Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create gradle task/utility to wait-for-status with custom SSL trust #38072

Closed
tvernum opened this issue Jan 31, 2019 · 2 comments · Fixed by #40573
Closed

Create gradle task/utility to wait-for-status with custom SSL trust #38072

tvernum opened this issue Jan 31, 2019 · 2 comments · Fixed by #40573
Assignees
Labels
:Delivery/Build Build or test infrastructure :Security/TLS SSL/TLS, Certificates Team:Delivery Meta label for Delivery team

Comments

@tvernum
Copy link
Contributor

tvernum commented Jan 31, 2019

In x-pack/qa/smoke-test-plugins-ssl and (once #37600 is merged) x-pack/qa/reindex-tests-with-security we need to call

GET /_cluster/health?wait_for_nodes=${numNodes}&wait_for_status=yellow

on a node that uses TLS on the HTTP port, with a custom CA.

Normally we use ant.get to call the cluster health API, but that utility does not have any facilties for customising the trust manager for the URL.

The builds that need this currently implement their own handling with HttpsURLConnection, but we should centralise this.

The utility should support reading a CA from a PEM file (the JRE's CertificateFactory can do this) so that it is possible to run it on a FIPS enabled JVM.

@tvernum tvernum added the :Delivery/Build Build or test infrastructure label Jan 31, 2019
@tvernum tvernum self-assigned this Jan 31, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra

@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@tvernum tvernum added the :Security/TLS SSL/TLS, Certificates label Jan 31, 2019
tvernum added a commit that referenced this issue Apr 1, 2019
By default, in integ tests we wait for the standalone cluster to start
by using the ant Get task to retrieve the cluster health endpoint.
However the ant task has no facilities for customising the trusted
CAs for a https resource, so if the integ test cluster has TLS enabled
on the http interface (using a custom CA) we need a separate utility
for that purpose.

Resolves: #38072
tvernum added a commit to tvernum/elasticsearch that referenced this issue Apr 1, 2019
By default, in integ tests we wait for the standalone cluster to start
by using the ant Get task to retrieve the cluster health endpoint.
However the ant task has no facilities for customising the trusted
CAs for a https resource, so if the integ test cluster has TLS enabled
on the http interface (using a custom CA) we need a separate utility
for that purpose.

Resolves: elastic#38072
Backport of: elastic#40573
tvernum added a commit to tvernum/elasticsearch that referenced this issue Apr 8, 2019
By default, in integ tests we wait for the standalone cluster to start
by using the ant Get task to retrieve the cluster health endpoint.
However the ant task has no facilities for customising the trusted
CAs for a https resource, so if the integ test cluster has TLS enabled
on the http interface (using a custom CA) we need a separate utility
for that purpose.

Resolves: elastic#38072
Backport of: elastic#40573
gurkankaymak pushed a commit to gurkankaymak/elasticsearch that referenced this issue May 27, 2019
By default, in integ tests we wait for the standalone cluster to start
by using the ant Get task to retrieve the cluster health endpoint.
However the ant task has no facilities for customising the trusted
CAs for a https resource, so if the integ test cluster has TLS enabled
on the http interface (using a custom CA) we need a separate utility
for that purpose.

Resolves: elastic#38072
@mark-vieira mark-vieira added the Team:Delivery Meta label for Delivery team label Nov 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
:Delivery/Build Build or test infrastructure :Security/TLS SSL/TLS, Certificates Team:Delivery Meta label for Delivery team
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants