From e2f0da93b380d9ed0c2d44fc2008e4467174fcf9 Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Tue, 8 Aug 2023 15:55:34 -0700 Subject: [PATCH 01/13] Add extra IT flow. Signed-off-by: Yury-Fridlyand --- .../workflows/integ-tests-with-security.yml | 43 ++++++ integ-test/build.gradle | 128 ++++++++++++++++++ integ-test/rc/esnode-key.pem | 28 ++++ integ-test/rc/esnode.pem | 28 ++++ integ-test/rc/kirk-key.pem | 28 ++++ integ-test/rc/kirk.pem | 26 ++++ integ-test/rc/opensearch.keystore | Bin 0 -> 196 bytes integ-test/rc/root-ca.pem | 24 ++++ .../sql/legacy/OpenSearchSQLRestTestCase.java | 17 ++- .../sql/legacy/RestIntegTestCase.java | 2 +- .../sql/ppl/CrossClusterSearchIT.java | 15 +- 11 files changed, 336 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/integ-tests-with-security.yml create mode 100644 integ-test/rc/esnode-key.pem create mode 100644 integ-test/rc/esnode.pem create mode 100644 integ-test/rc/kirk-key.pem create mode 100644 integ-test/rc/kirk.pem create mode 100644 integ-test/rc/opensearch.keystore create mode 100644 integ-test/rc/root-ca.pem diff --git a/.github/workflows/integ-tests-with-security.yml b/.github/workflows/integ-tests-with-security.yml new file mode 100644 index 0000000000..25051923a2 --- /dev/null +++ b/.github/workflows/integ-tests-with-security.yml @@ -0,0 +1,43 @@ +name: Extra IT with security + +on: + pull_request: + push: + branches-ignore: + - 'dependabot/**' + paths: + - 'integ-test/** + - '.github/workflows/integ-tests-with-security.yml' + +jobs: + extra-it: + strategy: + fail-fast: false + matrix: + - os: [ ubuntu-latest, windows-latest, macos-latest ] + - java: [ 11, 17 ] + + runs-on: ${{ matrix.entry.os }} + + steps: + - uses: actions/checkout@v3 + + - name: Set up JDK ${{ matrix.java }} + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: ${{ matrix.entry.java }} + + - name: Build with Gradle + run: ./gradlew integTestWithSecurity + + - name: Upload test reports + if: ${{ always() }} + uses: actions/upload-artifact@v2 + continue-on-error: true + with: + name: test-reports-${{ matrix.entry.os }}-${{ matrix.entry.java }} + path: | + integ-test/build/reports/** + integ-test/build/testclusters/*/logs/* + integ-test/build/testclusters/*/config/* diff --git a/integ-test/build.gradle b/integ-test/build.gradle index b52cfd5f22..536214d871 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -25,8 +25,11 @@ import org.opensearch.gradle.test.RestIntegTestTask import org.opensearch.gradle.testclusters.StandaloneRestIntegTestTask +import java.nio.file.Paths +import java.time.LocalDateTime import java.util.concurrent.Callable import java.util.stream.Collectors +import groovy.xml.XmlParser plugins { id "de.undercouch.download" version "5.3.0" @@ -57,6 +60,21 @@ ext { projectSubstitutions = [:] licenseFile = rootProject.file('LICENSE.TXT') noticeFile = rootProject.file('NOTICE') + + getSecurityPluginDownloadLink = { -> + var repo = "https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/" + + "opensearch-security/$opensearch_build/" + var metadataFile = Paths.get(projectDir.toString(), "build", "maven-metadata.xml").toAbsolutePath().toFile() + download.run { + src repo + "maven-metadata.xml" + dest metadataFile + } + def metadata = new XmlParser().parse(metadataFile) + def snapshotVersion = metadata.versioning.snapshotVersions[0].snapshotVersion[0].value[0].text() + + return repo + "opensearch-security-${snapshotVersion}.zip" + //return "https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230801.181212-166.zip" + } } tasks.withType(licenseHeaders.class) { @@ -94,6 +112,7 @@ dependencies { testImplementation group: 'org.opensearch.client', name: 'opensearch-rest-client', version: "${opensearch_version}" testImplementation group: 'org.opensearch.driver', name: 'opensearch-sql-jdbc', version: System.getProperty("jdbcDriverVersion", '1.2.0.0') testImplementation group: 'org.hamcrest', name: 'hamcrest', version: '2.1' + //testImplementation group: 'org.hamcrest', name: 'hamcrest-core', version: '2.1' implementation group: 'org.apache.logging.log4j', name: 'log4j-core', version:'2.20.0' testImplementation project(':opensearch-sql-plugin') testImplementation project(':legacy') @@ -103,6 +122,7 @@ dependencies { testImplementation group: 'com.h2database', name: 'h2', version: '2.2.220' testImplementation group: 'org.xerial', name: 'sqlite-jdbc', version: '3.41.2.2' testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.8.9' + testCompileOnly 'org.apiguardian:apiguardian-api:1.1.2' // Needed for BWC tests zipArchive group: 'org.opensearch.plugin', name:'opensearch-sql-plugin', version: "${bwcVersion}-SNAPSHOT" @@ -136,10 +156,67 @@ testClusters.integTest { setting "plugins.query.datasources.encryption.masterkey", "1234567812345678" } +boolean securityPluginDownloaded = false + testClusters { remoteCluster { plugin ":opensearch-sql-plugin" } + integTestWithSecurity { // OpenSearchCluster + + getNodes().forEach { node -> + node.getCredentials().add(Map.of('useradd', 'admin', '-p', 'admin')) + } + + var projectAbsPath = projectDir.getAbsolutePath() + // Config below including files are copied from security demo configuration + ['esnode.pem', 'esnode-key.pem', 'root-ca.pem'].forEach { file -> + extraConfigFile file, Paths.get(projectAbsPath, 'rc', file).toFile() + } + setting 'plugins.security.ssl.transport.pemcert_filepath', 'esnode.pem' + setting 'plugins.security.ssl.transport.pemkey_filepath', 'esnode-key.pem' + setting 'plugins.security.ssl.transport.pemtrustedcas_filepath', 'root-ca.pem' + setting 'plugins.security.ssl.transport.enforce_hostname_verification', 'false' + // https is disabled, because `OpenSearchCluster` is hardcoded to validate cluster health by http + // refer how IT framework implemented in security plugin and reuse/copy to activate https + setting 'plugins.security.ssl.http.enabled', 'false' + setting 'plugins.security.ssl.http.pemcert_filepath', 'esnode.pem' + setting 'plugins.security.ssl.http.pemkey_filepath', 'esnode-key.pem' + setting 'plugins.security.ssl.http.pemtrustedcas_filepath', 'root-ca.pem' + setting 'plugins.security.allow_unsafe_democertificates', 'true' + + setting 'plugins.security.allow_default_init_securityindex', 'true' + setting 'plugins.security.authcz.admin_dn', 'CN=admin,OU=SSL,O=Test,L=Test,C=DE'//'CN=kirk,OU=client,O=client,L=test, C=de' + setting 'plugins.security.audit.type', 'internal_opensearch' + setting 'plugins.security.enable_snapshot_restore_privilege', 'true' + setting 'plugins.security.check_snapshot_restore_write_privileges', 'true' + setting 'plugins.security.restapi.roles_enabled', '["all_access", "security_rest_api_access"]' + setting 'plugins.security.system_indices.enabled', 'true' + + plugin ":opensearch-sql-plugin" + plugin provider(new Callable(){ + + @Override + RegularFile call() throws Exception { + return new RegularFile() { + + @Override + File getAsFile() { + var target = Paths.get(projectAbsPath, 'bin', 'opensearch-security-snapshot.zip').toFile() + // add a check to avoid re-downloading multiple times during single test run + if (!securityPluginDownloaded) { + download.run { + src getSecurityPluginDownloadLink() + dest target + } + securityPluginDownloaded = true + } + return target + } + } + } + }) + } } task startPrometheus(type: SpawnProcessTask) { @@ -218,6 +295,57 @@ task integJdbcTest(type: RestIntegTestTask) { } } +task integTestWithSecurity(type: RestIntegTestTask) { + useCluster testClusters.integTestWithSecurity + + useJUnitPlatform() + dependsOn ':opensearch-sql-plugin:bundlePlugin' + testLogging { + events "passed", "skipped", "failed" + } + afterTest { desc, result -> + logger.quiet "${desc.className}.${desc.name}: ${result.resultType} ${(result.getEndTime() - result.getStartTime())/1000}s" + } + + systemProperty 'tests.security.manager', 'false' + systemProperty 'project.root', project.projectDir.absolutePath + + // Set default query size limit + systemProperty 'defaultQuerySizeLimit', '10000' + + // Tell the test JVM if the cluster JVM is running under a debugger so that tests can use longer timeouts for + // requests. The 'doFirst' delays reading the debug setting on the cluster till execution time. + doFirst { + systemProperty 'cluster.debug', getDebug() + getClusters().forEach { cluster -> + String allTransportSocketURI = cluster.nodes.stream().flatMap { node -> + node.getAllTransportPortURI().stream() + }.collect(Collectors.joining(",")) + String allHttpSocketURI = cluster.nodes.stream().flatMap { node -> + node.getAllHttpSocketURI().stream() + }.collect(Collectors.joining(",")) + + systemProperty "tests.rest.${cluster.name}.http_hosts", "${-> allHttpSocketURI}" + systemProperty "tests.rest.${cluster.name}.transport_hosts", "${-> allTransportSocketURI}" + systemProperty "tests.rest.remoteCluster.http_hosts", "${-> allHttpSocketURI}" + systemProperty "tests.rest.remoteCluster.transport_hosts", "${-> allTransportSocketURI}" + + systemProperty "https", "false" + systemProperty "user", "admin" + systemProperty "password", "admin" + } + } + + if (System.getProperty("test.debug") != null) { + jvmArgs '-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005' + } + + // NOTE: this IT config discovers only junit5 (jupiter) tests. + filter { + includeTestsMatching 'org.opensearch.sql.ppl.CrossClusterSearchIT' + } +} + // Run PPL ITs and new, legacy and comparison SQL ITs with new SQL engine enabled integTest { useCluster testClusters.remoteCluster diff --git a/integ-test/rc/esnode-key.pem b/integ-test/rc/esnode-key.pem new file mode 100644 index 0000000000..4ac2cb57a7 --- /dev/null +++ b/integ-test/rc/esnode-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCWvn+O+rywfgMC +ud24mAclMDfuNA/IzCKLxl5usIE/PvUm7PPfXQ14LfQhNQXqOuaD9fiVM+HO1BzK +wmN3j4g7eHInR1cxENoNGKFa0Fr9EXnUv8sfwyobPD8NTu9eaH7T+d6f9oow+Q4n +xb9Xin5IRR/pcJ8v7zEjcXpZaZejcSU4iVZ0PR2Di4H9rfe9SEyR5wLrsVBePB3L +jaL1uK4bZF3n/JGgDe3BNy1PgPU+O+FCzQipBBTyJWQCjd4iTRXVbMa01PglAR85 +O9w6NXApBLyWdGRY6dGd8vMC2P4KlhnxlcgPZdglKniGTX+eTzT7Rszq77zjYrou +PLwSh9S7AgMBAAECggEABwiohxFoEIwws8XcdKqTWsbfNTw0qFfuHLuK2Htf7IWR +htlzn66F3F+4jnwc5IsPCoVFriCXnsEC/usHHSMTZkL+gJqxlNaGdin6DXS/aiOQ +nb69SaQfqNmsz4ApZyxVDqsQGkK0vAhDAtQVU45gyhp/nLLmmqP8lPzMirOEodmp +U9bA8t/ttrzng7SVAER42f6IVpW0iTKTLyFii0WZbq+ObViyqib9hVFrI6NJuQS+ +IelcZB0KsSi6rqIjXg1XXyMiIUcSlhq+GfEa18AYgmsbPwMbExate7/8Ci7ZtCbh +lx9bves2+eeqq5EMm3sMHyhdcg61yzd5UYXeZhwJkQKBgQDS9YqrAtztvLY2gMgv +d+wOjb9awWxYbQTBjx33kf66W+pJ+2j8bI/XX2CpZ98w/oq8VhMqbr9j5b8MfsrF +EoQvedA4joUo8sXd4j1mR2qKF4/KLmkgy6YYusNP2UrVSw7sh77bzce+YaVVoO/e +0wIVTHuD/QZ6fG6MasOqcbl6hwKBgQC27cQruaHFEXR/16LrMVAX+HyEEv44KOCZ +ij5OE4P7F0twb+okngG26+OJV3BtqXf0ULlXJ+YGwXCRf6zUZkld3NMy3bbKPgH6 +H/nf3BxqS2tudj7+DV52jKtisBghdvtlKs56oc9AAuwOs37DvhptBKUPdzDDqfys +Qchv5JQdLQKBgERev+pcqy2Bk6xmYHrB6wdseS/4sByYeIoi0BuEfYH4eB4yFPx6 +UsQCbVl6CKPgWyZe3ydJbU37D8gE78KfFagtWoZ56j4zMF2RDUUwsB7BNCDamce/ +OL2bCeG/Erm98cBG3lxufOX+z47I8fTNfkdY2k8UmhzoZwurLm73HJ3RAoGBAKsp +6yamuXF2FbYRhUXgjHsBbTD/vJO72/yO2CGiLRpi/5mjfkjo99269trp0C8sJSub +5PBiSuADXFsoRgUv+HI1UAEGaCTwxFTQWrRWdtgW3d0sE2EQDVWL5kmfT9TwSeat +mSoyAYR5t3tCBNkPJhbgA7pm4mASzHQ50VyxWs25AoGBAKPFx9X2oKhYQa+mW541 +bbqRuGFMoXIIcr/aeM3LayfLETi48o5NDr2NDP11j4yYuz26YLH0Dj8aKpWuehuH +uB27n6j6qu0SVhQi6mMJBe1JrKbzhqMKQjYOoy8VsC2gdj5pCUP/kLQPW7zm9diX +CiKTtKgPIeYdigor7V3AHcVT +-----END PRIVATE KEY----- diff --git a/integ-test/rc/esnode.pem b/integ-test/rc/esnode.pem new file mode 100644 index 0000000000..7ba92534e4 --- /dev/null +++ b/integ-test/rc/esnode.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyTCCA7GgAwIBAgIGAWLrc1O2MA0GCSqGSIb3DQEBCwUAMIGPMRMwEQYKCZIm +iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ +RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290 +IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwHhcNMTgwNDIy +MDM0MzQ3WhcNMjgwNDE5MDM0MzQ3WjBeMRIwEAYKCZImiZPyLGQBGRYCZGUxDTAL +BgNVBAcMBHRlc3QxDTALBgNVBAoMBG5vZGUxDTALBgNVBAsMBG5vZGUxGzAZBgNV +BAMMEm5vZGUtMC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAJa+f476vLB+AwK53biYByUwN+40D8jMIovGXm6wgT8+9Sbs899dDXgt +9CE1Beo65oP1+JUz4c7UHMrCY3ePiDt4cidHVzEQ2g0YoVrQWv0RedS/yx/DKhs8 +Pw1O715oftP53p/2ijD5DifFv1eKfkhFH+lwny/vMSNxellpl6NxJTiJVnQ9HYOL +gf2t971ITJHnAuuxUF48HcuNovW4rhtkXef8kaAN7cE3LU+A9T474ULNCKkEFPIl +ZAKN3iJNFdVsxrTU+CUBHzk73Do1cCkEvJZ0ZFjp0Z3y8wLY/gqWGfGVyA9l2CUq +eIZNf55PNPtGzOrvvONiui48vBKH1LsCAwEAAaOCAVkwggFVMIG8BgNVHSMEgbQw +gbGAFJI1DOAPHitF9k0583tfouYSl0BzoYGVpIGSMIGPMRMwEQYKCZImiZPyLGQB +GRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQRXhhbXBs +ZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290IENBMSEw +HwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0GCAQEwHQYDVR0OBBYEFKyv +78ZmFjVKM9g7pMConYH7FVBHMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg +MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA1BgNVHREELjAsiAUq +AwQFBYISbm9kZS0wLmV4YW1wbGUuY29tgglsb2NhbGhvc3SHBH8AAAEwDQYJKoZI +hvcNAQELBQADggEBAIOKuyXsFfGv1hI/Lkpd/73QNqjqJdxQclX57GOMWNbOM5H0 +5/9AOIZ5JQsWULNKN77aHjLRr4owq2jGbpc/Z6kAd+eiatkcpnbtbGrhKpOtoEZy +8KuslwkeixpzLDNISSbkeLpXz4xJI1ETMN/VG8ZZP1bjzlHziHHDu0JNZ6TnNzKr +XzCGMCohFfem8vnKNnKUneMQMvXd3rzUaAgvtf7Hc2LTBlf4fZzZF1EkwdSXhaMA +1lkfHiqOBxtgeDLxCHESZ2fqgVqsWX+t3qHQfivcPW6txtDyrFPRdJOGhiMGzT/t +e/9kkAtQRgpTb3skYdIOOUOV0WGQ60kJlFhAzIs= +-----END CERTIFICATE----- diff --git a/integ-test/rc/kirk-key.pem b/integ-test/rc/kirk-key.pem new file mode 100644 index 0000000000..bacb22c215 --- /dev/null +++ b/integ-test/rc/kirk-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCwgBOoO88uMM8 +dREJsk58Yt4Jn0zwQ2wUThbvy3ICDiEWhiAhUbg6dTggpS5vWWJto9bvaaqgMVoh +ElfYHdTDncX3UQNBEP8tqzHON6BFEFSGgJRGLd6f5dri6rK32nCotYS61CFXBFxf +WumXjSukjyrcTsdkR3C5QDo2oN7F883MOQqRENPzAtZi9s3jNX48u+/e3yvJzXsB +GS9Qmsye6C71enbIujM4CVwDT/7a5jHuaUp6OuNCFbdRPnu/wLYwOS2/yOtzAqk7 +/PFnPCe7YOa10ShnV/jx2sAHhp7ZQBJgFkkgnIERz9Ws74Au+EbptWnsWuB+LqRL +x5G02IzpAgMBAAECggEAEzwnMkeBbqqDgyRqFbO/PgMNvD7i0b/28V0dCtCPEVY6 +klzrg3RCERP5V9AN8VVkppYjPkCzZ2A4b0JpMUu7ncOmr7HCnoSCj2IfEyePSVg+ +4OHbbcBOAoDTHiI2myM/M9++8izNS34qGV4t6pfjaDyeQQ/5cBVWNBWnKjS34S5H +rJWpAcDgxYk5/ah2Xs2aULZlXDMxbSikjrv+n4JIYTKFQo8ydzL8HQDBRmXAFLjC +gNOSHf+5u1JdpY3uPIxK1ugVf8zPZ4/OEB23j56uu7c8+sZ+kZwfRWAQmMhFVG/y +OXxoT5mOruBsAw29m2Ijtxg252/YzSTxiDqFziB/eQKBgQDjeVAdi55GW/bvhuqn +xME/An8E3hI/FyaaITrMQJUBjiCUaStTEqUgQ6A7ZfY/VX6qafOX7sli1svihrXC +uelmKrdve/CFEEqzX9JWWRiPiQ0VZD+EQRsJvX85Tw2UGvVUh6dO3UGPS0BhplMD +jeVpyXgZ7Gy5we+DWjfwhYrCmwKBgQDbLmQhRy+IdVljObZmv3QtJ0cyxxZETWzU +MKmgBFvcRw+KvNwO+Iy0CHEbDu06Uj63kzI2bK3QdINaSrjgr8iftXIQpBmcgMF+ +a1l5HtHlCp6RWd55nWQOEvn36IGN3cAaQkXuh4UYM7QfEJaAbzJhyJ+wXA3jWqUd +8bDTIAZ0ywKBgFuZ44gyTAc7S2JDa0Up90O/ZpT4NFLRqMrSbNIJg7d/m2EIRNkM +HhCzCthAg/wXGo3XYq+hCdnSc4ICCzmiEfoBY6LyPvXmjJ5VDOeWs0xBvVIK74T7 +jr7KX2wdiHNGs9pZUidw89CXVhK8nptEzcheyA1wZowbK68yamph7HHXAoGBAK3x +7D9Iyl1mnDEWPT7f1Gh9UpDm1TIRrDvd/tBihTCVKK13YsFy2d+LD5Bk0TpGyUVR +STlOGMdloFUJFh4jA3pUOpkgUr8Uo/sbYN+x6Ov3+I3sH5aupRhSURVA7YhUIz/z +tqIt5R+m8Nzygi6dkQNvf+Qruk3jw0S3ahizwsvvAoGAL7do6dTLp832wFVxkEf4 +gg1M6DswfkgML5V/7GQ3MkIX/Hrmiu+qSuHhDGrp9inZdCDDYg5+uy1+2+RBMRZ3 +vDUUacvc4Fep05zp7NcjgU5y+/HWpuKVvLIlZAO1MBY4Xinqqii6RdxukIhxw7eT +C6TPL5KAcV1R/XAihDhI18Y= +-----END PRIVATE KEY----- diff --git a/integ-test/rc/kirk.pem b/integ-test/rc/kirk.pem new file mode 100644 index 0000000000..c32b21cd89 --- /dev/null +++ b/integ-test/rc/kirk.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdzCCA1+gAwIBAgIGAWLrc1O4MA0GCSqGSIb3DQEBCwUAMIGPMRMwEQYKCZIm +iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ +RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290 +IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwHhcNMTgwNDIy +MDM0MzQ3WhcNMjgwNDE5MDM0MzQ3WjBNMQswCQYDVQQGEwJkZTENMAsGA1UEBwwE +dGVzdDEPMA0GA1UECgwGY2xpZW50MQ8wDQYDVQQLDAZjbGllbnQxDTALBgNVBAMM +BGtpcmswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCwgBOoO88uMM8 +dREJsk58Yt4Jn0zwQ2wUThbvy3ICDiEWhiAhUbg6dTggpS5vWWJto9bvaaqgMVoh +ElfYHdTDncX3UQNBEP8tqzHON6BFEFSGgJRGLd6f5dri6rK32nCotYS61CFXBFxf +WumXjSukjyrcTsdkR3C5QDo2oN7F883MOQqRENPzAtZi9s3jNX48u+/e3yvJzXsB +GS9Qmsye6C71enbIujM4CVwDT/7a5jHuaUp6OuNCFbdRPnu/wLYwOS2/yOtzAqk7 +/PFnPCe7YOa10ShnV/jx2sAHhp7ZQBJgFkkgnIERz9Ws74Au+EbptWnsWuB+LqRL +x5G02IzpAgMBAAGjggEYMIIBFDCBvAYDVR0jBIG0MIGxgBSSNQzgDx4rRfZNOfN7 +X6LmEpdAc6GBlaSBkjCBjzETMBEGCgmSJomT8ixkARkWA2NvbTEXMBUGCgmSJomT +8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1wbGUgQ29tIEluYy4xITAfBgNV +BAsMGEV4YW1wbGUgQ29tIEluYy4gUm9vdCBDQTEhMB8GA1UEAwwYRXhhbXBsZSBD +b20gSW5jLiBSb290IENBggEBMB0GA1UdDgQWBBRsdhuHn3MGDvZxOe22+1wliCJB +mDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggr +BgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAkPrUTKKn+/6g0CjhTPBFeX8mKXhG +zw5z9Oq+xnwefZwxV82E/tgFsPcwXcJIBg0f43BaVSygPiV7bXqWhxASwn73i24z +lveIR4+z56bKIhP6c3twb8WWR9yDcLu2Iroin7dYEm3dfVUrhz/A90WHr6ddwmLL +3gcFF2kBu3S3xqM5OmN/tqRXFmo+EvwrdJRiTh4Fsf0tX1ZT07rrGvBFYktK7Kma +lqDl4UDCF1UWkiiFubc0Xw+DR6vNAa99E0oaphzvCmITU1wITNnYZTKzVzQ7vUCq +kLmXOFLTcxTQpptxSo5xDD3aTpzWGCvjExCKpXQtsITUOYtZc02AGjjPOQ== +-----END CERTIFICATE----- diff --git a/integ-test/rc/opensearch.keystore b/integ-test/rc/opensearch.keystore new file mode 100644 index 0000000000000000000000000000000000000000..4ebe8cc9aa01cd43ec5d70659b497aebd92f71a9 GIT binary patch literal 196 zcmcD&o+B=tUyzztoSImaoS~PUT3K9@UzEzgz`z2;43mM_p*ZH<`ls<{Per=l)QECi z%eGo)zXkWdn-M?G+!3mEmUmJtTK-}BR1@KYuU__KUd>2Q+wy1H)FU@0{|Zh@v$RmY z4m5*jt-z93Dh1x^$L_PS1NqiZj(B!&_w!n&v2=n?*wv { + BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); + credentialsProvider.setCredentials( + new AuthScope(null, -1), + new UsernamePasswordCredentials(userName, password.toCharArray())); + return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); + }); + } + configureClient(builder, settings); + } + protected static void configureHttpsClient(RestClientBuilder builder, Settings settings, HttpHost httpHost) throws IOException { diff --git a/integ-test/src/test/java/org/opensearch/sql/legacy/RestIntegTestCase.java b/integ-test/src/test/java/org/opensearch/sql/legacy/RestIntegTestCase.java index dd48d82114..fcb60e061f 100644 --- a/integ-test/src/test/java/org/opensearch/sql/legacy/RestIntegTestCase.java +++ b/integ-test/src/test/java/org/opensearch/sql/legacy/RestIntegTestCase.java @@ -44,9 +44,9 @@ import org.junit.Before; import org.opensearch.client.Request; import org.opensearch.client.Response; +import org.opensearch.core.xcontent.XContentBuilder; import org.opensearch.common.xcontent.XContentFactory; import org.opensearch.core.rest.RestStatus; -import org.opensearch.core.xcontent.XContentBuilder; /** * SQL plugin integration test base class (migrated from SQLIntegTestCase) diff --git a/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java b/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java index a8e686a893..3f4d4b6684 100644 --- a/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java +++ b/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java @@ -15,8 +15,10 @@ import static org.opensearch.sql.util.MatcherUtils.verifyDataRows; import java.io.IOException; +import lombok.SneakyThrows; import org.json.JSONObject; import org.junit.Rule; +import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.rules.ExpectedException; import org.opensearch.client.ResponseException; @@ -31,8 +33,19 @@ public class CrossClusterSearchIT extends PPLIntegTestCase { private final static String TEST_INDEX_DOG_MATCH_ALL_REMOTE = MATCH_ALL_REMOTE_CLUSTER + ":" + TEST_INDEX_DOG; private final static String TEST_INDEX_ACCOUNT_REMOTE = REMOTE_CLUSTER + ":" + TEST_INDEX_ACCOUNT; + private static boolean initialized = false; + + @SneakyThrows + @BeforeEach + public void initialize() { + if (!initialized) { + setUpIndices(); + initialized = true; + } + } + @Override - public void init() throws IOException { + protected void init() throws Exception { configureMultiClusters(); loadIndex(Index.BANK); loadIndex(Index.BANK, remoteClient()); From e840ac2a1e7ac343e05cdf99279ca8f6f3c44c1a Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Tue, 8 Aug 2023 15:56:59 -0700 Subject: [PATCH 02/13] Remove unneeded files. Signed-off-by: Yury-Fridlyand --- integ-test/rc/kirk-key.pem | 28 ---------------------------- integ-test/rc/kirk.pem | 26 -------------------------- integ-test/rc/opensearch.keystore | Bin 196 -> 0 bytes 3 files changed, 54 deletions(-) delete mode 100644 integ-test/rc/kirk-key.pem delete mode 100644 integ-test/rc/kirk.pem delete mode 100644 integ-test/rc/opensearch.keystore diff --git a/integ-test/rc/kirk-key.pem b/integ-test/rc/kirk-key.pem deleted file mode 100644 index bacb22c215..0000000000 --- a/integ-test/rc/kirk-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCwgBOoO88uMM8 -dREJsk58Yt4Jn0zwQ2wUThbvy3ICDiEWhiAhUbg6dTggpS5vWWJto9bvaaqgMVoh -ElfYHdTDncX3UQNBEP8tqzHON6BFEFSGgJRGLd6f5dri6rK32nCotYS61CFXBFxf -WumXjSukjyrcTsdkR3C5QDo2oN7F883MOQqRENPzAtZi9s3jNX48u+/e3yvJzXsB -GS9Qmsye6C71enbIujM4CVwDT/7a5jHuaUp6OuNCFbdRPnu/wLYwOS2/yOtzAqk7 -/PFnPCe7YOa10ShnV/jx2sAHhp7ZQBJgFkkgnIERz9Ws74Au+EbptWnsWuB+LqRL -x5G02IzpAgMBAAECggEAEzwnMkeBbqqDgyRqFbO/PgMNvD7i0b/28V0dCtCPEVY6 -klzrg3RCERP5V9AN8VVkppYjPkCzZ2A4b0JpMUu7ncOmr7HCnoSCj2IfEyePSVg+ -4OHbbcBOAoDTHiI2myM/M9++8izNS34qGV4t6pfjaDyeQQ/5cBVWNBWnKjS34S5H -rJWpAcDgxYk5/ah2Xs2aULZlXDMxbSikjrv+n4JIYTKFQo8ydzL8HQDBRmXAFLjC -gNOSHf+5u1JdpY3uPIxK1ugVf8zPZ4/OEB23j56uu7c8+sZ+kZwfRWAQmMhFVG/y -OXxoT5mOruBsAw29m2Ijtxg252/YzSTxiDqFziB/eQKBgQDjeVAdi55GW/bvhuqn -xME/An8E3hI/FyaaITrMQJUBjiCUaStTEqUgQ6A7ZfY/VX6qafOX7sli1svihrXC -uelmKrdve/CFEEqzX9JWWRiPiQ0VZD+EQRsJvX85Tw2UGvVUh6dO3UGPS0BhplMD -jeVpyXgZ7Gy5we+DWjfwhYrCmwKBgQDbLmQhRy+IdVljObZmv3QtJ0cyxxZETWzU -MKmgBFvcRw+KvNwO+Iy0CHEbDu06Uj63kzI2bK3QdINaSrjgr8iftXIQpBmcgMF+ -a1l5HtHlCp6RWd55nWQOEvn36IGN3cAaQkXuh4UYM7QfEJaAbzJhyJ+wXA3jWqUd -8bDTIAZ0ywKBgFuZ44gyTAc7S2JDa0Up90O/ZpT4NFLRqMrSbNIJg7d/m2EIRNkM -HhCzCthAg/wXGo3XYq+hCdnSc4ICCzmiEfoBY6LyPvXmjJ5VDOeWs0xBvVIK74T7 -jr7KX2wdiHNGs9pZUidw89CXVhK8nptEzcheyA1wZowbK68yamph7HHXAoGBAK3x -7D9Iyl1mnDEWPT7f1Gh9UpDm1TIRrDvd/tBihTCVKK13YsFy2d+LD5Bk0TpGyUVR -STlOGMdloFUJFh4jA3pUOpkgUr8Uo/sbYN+x6Ov3+I3sH5aupRhSURVA7YhUIz/z -tqIt5R+m8Nzygi6dkQNvf+Qruk3jw0S3ahizwsvvAoGAL7do6dTLp832wFVxkEf4 -gg1M6DswfkgML5V/7GQ3MkIX/Hrmiu+qSuHhDGrp9inZdCDDYg5+uy1+2+RBMRZ3 -vDUUacvc4Fep05zp7NcjgU5y+/HWpuKVvLIlZAO1MBY4Xinqqii6RdxukIhxw7eT -C6TPL5KAcV1R/XAihDhI18Y= ------END PRIVATE KEY----- diff --git a/integ-test/rc/kirk.pem b/integ-test/rc/kirk.pem deleted file mode 100644 index c32b21cd89..0000000000 --- a/integ-test/rc/kirk.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEdzCCA1+gAwIBAgIGAWLrc1O4MA0GCSqGSIb3DQEBCwUAMIGPMRMwEQYKCZIm -iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ -RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290 -IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwHhcNMTgwNDIy -MDM0MzQ3WhcNMjgwNDE5MDM0MzQ3WjBNMQswCQYDVQQGEwJkZTENMAsGA1UEBwwE -dGVzdDEPMA0GA1UECgwGY2xpZW50MQ8wDQYDVQQLDAZjbGllbnQxDTALBgNVBAMM -BGtpcmswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCwgBOoO88uMM8 -dREJsk58Yt4Jn0zwQ2wUThbvy3ICDiEWhiAhUbg6dTggpS5vWWJto9bvaaqgMVoh -ElfYHdTDncX3UQNBEP8tqzHON6BFEFSGgJRGLd6f5dri6rK32nCotYS61CFXBFxf -WumXjSukjyrcTsdkR3C5QDo2oN7F883MOQqRENPzAtZi9s3jNX48u+/e3yvJzXsB -GS9Qmsye6C71enbIujM4CVwDT/7a5jHuaUp6OuNCFbdRPnu/wLYwOS2/yOtzAqk7 -/PFnPCe7YOa10ShnV/jx2sAHhp7ZQBJgFkkgnIERz9Ws74Au+EbptWnsWuB+LqRL -x5G02IzpAgMBAAGjggEYMIIBFDCBvAYDVR0jBIG0MIGxgBSSNQzgDx4rRfZNOfN7 -X6LmEpdAc6GBlaSBkjCBjzETMBEGCgmSJomT8ixkARkWA2NvbTEXMBUGCgmSJomT -8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1wbGUgQ29tIEluYy4xITAfBgNV -BAsMGEV4YW1wbGUgQ29tIEluYy4gUm9vdCBDQTEhMB8GA1UEAwwYRXhhbXBsZSBD -b20gSW5jLiBSb290IENBggEBMB0GA1UdDgQWBBRsdhuHn3MGDvZxOe22+1wliCJB -mDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggr -BgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAkPrUTKKn+/6g0CjhTPBFeX8mKXhG -zw5z9Oq+xnwefZwxV82E/tgFsPcwXcJIBg0f43BaVSygPiV7bXqWhxASwn73i24z -lveIR4+z56bKIhP6c3twb8WWR9yDcLu2Iroin7dYEm3dfVUrhz/A90WHr6ddwmLL -3gcFF2kBu3S3xqM5OmN/tqRXFmo+EvwrdJRiTh4Fsf0tX1ZT07rrGvBFYktK7Kma -lqDl4UDCF1UWkiiFubc0Xw+DR6vNAa99E0oaphzvCmITU1wITNnYZTKzVzQ7vUCq -kLmXOFLTcxTQpptxSo5xDD3aTpzWGCvjExCKpXQtsITUOYtZc02AGjjPOQ== ------END CERTIFICATE----- diff --git a/integ-test/rc/opensearch.keystore b/integ-test/rc/opensearch.keystore deleted file mode 100644 index 4ebe8cc9aa01cd43ec5d70659b497aebd92f71a9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 196 zcmcD&o+B=tUyzztoSImaoS~PUT3K9@UzEzgz`z2;43mM_p*ZH<`ls<{Per=l)QECi z%eGo)zXkWdn-M?G+!3mEmUmJtTK-}BR1@KYuU__KUd>2Q+wy1H)FU@0{|Zh@v$RmY z4m5*jt-z93Dh1x^$L_PS1NqiZj(B!