TestClusters: Convert the security plugin (#43242)

* TestClusters: Convert the security plugin This PR moves security tests to use TestClusters. The TLS test required support in testclusters itself, so the correct wait condition is configgured based on the cluster settings. * PR review
elastic · Jun 18, 2019 · 9772d04 · 9772d04
1 parent 90aa6af
commit 9772d04
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 81 deletions.
diff --git a/buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchCluster.java b/buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchCluster.java
@@ -319,10 +319,17 @@ public ElasticsearchNode singleNode() {
 
     private void addWaitForClusterHealth() {
         waitConditions.put("cluster health yellow", (node) -> {
+
             try {
+                boolean httpSslEnabled = getFirstNode().isHttpSslEnabled();
                 WaitForHttpResource wait = new WaitForHttpResource(
-                    "http", getFirstNode().getHttpSocketURI(), nodes.size()
+                    httpSslEnabled ? "https" : "http",
+                    getFirstNode().getHttpSocketURI(),
+                    nodes.size()
                 );
+                if (httpSslEnabled) {
+                    wait.setCertificateAuthorities(getFirstNode().getHttpCertificateAuthoritiesFile());
+                }
                 List<Map<String, String>> credentials = getFirstNode().getCredentials();
                 if (getFirstNode().getCredentials().isEmpty() == false) {
                     wait.setUsername(credentials.get(0).get("useradd"));

diff --git a/buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchNode.java b/buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchNode.java
@@ -873,4 +873,19 @@ private boolean checkPortsFilesExistWithDelay(TestClusterConfiguration node) {
         }
         return Files.exists(httpPortsFile) && Files.exists(transportPortFile);
     }
+
+    public boolean isHttpSslEnabled() {
+        return Boolean.valueOf(
+            settings.getOrDefault("xpack.security.http.ssl.enabled", () -> "false").get().toString()
+        );
+    }
+
+    public File getHttpCertificateAuthoritiesFile() {
+        if (settings.containsKey("xpack.security.http.ssl.certificate_authorities") == false) {
+            throw new TestClustersException("Can't get certificates authority file, not configured for " + this);
+        }
+        return getConfigDir()
+            .resolve(settings.get("xpack.security.http.ssl.certificate_authorities").get().toString())
+            .toFile();
+    }
 }
diff --git a/x-pack/plugin/security/qa/basic-enable-security/build.gradle b/x-pack/plugin/security/qa/basic-enable-security/build.gradle
@@ -1,5 +1,4 @@
-import org.elasticsearch.gradle.test.RestIntegTestTask
-
+apply plugin: 'elasticsearch.testclusters'
 apply plugin: 'elasticsearch.standalone-rest-test'
 apply plugin: 'elasticsearch.rest-test'
 
@@ -9,59 +8,53 @@ dependencies {
   testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
 }
 
-task integTestNoSecurity(type: RestIntegTestTask) {
-  description = "Run tests against a cluster that doesn't have security"
-}
-tasks.getByName("integTestNoSecurityRunner").configure {
-    systemProperty 'tests.has_security', 'false'
-}
-check.dependsOn(integTestNoSecurity)
-
-task integTestSecurity(type: RestIntegTestTask) {
-  dependsOn integTestNoSecurity
-  description = "Run tests against a cluster that has security"
+integTest {
+    description = "Run tests against a cluster that doesn't have security"
+    runner {
+        systemProperty 'tests.has_security', 'false'
+    }
 }
-tasks.getByName("integTestSecurityRunner").configure {
-    systemProperty 'tests.has_security', 'true'
-}
-check.dependsOn(integTestSecurity)
-
-configure(extensions.findByName("integTestNoSecurityCluster")) {
-  clusterName = "enable-security-on-basic"
-  numNodes = 2
-
-  setting 'xpack.ilm.enabled', 'false'
-  setting 'xpack.ml.enabled', 'false'
-  setting 'xpack.license.self_generated.type', 'basic'
-  setting 'xpack.security.enabled', 'false'
-}
-
-Task noSecurityTest = tasks.findByName("integTestNoSecurity")
-configure(extensions.findByName("integTestSecurityCluster")) {
-    clusterName = "basic-license"
-    numNodes = 2
-    dataDir = { nodeNum -> noSecurityTest.nodes[nodeNum].dataDir }
 
