-
Notifications
You must be signed in to change notification settings - Fork 272
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Signed-off-by: Paras Jain <parasjaz@amazon.com> Signed-off-by: Peter Nied <peternied@hotmail.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Paras Jain <parasjaz@amazon.com> Co-authored-by: Peter Nied <peternied@hotmail.com>
- Loading branch information
3 people
authored
Oct 3, 2023
1 parent
163bfe4
commit 5195d5e
Showing
29 changed files
with
1,815 additions
and
446 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
179 changes: 0 additions & 179 deletions
179
bwc-test/src/test/java/SecurityBackwardsCompatibilityIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,180 +1 @@ | ||
| /* | ||
| * SPDX-License-Identifier: Apache-2.0 | ||
| * | ||
| * The OpenSearch Contributors require contributions made to | ||
| * this file be licensed under the Apache-2.0 license or a | ||
| * compatible open source license. | ||
| */ | ||
| package org.opensearch.security.bwc; | ||
|
|
||
| import java.io.IOException; | ||
| import java.util.List; | ||
| import java.util.Map; | ||
| import java.util.Optional; | ||
| import java.util.Set; | ||
| import java.util.stream.Collectors; | ||
|
|
||
| import org.apache.http.Header; | ||
| import org.apache.http.HttpHost; | ||
| import org.apache.http.auth.AuthScope; | ||
| import org.apache.http.auth.UsernamePasswordCredentials; | ||
| import org.apache.http.client.CredentialsProvider; | ||
| import org.apache.http.conn.ssl.NoopHostnameVerifier; | ||
| import org.apache.http.impl.client.BasicCredentialsProvider; | ||
| import org.apache.http.message.BasicHeader; | ||
| import org.apache.http.ssl.SSLContextBuilder; | ||
| import org.junit.Assume; | ||
| import org.junit.Before; | ||
| import org.opensearch.common.settings.Settings; | ||
| import org.opensearch.common.util.concurrent.ThreadContext; | ||
| import org.opensearch.test.rest.OpenSearchRestTestCase; | ||
|
|
||
| import org.opensearch.Version; | ||
|
|
||
| import static org.hamcrest.MatcherAssert.assertThat; | ||
| import static org.hamcrest.Matchers.hasItem; | ||
|
|
||
| import org.opensearch.client.RestClient; | ||
| import org.opensearch.client.RestClientBuilder; | ||
|
|
||
| import org.junit.Assert; | ||
|
|
||
| public class SecurityBackwardsCompatibilityIT extends OpenSearchRestTestCase { | ||
|
|
||
| private ClusterType CLUSTER_TYPE; | ||
| private String CLUSTER_NAME; | ||
|
|
||
| @Before | ||
| private void testSetup() { | ||
| final String bwcsuiteString = System.getProperty("tests.rest.bwcsuite"); | ||
| Assume.assumeTrue("Test cannot be run outside the BWC gradle task 'bwcTestSuite' or its dependent tasks", bwcsuiteString != null); | ||
| CLUSTER_TYPE = ClusterType.parse(bwcsuiteString); | ||
| CLUSTER_NAME = System.getProperty("tests.clustername"); | ||
| } | ||
|
|
||
| @Override | ||
| protected final boolean preserveClusterUponCompletion() { | ||
| return true; | ||
| } | ||
|
|
||
| @Override | ||
| protected final boolean preserveIndicesUponCompletion() { | ||
| return true; | ||
| } | ||
|
|
||
| @Override | ||
| protected final boolean preserveReposUponCompletion() { | ||
| return true; | ||
| } | ||
|
|
||
| @Override | ||
| protected boolean preserveTemplatesUponCompletion() { | ||
| return true; | ||
| } | ||
|
|
||
| @Override | ||
| protected String getProtocol() { | ||
| return "https"; | ||
| } | ||
|
|
||
| @Override | ||
| protected final Settings restClientSettings() { | ||
| return Settings.builder() | ||
| .put(super.restClientSettings()) | ||
| // increase the timeout here to 90 seconds to handle long waits for a green | ||
| // cluster health. the waits for green need to be longer than a minute to | ||
| // account for delayed shards | ||
| .put(OpenSearchRestTestCase.CLIENT_SOCKET_TIMEOUT, "90s") | ||
| .build(); | ||
| } | ||
|
|
||
| @Override | ||
| protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { | ||
| RestClientBuilder builder = RestClient.builder(hosts); | ||
| configureHttpsClient(builder, settings); | ||
| boolean strictDeprecationMode = settings.getAsBoolean("strictDeprecationMode", true); | ||
| builder.setStrictDeprecationMode(strictDeprecationMode); | ||
| return builder.build(); | ||
| } | ||
|
|
||
| protected static void configureHttpsClient(RestClientBuilder builder, Settings settings) throws IOException { | ||