&_w!n&v2=n?*wv Date: Tue, 8 Aug 2023 16:21:27 -0700 Subject: [PATCH 03/13] Typo fix. Signed-off-by: Yury-Fridlyand --- .github/workflows/integ-tests-with-security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integ-tests-with-security.yml b/.github/workflows/integ-tests-with-security.yml index 25051923a2..3edd33feaf 100644 --- a/.github/workflows/integ-tests-with-security.yml +++ b/.github/workflows/integ-tests-with-security.yml @@ -6,7 +6,7 @@ on: branches-ignore: - 'dependabot/**' paths: - - 'integ-test/** + - 'integ-test/**' - '.github/workflows/integ-tests-with-security.yml' jobs: From b28f328d8fea2d3a388c0843d477de6c759e9be8 Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Tue, 8 Aug 2023 16:23:45 -0700 Subject: [PATCH 04/13] Fix GHA matrix syntax. Signed-off-by: Yury-Fridlyand --- .github/workflows/integ-tests-with-security.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integ-tests-with-security.yml b/.github/workflows/integ-tests-with-security.yml index 3edd33feaf..1811e23ccf 100644 --- a/.github/workflows/integ-tests-with-security.yml +++ b/.github/workflows/integ-tests-with-security.yml @@ -14,8 +14,8 @@ jobs: strategy: fail-fast: false matrix: - - os: [ ubuntu-latest, windows-latest, macos-latest ] - - java: [ 11, 17 ] + os: [ ubuntu-latest, windows-latest, macos-latest ] + java: [ 11, 17 ] runs-on: ${{ matrix.entry.os }} From 6049800aa4681fb926391c1af710a79f5c72931c Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Tue, 8 Aug 2023 16:25:35 -0700 Subject: [PATCH 05/13] Fix GHA matrix syntax. Signed-off-by: Yury-Fridlyand --- .github/workflows/integ-tests-with-security.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integ-tests-with-security.yml b/.github/workflows/integ-tests-with-security.yml index 1811e23ccf..7804ab6540 100644 --- a/.github/workflows/integ-tests-with-security.yml +++ b/.github/workflows/integ-tests-with-security.yml @@ -17,7 +17,7 @@ jobs: os: [ ubuntu-latest, windows-latest, macos-latest ] java: [ 11, 17 ] - runs-on: ${{ matrix.entry.os }} + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 @@ -26,7 +26,7 @@ jobs: uses: actions/setup-java@v3 with: distribution: 'temurin' - java-version: ${{ matrix.entry.java }} + java-version: ${{ matrix.java }} - name: Build with Gradle run: ./gradlew integTestWithSecurity @@ -36,7 +36,7 @@ jobs: uses: actions/upload-artifact@v2 continue-on-error: true with: - name: test-reports-${{ matrix.entry.os }}-${{ matrix.entry.java }} + name: test-reports-${{ matrix.os }}-${{ matrix.java }} path: | integ-test/build/reports/** integ-test/build/testclusters/*/logs/* From 25b22e3af88065af30986aaf485b29a7fadbf436 Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Tue, 8 Aug 2023 16:43:40 -0700 Subject: [PATCH 06/13] Code clean up. Signed-off-by: Yury-Fridlyand --- integ-test/build.gradle | 2 -- .../opensearch/sql/legacy/OpenSearchSQLRestTestCase.java | 7 ++++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/integ-test/build.gradle b/integ-test/build.gradle index 536214d871..9aa4ef8a35 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -73,7 +73,6 @@ ext { def snapshotVersion = metadata.versioning.snapshotVersions[0].snapshotVersion[0].value[0].text() return repo + "opensearch-security-${snapshotVersion}.zip" - //return "https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230801.181212-166.zip" } } @@ -112,7 +111,6 @@ dependencies { testImplementation group: 'org.opensearch.client', name: 'opensearch-rest-client', version: "${opensearch_version}" testImplementation group: 'org.opensearch.driver', name: 'opensearch-sql-jdbc', version: System.getProperty("jdbcDriverVersion", '1.2.0.0') testImplementation group: 'org.hamcrest', name: 'hamcrest', version: '2.1' - //testImplementation group: 'org.hamcrest', name: 'hamcrest-core', version: '2.1' implementation group: 'org.apache.logging.log4j', name: 'log4j-core', version:'2.20.0' testImplementation project(':opensearch-sql-plugin') testImplementation project(':legacy') diff --git a/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java b/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java index db39aadf1c..cd1b4ff2ef 100644 --- a/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java +++ b/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java @@ -97,7 +97,7 @@ protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOE if (isHttps()) { configureHttpsClient(builder, settings, hosts[0]); } else { - configureClient(builder, settings, hosts[0]); + configureClient(builder, settings); } builder.setStrictDeprecationMode(false); @@ -201,7 +201,8 @@ protected static void wipeAllOpenSearchIndices(RestClient client) throws IOExcep } } - protected static void configureClient(RestClientBuilder builder, Settings settings, HttpHost httpHost) throws IOException { + protected static void configureClient(RestClientBuilder builder, Settings settings) + throws IOException { String userName = System.getProperty("user"); String password = System.getProperty("password"); if (userName != null && password != null) { @@ -213,7 +214,7 @@ protected static void configureClient(RestClientBuilder builder, Settings settin return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); }); } - configureClient(builder, settings); + OpenSearchRestTestCase.configureClient(builder, settings); } protected static void configureHttpsClient(RestClientBuilder builder, Settings settings, From 28fabfdbb226837f821649f8ca84fe4c625d0846 Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Wed, 9 Aug 2023 16:08:01 -0700 Subject: [PATCH 07/13] Optimize downloading. Signed-off-by: Yury-Fridlyand --- integ-test/build.gradle | 43 ++++++++++++++++-------------------- integ-test/rc/esnode-key.pem | 28 ----------------------- integ-test/rc/esnode.pem | 28 ----------------------- integ-test/rc/root-ca.pem | 24 -------------------- 4 files changed, 19 insertions(+), 104 deletions(-) delete mode 100644 integ-test/rc/esnode-key.pem delete mode 100644 integ-test/rc/esnode.pem delete mode 100644 integ-test/rc/root-ca.pem diff --git a/integ-test/build.gradle b/integ-test/build.gradle index 9aa4ef8a35..2a319cad0c 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -154,7 +154,7 @@ testClusters.integTest { setting "plugins.query.datasources.encryption.masterkey", "1234567812345678" } -boolean securityPluginDownloaded = false +File downloadedSecurityPlugin = null testClusters { remoteCluster { @@ -167,9 +167,25 @@ testClusters { } var projectAbsPath = projectDir.getAbsolutePath() + + // add a check to avoid re-downloading multiple times during single test run + if (downloadedSecurityPlugin == null) { + downloadedSecurityPlugin = Paths.get(projectAbsPath, 'bin', 'opensearch-security-snapshot.zip').toFile() + download.run { + src getSecurityPluginDownloadLink() + dest downloadedSecurityPlugin + } + } + // Config below including files are copied from security demo configuration ['esnode.pem', 'esnode-key.pem', 'root-ca.pem'].forEach { file -> - extraConfigFile file, Paths.get(projectAbsPath, 'rc', file).toFile() + File local = Paths.get(projectAbsPath, 'bin', file).toFile() + download.run { + src "https://raw.githubusercontent.com/opensearch-project/security/main/bwc-test/src/test/resources/security/" + file + dest local + overwrite false + } + extraConfigFile file, local } setting 'plugins.security.ssl.transport.pemcert_filepath', 'esnode.pem' setting 'plugins.security.ssl.transport.pemkey_filepath', 'esnode-key.pem' @@ -192,28 +208,7 @@ testClusters { setting 'plugins.security.system_indices.enabled', 'true' plugin ":opensearch-sql-plugin" - plugin provider(new Callable(){ - - @Override - RegularFile call() throws Exception { - return new RegularFile() { - - @Override - File getAsFile() { - var target = Paths.get(projectAbsPath, 'bin', 'opensearch-security-snapshot.zip').toFile() - // add a check to avoid re-downloading multiple times during single test run - if (!securityPluginDownloaded) { - download.run { - src getSecurityPluginDownloadLink() - dest target - } - securityPluginDownloaded = true - } - return target - } - } - } - }) + plugin provider((Callable) (() -> (RegularFile) (() -> downloadedSecurityPlugin))) } } diff --git a/integ-test/rc/esnode-key.pem b/integ-test/rc/esnode-key.pem deleted file mode 100644 index 4ac2cb57a7..0000000000 --- a/integ-test/rc/esnode-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCWvn+O+rywfgMC -ud24mAclMDfuNA/IzCKLxl5usIE/PvUm7PPfXQ14LfQhNQXqOuaD9fiVM+HO1BzK -wmN3j4g7eHInR1cxENoNGKFa0Fr9EXnUv8sfwyobPD8NTu9eaH7T+d6f9oow+Q4n -xb9Xin5IRR/pcJ8v7zEjcXpZaZejcSU4iVZ0PR2Di4H9rfe9SEyR5wLrsVBePB3L -jaL1uK4bZF3n/JGgDe3BNy1PgPU+O+FCzQipBBTyJWQCjd4iTRXVbMa01PglAR85 -O9w6NXApBLyWdGRY6dGd8vMC2P4KlhnxlcgPZdglKniGTX+eTzT7Rszq77zjYrou -PLwSh9S7AgMBAAECggEABwiohxFoEIwws8XcdKqTWsbfNTw0qFfuHLuK2Htf7IWR -htlzn66F3F+4jnwc5IsPCoVFriCXnsEC/usHHSMTZkL+gJqxlNaGdin6DXS/aiOQ -nb69SaQfqNmsz4ApZyxVDqsQGkK0vAhDAtQVU45gyhp/nLLmmqP8lPzMirOEodmp -U9bA8t/ttrzng7SVAER42f6IVpW0iTKTLyFii0WZbq+ObViyqib9hVFrI6NJuQS+ -IelcZB0KsSi6rqIjXg1XXyMiIUcSlhq+GfEa18AYgmsbPwMbExate7/8Ci7ZtCbh -lx9bves2+eeqq5EMm3sMHyhdcg61yzd5UYXeZhwJkQKBgQDS9YqrAtztvLY2gMgv -d+wOjb9awWxYbQTBjx33kf66W+pJ+2j8bI/XX2CpZ98w/oq8VhMqbr9j5b8MfsrF -EoQvedA4joUo8sXd4j1mR2qKF4/KLmkgy6YYusNP2UrVSw7sh77bzce+YaVVoO/e -0wIVTHuD/QZ6fG6MasOqcbl6hwKBgQC27cQruaHFEXR/16LrMVAX+HyEEv44KOCZ -ij5OE4P7F0twb+okngG26+OJV3BtqXf0ULlXJ+YGwXCRf6zUZkld3NMy3bbKPgH6 -H/nf3BxqS2tudj7+DV52jKtisBghdvtlKs56oc9AAuwOs37DvhptBKUPdzDDqfys -Qchv5JQdLQKBgERev+pcqy2Bk6xmYHrB6wdseS/4sByYeIoi0BuEfYH4eB4yFPx6 -UsQCbVl6CKPgWyZe3ydJbU37D8gE78KfFagtWoZ56j4zMF2RDUUwsB7BNCDamce/ -OL2bCeG/Erm98cBG3lxufOX+z47I8fTNfkdY2k8UmhzoZwurLm73HJ3RAoGBAKsp -6yamuXF2FbYRhUXgjHsBbTD/vJO72/yO2CGiLRpi/5mjfkjo99269trp0C8sJSub -5PBiSuADXFsoRgUv+HI1UAEGaCTwxFTQWrRWdtgW3d0sE2EQDVWL5kmfT9TwSeat -mSoyAYR5t3tCBNkPJhbgA7pm4mASzHQ50VyxWs25AoGBAKPFx9X2oKhYQa+mW541 -bbqRuGFMoXIIcr/aeM3LayfLETi48o5NDr2NDP11j4yYuz26YLH0Dj8aKpWuehuH -uB27n6j6qu0SVhQi6mMJBe1JrKbzhqMKQjYOoy8VsC2gdj5pCUP/kLQPW7zm9diX -CiKTtKgPIeYdigor7V3AHcVT ------END PRIVATE KEY----- diff --git a/integ-test/rc/esnode.pem b/integ-test/rc/esnode.pem deleted file mode 100644 index 7ba92534e4..0000000000 --- a/integ-test/rc/esnode.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEyTCCA7GgAwIBAgIGAWLrc1O2MA0GCSqGSIb3DQEBCwUAMIGPMRMwEQYKCZIm -iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ -RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290 -IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwHhcNMTgwNDIy -MDM0MzQ3WhcNMjgwNDE5MDM0MzQ3WjBeMRIwEAYKCZImiZPyLGQBGRYCZGUxDTAL -BgNVBAcMBHRlc3QxDTALBgNVBAoMBG5vZGUxDTALBgNVBAsMBG5vZGUxGzAZBgNV -BAMMEm5vZGUtMC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAJa+f476vLB+AwK53biYByUwN+40D8jMIovGXm6wgT8+9Sbs899dDXgt -9CE1Beo65oP1+JUz4c7UHMrCY3ePiDt4cidHVzEQ2g0YoVrQWv0RedS/yx/DKhs8 -Pw1O715oftP53p/2ijD5DifFv1eKfkhFH+lwny/vMSNxellpl6NxJTiJVnQ9HYOL -gf2t971ITJHnAuuxUF48HcuNovW4rhtkXef8kaAN7cE3LU+A9T474ULNCKkEFPIl -ZAKN3iJNFdVsxrTU+CUBHzk73Do1cCkEvJZ0ZFjp0Z3y8wLY/gqWGfGVyA9l2CUq -eIZNf55PNPtGzOrvvONiui48vBKH1LsCAwEAAaOCAVkwggFVMIG8BgNVHSMEgbQw -gbGAFJI1DOAPHitF9k0583tfouYSl0BzoYGVpIGSMIGPMRMwEQYKCZImiZPyLGQB -GRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQRXhhbXBs -ZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290IENBMSEw -HwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0GCAQEwHQYDVR0OBBYEFKyv -78ZmFjVKM9g7pMConYH7FVBHMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg -MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA1BgNVHREELjAsiAUq -AwQFBYISbm9kZS0wLmV4YW1wbGUuY29tgglsb2NhbGhvc3SHBH8AAAEwDQYJKoZI -hvcNAQELBQADggEBAIOKuyXsFfGv1hI/Lkpd/73QNqjqJdxQclX57GOMWNbOM5H0 -5/9AOIZ5JQsWULNKN77aHjLRr4owq2jGbpc/Z6kAd+eiatkcpnbtbGrhKpOtoEZy -8KuslwkeixpzLDNISSbkeLpXz4xJI1ETMN/VG8ZZP1bjzlHziHHDu0JNZ6TnNzKr -XzCGMCohFfem8vnKNnKUneMQMvXd3rzUaAgvtf7Hc2LTBlf4fZzZF1EkwdSXhaMA -1lkfHiqOBxtgeDLxCHESZ2fqgVqsWX+t3qHQfivcPW6txtDyrFPRdJOGhiMGzT/t -e/9kkAtQRgpTb3skYdIOOUOV0WGQ60kJlFhAzIs= ------END CERTIFICATE----- diff --git a/integ-test/rc/root-ca.pem b/integ-test/rc/root-ca.pem deleted file mode 100644 index 4015d866e1..0000000000 --- a/integ-test/rc/root-ca.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjzETMBEGCgmSJomT8ixk -ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w -bGUgQ29tIEluYy4xITAfBgNVBAsMGEV4YW1wbGUgQ29tIEluYy4gUm9vdCBDQTEh -MB8GA1UEAwwYRXhhbXBsZSBDb20gSW5jLiBSb290IENBMB4XDTE4MDQyMjAzNDM0 -NloXDTI4MDQxOTAzNDM0NlowgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJ -kiaJk/IsZAEZFgdleGFtcGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEw -HwYDVQQLDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1w -bGUgQ29tIEluYy4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAK/u+GARP5innhpXK0c0q7s1Su1VTEaIgmZr8VWI6S8amf5cU3ktV7WT9SuV -TsAm2i2A5P+Ctw7iZkfnHWlsC3HhPUcd6mvzGZ4moxnamM7r+a9otRp3owYoGStX -ylVTQusAjbq9do8CMV4hcBTepCd+0w0v4h6UlXU8xjhj1xeUIz4DKbRgf36q0rv4 -VIX46X72rMJSETKOSxuwLkov1ZOVbfSlPaygXIxqsHVlj1iMkYRbQmaTib6XWHKf -MibDaqDejOhukkCjzpptGZOPFQ8002UtTTNv1TiaKxkjMQJNwz6jfZ53ws3fh1I0 -RWT6WfM4oeFRFnyFRmc4uYTUgAkCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAf -BgNVHSMEGDAWgBSSNQzgDx4rRfZNOfN7X6LmEpdAczAdBgNVHQ4EFgQUkjUM4A8e -K0X2TTnze1+i5hKXQHMwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IB -AQBoQHvwsR34hGO2m8qVR9nQ5Klo5HYPyd6ySKNcT36OZ4AQfaCGsk+SecTi35QF -RHL3g2qffED4tKR0RBNGQSgiLavmHGCh3YpDupKq2xhhEeS9oBmQzxanFwWFod4T -nnsG2cCejyR9WXoRzHisw0KJWeuNlwjUdJY0xnn16srm1zL/M/f0PvCyh9HU1mF1 -ivnOSqbDD2Z7JSGyckgKad1Omsg/rr5XYtCeyJeXUPcmpeX6erWJJNTUh6yWC/hY -G/dFC4xrJhfXwz6Z0ytUygJO32bJG4Np2iGAwvvgI9EfxzEv/KP+FGrJOvQJAq4/ -BU36ZAa80W/8TBnqZTkNnqZV ------END CERTIFICATE----- From 9eb74bd2d7e5049b58511aa61b9258f4f7cffe99 Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Wed, 9 Aug 2023 16:09:28 -0700 Subject: [PATCH 08/13] Apply suggestions from code review Signed-off-by: Yury-Fridlyand Co-authored-by: Andrew Carbonetto --- .github/workflows/integ-tests-with-security.