+testClusters.integTest {
+    distribution = 'DEFAULT'
+    numberOfNodes = 2
     setting 'xpack.ilm.enabled', 'false'
     setting 'xpack.ml.enabled', 'false'
     setting 'xpack.license.self_generated.type', 'basic'
-    setting 'xpack.security.enabled', 'true'
-    setting 'xpack.security.authc.anonymous.roles', 'anonymous'
-    setting 'xpack.security.transport.ssl.enabled', 'true'
-    setting 'xpack.security.transport.ssl.certificate', 'transport.crt'
-    setting 'xpack.security.transport.ssl.key', 'transport.key'
-    setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password'
-    setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt'
-
-    extraConfigFile 'transport.key', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.key').toFile()
-    extraConfigFile 'transport.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.crt').toFile()
-    extraConfigFile 'ca.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/ca.crt').toFile()
+    setting 'xpack.security.enabled', 'false'
+}
 
-    setupCommand 'setupAdminUser',
-                 'bin/elasticsearch-users', 'useradd', 'admin_user', '-p', 'admin-password', '-r', 'superuser'
-    setupCommand 'setupTestUser' ,
-                 'bin/elasticsearch-users', 'useradd', 'security_test_user', '-p', 'security-test-password', '-r', 'security_test_role'
-    extraConfigFile 'roles.yml', project.projectDir.toPath().resolve('src/test/resources/roles.yml').toFile()
+task integTestSecurity(type: Test) {
+    description = "Run tests against a cluster that has security"
+    useCluster testClusters.integTest
+    dependsOn integTest
+    systemProperty 'tests.has_security', 'true'
+    maxParallelForks = 1
+    outputs.cacheIf "Caching of REST tests not implemented yet", { false }
+
+    doFirst {
+        testClusters.integTest {
+            // Reconfigure cluster to enable security
+            setting 'xpack.security.enabled', 'true'
+            setting 'xpack.security.authc.anonymous.roles', 'anonymous'
+            setting 'xpack.security.transport.ssl.enabled', 'true'
+            setting 'xpack.security.transport.ssl.certificate', 'transport.crt'
+            setting 'xpack.security.transport.ssl.key', 'transport.key'
+            setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password'
+            setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt'
+
+            extraConfigFile 'transport.key', file('src/test/resources/ssl/transport.key')
+            extraConfigFile 'transport.crt', file('src/test/resources/ssl/transport.crt')
+            extraConfigFile 'ca.crt', file('src/test/resources/ssl/ca.crt')
+            extraConfigFile 'roles.yml', file('src/test/resources/roles.yml')
+
+            user username: "admin_user", password: "admin-password"
+            user username: "security_test_user", password: "security-test-password", role: "security_test_role"
+
+            restart()
+        }
+        nonInputProperties.systemProperty 'tests.rest.cluster', "${-> testClusters.integTest.getAllHttpSocketURI().join(",")}"
+    }
 }
+check.dependsOn(integTestSecurity)
 
-integTest.enabled = false
diff --git a/x-pack/plugin/security/qa/security-basic/build.gradle b/x-pack/plugin/security/qa/security-basic/build.gradle
@@ -1,5 +1,4 @@
-import org.elasticsearch.gradle.http.WaitForHttpResource
-
+apply plugin: 'elasticsearch.testclusters'
 apply plugin: 'elasticsearch.standalone-rest-test'
 apply plugin: 'elasticsearch.rest-test'
 
@@ -9,8 +8,9 @@ dependencies {
   testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
 }
 
