearch/xpack/sql/qa/jdbc/security/JdbcConnectionIT.java @@ -19,8 +19,6 @@ import java.nio.file.Path; import java.util.Properties; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - public class JdbcConnectionIT extends ConnectionTestCase { static final boolean SSL_ENABLED = Booleans.parseBoolean(System.getProperty("tests.ssl.enabled"), false); diff --git a/x-pack/plugin/sql/qa/mixed-node/build.gradle b/x-pack/plugin/sql/qa/mixed-node/build.gradle index ef0b27d7b351f..47f6592156183 100644 --- a/x-pack/plugin/sql/qa/mixed-node/build.gradle +++ b/x-pack/plugin/sql/qa/mixed-node/build.gradle @@ -14,6 +14,10 @@ dependencies { testImplementation project(path: xpackModule('sql'), configuration: 'default') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("integTest").configure{ enabled = false} // A bug (https://github.com/elastic/elasticsearch/issues/68439) limits us to perform tests with versions from 7.10.3 onwards diff --git a/x-pack/plugin/sql/qa/server/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/RestSqlIT.java b/x-pack/plugin/sql/qa/server/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/RestSqlIT.java index 936356a602b70..4937b8e4a72ea 100644 --- a/x-pack/plugin/sql/qa/server/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/RestSqlIT.java +++ b/x-pack/plugin/sql/qa/server/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/RestSqlIT.java @@ -18,8 +18,6 @@ import java.nio.file.Files; import java.nio.file.Path; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - /** * Integration test for the rest sql action. The one that speaks json directly to a * user rather than to the JDBC driver or CLI. diff --git a/x-pack/plugin/transform/qa/single-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/transform/integration/TransformRestTestCase.java b/x-pack/plugin/transform/qa/single-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/transform/integration/TransformRestTestCase.java index 2a9ea04d885c8..ae98a220aebb5 100644 --- a/x-pack/plugin/transform/qa/single-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/transform/integration/TransformRestTestCase.java +++ b/x-pack/plugin/transform/qa/single-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/transform/integration/TransformRestTestCase.java @@ -41,7 +41,6 @@ import java.util.stream.Collectors; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.equalTo; public abstract class TransformRestTestCase extends ESRestTestCase { diff --git a/x-pack/plugin/watcher/qa/rest/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherTestSuiteIT.java b/x-pack/plugin/watcher/qa/rest/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherTestSuiteIT.java index 8d42b98dbfdd5..794428c6707e4 100644 --- a/x-pack/plugin/watcher/qa/rest/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherTestSuiteIT.java +++ b/x-pack/plugin/watcher/qa/rest/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherTestSuiteIT.java @@ -24,7 +24,6 @@ import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.rest.action.search.RestSearchAction.TOTAL_HITS_AS_INT_PARAM; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; import static org.hamcrest.Matchers.greaterThanOrEqualTo; import static org.hamcrest.Matchers.hasEntry; import static org.hamcrest.Matchers.is; diff --git a/x-pack/plugin/watcher/qa/with-security/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityIT.java b/x-pack/plugin/watcher/qa/with-security/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityIT.java index 70c98f0247340..84b09372433d0 100644 --- a/x-pack/plugin/watcher/qa/with-security/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityIT.java +++ b/x-pack/plugin/watcher/qa/with-security/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityIT.java @@ -25,7 +25,6 @@ import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.rest.action.search.RestSearchAction.TOTAL_HITS_AS_INT_PARAM; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; import static org.hamcrest.Matchers.greaterThanOrEqualTo; import static org.hamcrest.Matchers.hasEntry; import static org.hamcrest.Matchers.is; diff --git a/x-pack/plugin/watcher/qa/with-security/src/yamlRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityClientYamlTestSuiteIT.java b/x-pack/plugin/watcher/qa/with-security/src/yamlRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityClientYamlTestSuiteIT.java index b9b21e5219c91..8f07ee64a63f8 100644 --- a/x-pack/plugin/watcher/qa/with-security/src/yamlRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityClientYamlTestSuiteIT.java +++ b/x-pack/plugin/watcher/qa/with-security/src/yamlRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityClientYamlTestSuiteIT.java @@ -13,12 +13,9 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; -import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; import org.elasticsearch.xpack.watcher.WatcherYamlSuiteTestCase; import org.junit.Before; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public class SmokeTestWatcherWithSecurityClientYamlTestSuiteIT extends WatcherYamlSuiteTestCase { private static final String TEST_ADMIN_USERNAME = "test_admin"; diff --git a/x-pack/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/CoreWithSecurityClientYamlTestSuiteIT.java b/x-pack/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/CoreWithSecurityClientYamlTestSuiteIT.java index 14e9fbc250b0a..ea509a3c1fb04 100644 --- a/x-pack/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/CoreWithSecurityClientYamlTestSuiteIT.java +++ b/x-pack/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/CoreWithSecurityClientYamlTestSuiteIT.java @@ -19,8 +19,6 @@ import java.util.Objects; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - @TimeoutSuite(millis = 30 * TimeUnits.MINUTE) // as default timeout seems not enough on the jenkins VMs public class CoreWithSecurityClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { diff --git a/x-pack/qa/multi-cluster-search-security/src/test/java/org/elasticsearch/xpack/security/MultiClusterSearchWithSecurityYamlTestSuiteIT.java b/x-pack/qa/multi-cluster-search-security/src/test/java/org/elasticsearch/xpack/security/MultiClusterSearchWithSecurityYamlTestSuiteIT.java index 60070d8b9853c..e4f08aecb60bc 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/java/org/elasticsearch/xpack/security/MultiClusterSearchWithSecurityYamlTestSuiteIT.java +++ b/x-pack/qa/multi-cluster-search-security/src/test/java/org/elasticsearch/xpack/security/MultiClusterSearchWithSecurityYamlTestSuiteIT.java @@ -15,8 +15,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public class MultiClusterSearchWithSecurityYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String USER = "test_user"; diff --git a/x-pack/qa/multi-cluster-tests-with-security/src/test/java/org/elasticsearch/multi_cluster/MultiClusterYamlTestSuiteIT.java b/x-pack/qa/multi-cluster-tests-with-security/src/test/java/org/elasticsearch/multi_cluster/MultiClusterYamlTestSuiteIT.java index ca7fd7d588e6e..c08e331f90997 100644 --- a/x-pack/qa/multi-cluster-tests-with-security/src/test/java/org/elasticsearch/multi_cluster/MultiClusterYamlTestSuiteIT.java +++ b/x-pack/qa/multi-cluster-tests-with-security/src/test/java/org/elasticsearch/multi_cluster/MultiClusterYamlTestSuiteIT.java @@ -18,8 +18,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - @TimeoutSuite(millis = 5 * TimeUnits.MINUTE) // to account for slow as hell VMs public class MultiClusterYamlTestSuiteIT extends ESClientYamlSuiteTestCase { diff --git a/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/GlobalCheckpointSyncActionIT.java b/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/GlobalCheckpointSyncActionIT.java index 5a950088a1af2..52b62687db27e 100644 --- a/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/GlobalCheckpointSyncActionIT.java +++ b/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/GlobalCheckpointSyncActionIT.java @@ -17,7 +17,6 @@ import org.elasticsearch.test.rest.yaml.ObjectPath; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; import static org.hamcrest.Matchers.equalTo; public class GlobalCheckpointSyncActionIT extends ESRestTestCase { diff --git a/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/RollupIT.java b/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/RollupIT.java index 3dba00afe9735..e70e27a7803c7 100644 --- a/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/RollupIT.java +++ b/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/RollupIT.java @@ -33,7 +33,6 @@ import java.util.concurrent.TimeUnit; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.oneOf; diff --git a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java index c971306f4172f..46b0fbedd6af5 100644 --- a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java +++ b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java @@ -21,8 +21,6 @@ import java.net.URL; import java.nio.file.Path; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - public class ReindexWithSecurityClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String USER = "test_admin"; private static final String PASS = "x-pack-test-password"; diff --git a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityIT.java b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityIT.java index 61d33d5c9d6bc..b5d6f60815fc1 100644 --- a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityIT.java +++ b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityIT.java @@ -21,7 +21,6 @@ import org.elasticsearch.xpack.core.security.SecurityField; - public class ReindexWithSecurityIT extends SecurityIntegTestCase { @Override diff --git a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/AbstractUpgradeTestCase.java b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/AbstractUpgradeTestCase.java index 72bc13e24b5e8..b78a73c9972f8 100644 --- a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/AbstractUpgradeTestCase.java +++ b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/AbstractUpgradeTestCase.java @@ -10,6 +10,7 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.common.io.Streams; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; @@ -21,12 +22,10 @@ import java.util.List; import java.util.stream.Collectors; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public abstract class AbstractUpgradeTestCase extends ESRestTestCase { private static final String BASIC_AUTH_VALUE = - basicAuthHeaderValue("test_user", SecuritySettingsSourceField.TEST_PASSWORD); + basicAuthHeaderValue("test_user", new SecureString(SecuritySettingsSourceField.TEST_PASSWORD)); protected static final Version UPGRADE_FROM_VERSION = Version.fromString(System.getProperty("tests.upgrade_from_version")); diff --git a/x-pack/qa/runtime-fields/build.gradle b/x-pack/qa/runtime-fields/build.gradle index 03607229af80f..46b439f622680 100644 --- a/x-pack/qa/runtime-fields/build.gradle +++ b/x-pack/qa/runtime-fields/build.gradle @@ -29,6 +29,7 @@ subprojects { testClusters.matching { it.name == "yamlRestTest" }.configureEach { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'false' } tasks.named("yamlRestTest").configure { diff --git a/x-pack/qa/runtime-fields/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java b/x-pack/qa/runtime-fields/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java index c1dd3129aa76f..44718bd5cad0d 100644 --- a/x-pack/qa/runtime-fields/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java +++ b/x-pack/qa/runtime-fields/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java @@ -29,8 +29,6 @@ import java.util.Collections; import java.util.Map; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - public class PermissionsIT extends ESRestTestCase { private static HighLevelClient highLevelClient; diff --git a/x-pack/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/XSmokeTestPluginsClientYamlTestSuiteIT.java b/x-pack/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/XSmokeTestPluginsClientYamlTestSuiteIT.java index acb0d01b7a085..5f43aec0f24a4 100644 --- a/x-pack/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/XSmokeTestPluginsClientYamlTestSuiteIT.java +++ b/x-pack/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/XSmokeTestPluginsClientYamlTestSuiteIT.java @@ -15,8 +15,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public class XSmokeTestPluginsClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String USER = "test_user"; diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/java/org/elasticsearch/smoketest/SmokeTestSecurityWithMustacheClientYamlTestSuiteIT.java b/x-pack/qa/smoke-test-security-with-mustache/src/test/java/org/elasticsearch/smoketest/SmokeTestSecurityWithMustacheClientYamlTestSuiteIT.java index 4aabba22733be..343cdb931542a 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/java/org/elasticsearch/smoketest/SmokeTestSecurityWithMustacheClientYamlTestSuiteIT.java +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/java/org/elasticsearch/smoketest/SmokeTestSecurityWithMustacheClientYamlTestSuiteIT.java @@ -15,8 +15,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public class SmokeTestSecurityWithMustacheClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String BASIC_AUTH_VALUE = basicAuthHeaderValue("test_admin",