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integ-tests-with-security.yml b/.github/workflows/integ-tests-with-security.yml index 7804ab6540..0d54b8cfef 100644 --- a/.github/workflows/integ-tests-with-security.yml +++ b/.github/workflows/integ-tests-with-security.yml @@ -1,4 +1,4 @@ -name: Extra IT with security +name: Security Plugin IT on: pull_request: @@ -10,7 +10,7 @@ on: - '.github/workflows/integ-tests-with-security.yml' jobs: - extra-it: + security-it: strategy: fail-fast: false matrix: From 6d371170fbf4553efc0659dd6df7e108eca4f422 Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Wed, 9 Aug 2023 16:09:52 -0700 Subject: [PATCH 09/13] Update integ-test/build.gradle Signed-off-by: Yury-Fridlyand Co-authored-by: Andrew Carbonetto --- integ-test/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integ-test/build.gradle b/integ-test/build.gradle index 2a319cad0c..aa03a26fd8 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -70,7 +70,7 @@ ext { dest metadataFile } def metadata = new XmlParser().parse(metadataFile) - def snapshotVersion = metadata.versioning.snapshotVersions[0].snapshotVersion[0].value[0].text() + def securitySnapshotVersion = metadata.versioning.snapshotVersions[0].snapshotVersion[0].value[0].text() return repo + "opensearch-security-${snapshotVersion}.zip" } From e68aedf8c8cbb140b5e74bd277f09c32f07b25af Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Wed, 9 Aug 2023 16:26:28 -0700 Subject: [PATCH 10/13] Typo fix. Signed-off-by: Yury-Fridlyand --- integ-test/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integ-test/build.gradle b/integ-test/build.gradle index aa03a26fd8..ae59e47771 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -72,7 +72,7 @@ ext { def metadata = new XmlParser().parse(metadataFile) def securitySnapshotVersion = metadata.versioning.snapshotVersions[0].snapshotVersion[0].value[0].text() - return repo + "opensearch-security-${snapshotVersion}.zip" + return repo + "opensearch-security-${securitySnapshotVersion}.zip" } } From e25e7af9177c19e9b7935d622f550f6e368c4302 Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Mon, 14 Aug 2023 17:54:34 -0700 Subject: [PATCH 11/13] Rework implementation. Signed-off-by: Yury-Fridlyand --- integ-test/build.gradle | 145 ++++++++++-------- .../sql/legacy/OpenSearchSQLRestTestCase.java | 61 ++++---- .../sql/ppl/CrossClusterSearchIT.java | 24 +-- 3 files changed, 128 insertions(+), 102 deletions(-) diff --git a/integ-test/build.gradle b/integ-test/build.gradle index ae59e47771..07e91ad62d 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -24,12 +24,12 @@ import org.opensearch.gradle.test.RestIntegTestTask import org.opensearch.gradle.testclusters.StandaloneRestIntegTestTask +import org.opensearch.gradle.testclusters.OpenSearchCluster +import groovy.xml.XmlParser import java.nio.file.Paths -import java.time.LocalDateTime import java.util.concurrent.Callable import java.util.stream.Collectors -import groovy.xml.XmlParser plugins { id "de.undercouch.download" version "5.3.0" @@ -74,6 +74,63 @@ ext { return repo + "opensearch-security-${securitySnapshotVersion}.zip" } + + File downloadedSecurityPlugin = null + + configureSecurityPlugin = { OpenSearchCluster cluster -> + + cluster.getNodes().forEach { node -> + node.getCredentials().add(Map.of('useradd', 'admin', '-p', 'admin')) + } + + var projectAbsPath = projectDir.getAbsolutePath() + + // add a check to avoid re-downloading multiple times during single test run + if (downloadedSecurityPlugin == null) { + downloadedSecurityPlugin = Paths.get(projectAbsPath, 'bin', 'opensearch-security-snapshot.zip').toFile() + download.run { + src getSecurityPluginDownloadLink() + dest downloadedSecurityPlugin + } + } + + // Config below including files are copied from security demo configuration + ['esnode.pem', 'esnode-key.pem', 'root-ca.pem'].forEach { file -> + File local = Paths.get(projectAbsPath, 'bin', file).toFile() + download.run { + src "https://raw.githubusercontent.com/opensearch-project/security/main/bwc-test/src/test/resources/security/" + file + dest local + overwrite false + } + cluster.extraConfigFile file, local + } + [ + 'plugins.security.ssl.transport.pemcert_filepath' : 'esnode.pem', + 'plugins.security.ssl.transport.pemkey_filepath' : 'esnode-key.pem', + 'plugins.security.ssl.transport.pemtrustedcas_filepath' : 'root-ca.pem', + 'plugins.security.ssl.transport.enforce_hostname_verification' : 'false', + // https is disabled : because `OpenSearchCluster` is hardcoded to validate cluster health by http + // refer how IT framework implemented in security plugin and reuse/copy to activate https + 'plugins.security.ssl.http.enabled' : 'false', + 'plugins.security.ssl.http.pemcert_filepath' : 'esnode.pem', + 'plugins.security.ssl.http.pemkey_filepath' : 'esnode-key.pem', + 'plugins.security.ssl.http.pemtrustedcas_filepath' : 'root-ca.pem', + 'plugins.security.allow_unsafe_democertificates' : 'true', + + 'plugins.security.allow_default_init_securityindex' : 'true', + //'plugins.security.authcz.admin_dn' : 'CN=kirk,OU=client,O=client,L=test,C=de', + 'plugins.security.authcz.admin_dn' : 'CN=admin,OU=SSL,O=Test,L=Test,C=DE', + 'plugins.security.audit.type' : 'internal_opensearch', + 'plugins.security.enable_snapshot_restore_privilege' : 'true', + 'plugins.security.check_snapshot_restore_write_privileges' : 'true', + 'plugins.security.restapi.roles_enabled' : '["all_access", "security_rest_api_access"]', + 'plugins.security.system_indices.enabled' : 'true' + ].forEach { name, value -> + cluster.setting name, value + } + + cluster.plugin provider((Callable) (() -> (RegularFile) (() -> downloadedSecurityPlugin))) + } } tasks.withType(licenseHeaders.class) { @@ -142,6 +199,7 @@ compileTestJava { testClusters.all { testDistribution = 'archive' + plugin ":opensearch-sql-plugin" // debug with command, ./gradlew opensearch-sql:run -DdebugJVM. --debug-jvm does not work with keystore. if (System.getProperty("debugJVM") != null) { @@ -149,66 +207,15 @@ testClusters.all { } } -testClusters.integTest { - plugin ":opensearch-sql-plugin" - setting "plugins.query.datasources.encryption.masterkey", "1234567812345678" -} - -File downloadedSecurityPlugin = null - testClusters { + integTest { + setting "plugins.query.datasources.encryption.masterkey", "1234567812345678" + } remoteCluster { - plugin ":opensearch-sql-plugin" } - integTestWithSecurity { // OpenSearchCluster - - getNodes().forEach { node -> - node.getCredentials().add(Map.of('useradd', 'admin', '-p', 'admin')) - } - - var projectAbsPath = projectDir.getAbsolutePath() - - // add a check to avoid re-downloading multiple times during single test run - if (downloadedSecurityPlugin == null) { - downloadedSecurityPlugin = Paths.get(projectAbsPath, 'bin', 'opensearch-security-snapshot.zip').toFile() - download.run { - src getSecurityPluginDownloadLink() - dest downloadedSecurityPlugin - } - } - - // Config below including files are copied from security demo configuration - ['esnode.pem', 'esnode-key.pem', 'root-ca.pem'].forEach { file -> - File local = Paths.get(projectAbsPath, 'bin', file).toFile() - download.run { - src "https://raw.githubusercontent.com/opensearch-project/security/main/bwc-test/src/test/resources/security/" + file - dest local - overwrite false - } - extraConfigFile file, local - } - setting 'plugins.security.ssl.transport.pemcert_filepath', 'esnode.pem' - setting 'plugins.security.ssl.transport.pemkey_filepath', 'esnode-key.pem' - setting 'plugins.security.ssl.transport.pemtrustedcas_filepath', 'root-ca.pem' - setting 'plugins.security.ssl.transport.enforce_hostname_verification', 'false' - // https is disabled, because `OpenSearchCluster` is hardcoded to validate cluster health by http - // refer how IT framework implemented in security plugin and reuse/copy to activate https - setting 'plugins.security.ssl.http.enabled', 'false' - setting 'plugins.security.ssl.http.pemcert_filepath', 'esnode.pem' - setting 'plugins.security.ssl.http.pemkey_filepath', 'esnode-key.pem' - setting 'plugins.security.ssl.http.pemtrustedcas_filepath', 'root-ca.pem' - setting 'plugins.security.allow_unsafe_democertificates', 'true' - - setting 'plugins.security.allow_default_init_securityindex', 'true' - setting 'plugins.security.authcz.admin_dn', 'CN=admin,OU=SSL,O=Test,L=Test,C=DE'//'CN=kirk,OU=client,O=client,L=test, C=de' - setting 'plugins.security.audit.type', 'internal_opensearch' - setting 'plugins.security.enable_snapshot_restore_privilege', 'true' - setting 'plugins.security.check_snapshot_restore_write_privileges', 'true' - setting 'plugins.security.restapi.roles_enabled', '["all_access", "security_rest_api_access"]' - setting 'plugins.security.system_indices.enabled', 'true' - - plugin ":opensearch-sql-plugin" - plugin provider((Callable) (() -> (RegularFile) (() -> downloadedSecurityPlugin))) + integTestWithSecurity { + } + anotherintegTestWithSecurity { } } @@ -290,6 +297,15 @@ task integJdbcTest(type: RestIntegTestTask) { task integTestWithSecurity(type: RestIntegTestTask) { useCluster testClusters.integTestWithSecurity + useCluster testClusters.anotherintegTestWithSecurity + + // Don't use `getClusters`: cluster order is important. IT framework adds/uses a cluster + // named as the task as default and uses it to init default REST client + systemProperty "cluster.names", "integTestWithSecurity,anotherintegTestWithSecurity" + + getClusters().forEach { cluster -> + configureSecurityPlugin(cluster) + } useJUnitPlatform() dependsOn ':opensearch-sql-plugin:bundlePlugin' @@ -311,6 +327,7 @@ task integTestWithSecurity(type: RestIntegTestTask) { doFirst { systemProperty 'cluster.debug', getDebug() getClusters().forEach { cluster -> + String allTransportSocketURI = cluster.nodes.stream().flatMap { node -> node.getAllTransportPortURI().stream() }.collect(Collectors.joining(",")) @@ -320,13 +337,11 @@ task integTestWithSecurity(type: RestIntegTestTask) { systemProperty "tests.rest.${cluster.name}.http_hosts", "${-> allHttpSocketURI}" systemProperty "tests.rest.${cluster.name}.transport_hosts", "${-> allTransportSocketURI}" - systemProperty "tests.rest.remoteCluster.http_hosts", "${-> allHttpSocketURI}" - systemProperty "tests.rest.remoteCluster.transport_hosts", "${-> allTransportSocketURI}" - - systemProperty "https", "false" - systemProperty "user", "admin" - systemProperty "password", "admin" } + + systemProperty "https", "false" + systemProperty "user", "admin" + systemProperty "password", "admin" } if (System.getProperty("test.debug") != null) { diff --git a/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java b/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java index cd1b4ff2ef..bd20ef5a5c 100644 --- a/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java +++ b/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java @@ -105,27 +105,25 @@ protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOE } // Modified from initClient in OpenSearchRestTestCase - public void initRemoteClient() throws IOException { - if (remoteClient == null) { - assert remoteAdminClient == null; - String cluster = getTestRestCluster(REMOTE_CLUSTER); - String[] stringUrls = cluster.split(","); - List hosts = new ArrayList<>(stringUrls.length); - for (String stringUrl : stringUrls) { - int portSeparator = stringUrl.lastIndexOf(':'); - if (portSeparator < 0) { - throw new IllegalArgumentException("Illegal cluster url [" + stringUrl + "]"); - } - String host = stringUrl.substring(0, portSeparator); - int port = Integer.valueOf(stringUrl.substring(portSeparator + 1)); - hosts.add(buildHttpHost(host, port)); + public void initRemoteClient(String clusterName) throws IOException { + remoteClient = remoteAdminClient = initClient(clusterName); + } + + public RestClient initClient(String clusterName) throws IOException { + String cluster = getTestRestCluster(clusterName); + String[] stringUrls = cluster.split(","); + List hosts = new ArrayList<>(stringUrls.length); + for (String stringUrl : stringUrls) { + int portSeparator = stringUrl.lastIndexOf(':'); + if (portSeparator < 0) { + throw new IllegalArgumentException("Illegal cluster url [" + stringUrl + "]"); } - final List clusterHosts = unmodifiableList(hosts); - remoteClient = buildClient(restClientSettings(), clusterHosts.toArray(new HttpHost[0])); - remoteAdminClient = buildClient(restAdminSettings(), clusterHosts.toArray(new HttpHost[0])); + String host = stringUrl.substring(0, portSeparator); + int port = Integer.valueOf(stringUrl.substring(portSeparator + 1)); + hosts.add(buildHttpHost(host, port)); } - assert remoteClient != null; - assert remoteAdminClient != null; + final List clusterHosts = unmodifiableList(hosts); + return buildClient(restClientSettings(), clusterHosts.toArray(new HttpHost[0])); } /** @@ -268,15 +266,26 @@ protected static void configureHttpsClient(RestClientBuilder builder, Settings s * Initialize rest client to remote cluster, * and create a connection to it from the coordinating cluster. */ - public void configureMultiClusters() throws IOException { - initRemoteClient(); + public void configureMultiClusters(String remote) + throws IOException { + initRemoteClient(remote); Request connectionRequest = new Request("PUT", "_cluster/settings"); - String connectionSetting = "{\"persistent\": {\"cluster\": {\"remote\": {\"" - + REMOTE_CLUSTER - + "\": {\"seeds\": [\"" - + getTestTransportCluster(REMOTE_CLUSTER).split(",")[0] - + "\"]}}}}}"; + String connectionSetting = String.format( + "{" + + "\"persistent\": {" + + " \"cluster\": {" + + " \"remote\": {" + + " \"%s\": {" + + " \"seeds\": [" + + " \"%s\"" + + " ]" + + " }" + + " }" + + " }" + + "}" + + "}", + remote, getTestTransportCluster(remote).split(",")[0]); connectionRequest.setJsonEntity(connectionSetting); adminClient().performRequest(connectionRequest); } diff --git a/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java b/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java index 3f4d4b6684..ce307e011c 100644 --- a/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java +++ b/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java @@ -17,16 +17,19 @@ import java.io.IOException; import lombok.SneakyThrows; import org.json.JSONObject; -import org.junit.Rule; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.junit.rules.ExpectedException; import org.opensearch.client.ResponseException; public class CrossClusterSearchIT extends PPLIntegTestCase { - @Rule - public ExpectedException exceptionRule = ExpectedException.none(); + // Set second cluster as a remote + static { + String[] clusterNames = System.getProperty("cluster.names", ",remoteCluster").split(","); + REMOTE_CLUSTER = clusterNames[1]; + } + + public static final String REMOTE_CLUSTER; private final static String TEST_INDEX_BANK_REMOTE = REMOTE_CLUSTER + ":" + TEST_INDEX_BANK; private final static String TEST_INDEX_DOG_REMOTE = REMOTE_CLUSTER + ":" + TEST_INDEX_DOG; @@ -46,12 +49,12 @@ public void initialize() { @Override protected void init() throws Exception { - configureMultiClusters(); + configureMultiClusters(REMOTE_CLUSTER); loadIndex(Index.BANK); loadIndex(Index.BANK, remoteClient()); loadIndex(Index.DOG); loadIndex(Index.DOG, remoteClient()); - loadIndex(Index.ACCOUNT, remoteClient()); + loadIndex(Index.ACCOUNT); } @Test @@ -68,11 +71,10 @@ public void testMatchAllCrossClusterSearchAllFields() throws IOException { @Test public void testCrossClusterSearchWithoutLocalFieldMappingShouldFail() throws IOException { - exceptionRule.expect(ResponseException.class); - exceptionRule.expectMessage("400 Bad Request"); - exceptionRule.expectMessage("IndexNotFoundException"); - - executeQuery(String.format("search source=%s", TEST_INDEX_ACCOUNT_REMOTE)); + var exception = assertThrows(ResponseException.class, () -> + executeQuery(String.format("search source=%s", TEST_INDEX_ACCOUNT_REMOTE))); + assertTrue(exception.getMessage().contains("IndexNotFoundException") + && exception.getMessage().contains("400 Bad Request")); } @Test From 42fd960ff1e5f4cf2a73de0f074c34ab97795246 Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Wed, 16 Aug 2023 13:32:38 -0700 Subject: [PATCH 12/13] Address PR review. Signed-off-by: Yury-Fridlyand --- integ-test/build.gradle | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/integ-test/build.gradle b/integ-test/build.gradle index 07e91ad62d..6559bca2f3 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -215,7 +215,7 @@ testClusters { } integTestWithSecurity { } - anotherintegTestWithSecurity { + remoteIntegTestWithSecurity { } } @@ -297,7 +297,7 @@ task integJdbcTest(type: RestIntegTestTask) { task integTestWithSecurity(type: RestIntegTestTask) { useCluster