-integTestCluster {
-  numNodes=2
+testClusters.integTest {
+  distribution = "DEFAULT"
+  numberOfNodes = 2
 
   setting 'xpack.ilm.enabled', 'false'
   setting 'xpack.ml.enabled', 'false'
@@ -21,14 +21,7 @@ integTestCluster {
   setting 'xpack.security.authc.token.enabled', 'true'
   setting 'xpack.security.authc.api_key.enabled', 'true'
 
-  extraConfigFile 'roles.yml', project.projectDir.toPath().resolve('src/test/resources/roles.yml')
-  setupCommand 'setupUser#admin_user', 'bin/elasticsearch-users', 'useradd', 'admin_user', '-p', 'admin-password', '-r', 'superuser'
-  setupCommand 'setupUser#security_test_user', 'bin/elasticsearch-users', 'useradd', 'security_test_user', '-p', 'security-test-password', '-r', 'security_test_role'
-
-  waitCondition = { node, ant ->
-    WaitForHttpResource http = new WaitForHttpResource("http", node.httpUri(), numNodes)
-    http.setUsername("admin_user")
-    http.setPassword("admin-password")
-    return http.wait(5000)
-  }
+  extraConfigFile 'roles.yml', file('src/test/resources/roles.yml')
+  user username: "admin_user", password: "admin-password"
+  user username: "security_test_user", password: "security-test-password", role: "security_test_role"
 }
diff --git a/x-pack/plugin/security/qa/tls-basic/build.gradle b/x-pack/plugin/security/qa/tls-basic/build.gradle
@@ -1,5 +1,4 @@
-import org.elasticsearch.gradle.http.WaitForHttpResource
-
+apply plugin: 'elasticsearch.testclusters'
 apply plugin: 'elasticsearch.standalone-rest-test'
 apply plugin: 'elasticsearch.rest-test'
 
@@ -17,16 +16,16 @@ forbiddenPatterns {
     exclude '**/*.p12'
 }
 
-File caFile = project.file('src/test/resources/ssl/ca.crt')
 
-integTestCluster {
-  numNodes=2
+testClusters.integTest {
+  distribution = "DEFAULT"
+  numberOfNodes = 2
 
-  extraConfigFile 'http.key', project.projectDir.toPath().resolve('src/test/resources/ssl/http.key')
-  extraConfigFile 'http.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/http.crt')
-  extraConfigFile 'transport.key', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.key')
-  extraConfigFile 'transport.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/transport.crt')
-  extraConfigFile 'ca.crt', caFile
+  extraConfigFile 'http.key', file('src/test/resources/ssl/http.key')
+  extraConfigFile 'http.crt', file('src/test/resources/ssl/http.crt')
+  extraConfigFile 'transport.key', file('src/test/resources/ssl/transport.key')
+  extraConfigFile 'transport.crt', file('src/test/resources/ssl/transport.crt')
+  extraConfigFile 'ca.crt', file('src/test/resources/ssl/ca.crt')
 
   setting 'xpack.ilm.enabled', 'false'
   setting 'xpack.ml.enabled', 'false'
@@ -35,15 +34,10 @@ integTestCluster {
   setting 'xpack.security.http.ssl.certificate', 'http.crt'
   setting 'xpack.security.http.ssl.key', 'http.key'
   setting 'xpack.security.http.ssl.key_passphrase', 'http-password'
+  setting 'xpack.security.http.ssl.certificate_authorities', 'ca.crt'
   setting 'xpack.security.transport.ssl.enabled', 'true'
   setting 'xpack.security.transport.ssl.certificate', 'transport.crt'
   setting 'xpack.security.transport.ssl.key', 'transport.key'
   setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password'
   setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt'
-
-  waitCondition = { node, ant ->
-    WaitForHttpResource http = new WaitForHttpResource("https", node.httpUri(), numNodes)
-    http.setCertificateAuthorities(caFile)
-    return http.wait(5000)
-  }
 }