| Map<String, String> headers = ThreadContext.buildDefaultHeaders(settings); | ||
| Header[] defaultHeaders = new Header[headers.size()]; | ||
| int i = 0; | ||
| for (Map.Entry<String, String> entry : headers.entrySet()) { | ||
| defaultHeaders[i++] = new BasicHeader(entry.getKey(), entry.getValue()); | ||
| } | ||
| builder.setDefaultHeaders(defaultHeaders); | ||
| builder.setHttpClientConfigCallback(httpClientBuilder -> { | ||
| String userName = Optional.ofNullable(System.getProperty("tests.opensearch.username")) | ||
| .orElseThrow(() -> new RuntimeException("user name is missing")); | ||
| String password = Optional.ofNullable(System.getProperty("tests.opensearch.password")) | ||
| .orElseThrow(() -> new RuntimeException("password is missing")); | ||
| CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); | ||
| credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(userName, password)); | ||
| try { | ||
| return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider) | ||
| // disable the certificate since our testing cluster just uses the default security configuration | ||
| .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) | ||
| .setSSLContext(SSLContextBuilder.create().loadTrustMaterial(null, (chains, authType) -> true).build()); | ||
| } catch (Exception e) { | ||
| throw new RuntimeException(e); | ||
| } | ||
| }); | ||
| } | ||
|
|
||
| public void testBasicBackwardsCompatibility() throws Exception { | ||
| String round = System.getProperty("tests.rest.bwcsuite_round"); | ||
|
|
||
| if (round.equals("first") || round.equals("old")) { | ||
| assertPluginUpgrade("_nodes/" + CLUSTER_NAME + "-0/plugins"); | ||
| } else if (round.equals("second")) { | ||
| assertPluginUpgrade("_nodes/" + CLUSTER_NAME + "-1/plugins"); | ||
| } else if (round.equals("third")) { | ||
| assertPluginUpgrade("_nodes/" + CLUSTER_NAME + "-2/plugins"); | ||
| } | ||
| } | ||
|
|
||
| @SuppressWarnings("unchecked") | ||
| public void testWhoAmI() throws Exception { | ||
| Map<String, Object> responseMap = (Map<String, Object>) getAsMap("_plugins/_security/whoami"); | ||
| Assert.assertTrue(responseMap.containsKey("dn")); | ||
| } | ||
|
|
||
| private enum ClusterType { | ||
| OLD, | ||
| MIXED, | ||
| UPGRADED; | ||
|
|
||
| public static ClusterType parse(String value) { | ||
| switch (value) { | ||
| case "old_cluster": | ||
| return OLD; | ||
| case "mixed_cluster": | ||
| return MIXED; | ||
| case "upgraded_cluster": | ||
| return UPGRADED; | ||
| default: | ||
| throw new AssertionError("unknown cluster type: " + value); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| @SuppressWarnings("unchecked") | ||
| private void assertPluginUpgrade(String uri) throws Exception { | ||
| Map<String, Map<String, Object>> responseMap = (Map<String, Map<String, Object>>) getAsMap(uri).get("nodes"); | ||
| for (Map<String, Object> response : responseMap.values()) { | ||
| List<Map<String, Object>> plugins = (List<Map<String, Object>>) response.get("plugins"); | ||
| Set<String> pluginNames = plugins.stream().map(map -> (String) map.get("name")).collect(Collectors.toSet()); | ||
|
|
||
| final Version minNodeVersion = this.minimumNodeVersion(); | ||
|
|
||
| if (minNodeVersion.major <= 1) { | ||
| assertThat(pluginNames, hasItem("opensearch_security")); | ||
| } else { | ||
| assertThat(pluginNames, hasItem("opensearch-security")); | ||
| } | ||
|
|
||
| } | ||
| } | ||
| } |
28 changes: 28 additions & 0 deletions
28
bwc-test/src/test/java/org/opensearch/security/bwc/ClusterType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| /* | ||
| * SPDX-License-Identifier: Apache-2.0 | ||
| * | ||
| * The OpenSearch Contributors require contributions made to | ||
| * this file be licensed under the Apache-2.0 license or a | ||
| * compatible open source license. | ||
| */ | ||
|
|
||
| package org.opensearch.security.bwc; | ||
|
|
||
| public enum ClusterType { | ||
| OLD, | ||
| MIXED, | ||
| UPGRADED; | ||
|
|
||
| public static ClusterType parse(String value) { | ||
| switch (value) { | ||
| case "old_cluster": | ||
| return OLD; | ||
| case "mixed_cluster": | ||
| return MIXED; | ||
| case "upgraded_cluster": | ||
| return UPGRADED; | ||
| default: | ||
| throw new AssertionError("unknown cluster type: " + value); | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.