testClusters.integTestWithSecurity - useCluster testClusters.anotherintegTestWithSecurity + useCluster testClusters.remoteIntegTestWithSecurity // Don't use `getClusters`: cluster order is important. IT framework adds/uses a cluster // named as the task as default and uses it to init default REST client @@ -349,6 +349,7 @@ task integTestWithSecurity(type: RestIntegTestTask) { } // NOTE: this IT config discovers only junit5 (jupiter) tests. + // https://github.com/opensearch-project/sql/issues/1974 filter { includeTestsMatching 'org.opensearch.sql.ppl.CrossClusterSearchIT' } From a618be8f6c36631b3e96647932b96078dc0052b7 Mon Sep 17 00:00:00 2001 From: Yury-Fridlyand Date: Thu, 17 Aug 2023 15:35:15 -0700 Subject: [PATCH 13/13] Address PR feedback + some fixes. Signed-off-by: Yury-Fridlyand --- integ-test/build.gradle | 23 +++++++--- .../sql/legacy/OpenSearchSQLRestTestCase.java | 46 +++++++++++-------- .../sql/legacy/RestIntegTestCase.java | 2 +- .../sql/ppl/CrossClusterSearchIT.java | 12 +++-- 4 files changed, 52 insertions(+), 31 deletions(-) diff --git a/integ-test/build.gradle b/integ-test/build.gradle index 6559bca2f3..5b9c113012 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -80,7 +80,12 @@ ext { configureSecurityPlugin = { OpenSearchCluster cluster -> cluster.getNodes().forEach { node -> - node.getCredentials().add(Map.of('useradd', 'admin', '-p', 'admin')) + var creds = node.getCredentials() + if (creds.isEmpty()) { + creds.add(Map.of('useradd', 'admin', '-p', 'admin')) + } else { + creds.get(0).putAll(Map.of('useradd', 'admin', '-p', 'admin')) + } } var projectAbsPath = projectDir.getAbsolutePath() @@ -198,9 +203,6 @@ compileTestJava { } testClusters.all { - testDistribution = 'archive' - plugin ":opensearch-sql-plugin" - // debug with command, ./gradlew opensearch-sql:run -DdebugJVM. --debug-jvm does not work with keystore. if (System.getProperty("debugJVM") != null) { jvmArgs '-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005' @@ -209,13 +211,21 @@ testClusters.all { testClusters { integTest { + testDistribution = 'archive' + plugin ":opensearch-sql-plugin" setting "plugins.query.datasources.encryption.masterkey", "1234567812345678" } remoteCluster { + testDistribution = 'archive' + plugin ":opensearch-sql-plugin" } integTestWithSecurity { + testDistribution = 'archive' + plugin ":opensearch-sql-plugin" } remoteIntegTestWithSecurity { + testDistribution = 'archive' + plugin ":opensearch-sql-plugin" } } @@ -299,9 +309,8 @@ task integTestWithSecurity(type: RestIntegTestTask) { useCluster testClusters.integTestWithSecurity useCluster testClusters.remoteIntegTestWithSecurity - // Don't use `getClusters`: cluster order is important. IT framework adds/uses a cluster - // named as the task as default and uses it to init default REST client - systemProperty "cluster.names", "integTestWithSecurity,anotherintegTestWithSecurity" + systemProperty "cluster.names", + getClusters().stream().map(cluster -> cluster.getName()).collect(Collectors.joining(",")) getClusters().forEach { cluster -> configureSecurityPlugin(cluster) diff --git a/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java b/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java index bd20ef5a5c..8976e09084 100644 --- a/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java +++ b/integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java @@ -49,8 +49,22 @@ public abstract class OpenSearchSQLRestTestCase extends OpenSearchRestTestCase { private static final Logger LOG = LogManager.getLogger(); - public static final String REMOTE_CLUSTER = "remoteCluster"; public static final String MATCH_ALL_REMOTE_CLUSTER = "*"; + // Requires to insert cluster name and cluster transport address (host:port) + public static final String REMOTE_CLUSTER_SETTING = + "{" + + "\"persistent\": {" + + " \"cluster\": {" + + " \"remote\": {" + + " \"%s\": {" + + " \"seeds\": [" + + " \"%s\"" + + " ]" + + " }" + + " }" + + " }" + + "}" + + "}"; private static RestClient remoteClient; /** @@ -109,9 +123,9 @@ public void initRemoteClient(String clusterName) throws IOException { remoteClient = remoteAdminClient = initClient(clusterName); } + /** Configure http client for the given cluster. */ public RestClient initClient(String clusterName) throws IOException { - String cluster = getTestRestCluster(clusterName); - String[] stringUrls = cluster.split(","); + String[] stringUrls = getTestRestCluster(clusterName).split(","); List hosts = new ArrayList<>(stringUrls.length); for (String stringUrl : stringUrls) { int portSeparator = stringUrl.lastIndexOf(':'); @@ -119,11 +133,10 @@ public RestClient initClient(String clusterName) throws IOException { throw new IllegalArgumentException("Illegal cluster url [" + stringUrl + "]"); } String host = stringUrl.substring(0, portSeparator); - int port = Integer.valueOf(stringUrl.substring(portSeparator + 1)); + int port = Integer.parseInt(stringUrl.substring(portSeparator + 1)); hosts.add(buildHttpHost(host, port)); } - final List clusterHosts = unmodifiableList(hosts); - return buildClient(restClientSettings(), clusterHosts.toArray(new HttpHost[0])); + return buildClient(restClientSettings(), hosts.toArray(new HttpHost[0])); } /** @@ -199,6 +212,10 @@ protected static void wipeAllOpenSearchIndices(RestClient client) throws IOExcep } } + /** + * Configure authentication and pass builder to superclass to configure other stuff.
+ * By default, auth is configure when https is set only. + */ protected static void configureClient(RestClientBuilder builder, Settings settings) throws IOException { String userName = System.getProperty("user"); @@ -272,20 +289,9 @@ public void configureMultiClusters(String remote) Request connectionRequest = new Request("PUT", "_cluster/settings"); String connectionSetting = String.format( - "{" - + "\"persistent\": {" - + " \"cluster\": {" - + " \"remote\": {" - + " \"%s\": {" - + " \"seeds\": [" - + " \"%s\"" - + " ]" - + " }" - + " }" - + " }" - + "}" - + "}", - remote, getTestTransportCluster(remote).split(",")[0]); + REMOTE_CLUSTER_SETTING, + remote, + getTestTransportCluster(remote).split(",")[0]); connectionRequest.setJsonEntity(connectionSetting); adminClient().performRequest(connectionRequest); } diff --git a/integ-test/src/test/java/org/opensearch/sql/legacy/RestIntegTestCase.java b/integ-test/src/test/java/org/opensearch/sql/legacy/RestIntegTestCase.java index fcb60e061f..dd48d82114 100644 --- a/integ-test/src/test/java/org/opensearch/sql/legacy/RestIntegTestCase.java +++ b/integ-test/src/test/java/org/opensearch/sql/legacy/RestIntegTestCase.java @@ -44,9 +44,9 @@ import org.junit.Before; import org.opensearch.client.Request; import org.opensearch.client.Response; -import org.opensearch.core.xcontent.XContentBuilder; import org.opensearch.common.xcontent.XContentFactory; import org.opensearch.core.rest.RestStatus; +import org.opensearch.core.xcontent.XContentBuilder; /** * SQL plugin integration test base class (migrated from SQLIntegTestCase) diff --git a/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java b/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java index ce307e011c..9f3fc36bde 100644 --- a/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java +++ b/integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java @@ -23,10 +23,16 @@ public class CrossClusterSearchIT extends PPLIntegTestCase { - // Set second cluster as a remote static { - String[] clusterNames = System.getProperty("cluster.names", ",remoteCluster").split(","); - REMOTE_CLUSTER = clusterNames[1]; + // find a remote cluster + String[] clusterNames = System.getProperty("cluster.names").split(","); + var remote = "remoteCluster"; + for (var cluster : clusterNames) { + if (cluster.startsWith("remote")) { + remote = cluster; + } + } + REMOTE_CLUSTER = remote; } public static final String REMOTE_CLUSTER;