From 4d6dac33fe6e7b633f74703b579ce3dcfa23bca2 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Mon, 8 Mar 2021 22:05:16 +0100 Subject: [PATCH 01/48] Warn users if security is implicitly disabled Elasticsearch has security features implicitly disabled by default for Basic and Trial licenses, unless explicitly set in the configuration file. This may be good for onboarding, but it also lead to unintended insecure clusters. This change introduces clear warnings when security features are implicitly disabled. - a warning header in each REST response if security is implicitly disabled; - a log message during cluster boot. --- .../test/rest/ESRestTestCase.java | 7 ++- .../qa/basic-enable-security/build.gradle | 31 +++++++++++-- .../EnableSecurityOnBasicLicenseIT.java | 43 +++++++++++++++++-- ...UserProcessorWithSecurityNotEnabledIT.java | 14 ++++++ .../xpack/security/TlsWithBasicLicenseIT.java | 11 +++++ .../security/rest/SecurityRestFilter.java | 5 +++ .../support/SecurityStatusChangeListener.java | 6 +++ .../xpack/security/SecurityTests.java | 30 +++++++++++++ .../rest/SecurityRestFilterTests.java | 7 +++ 9 files changed, 145 insertions(+), 9 deletions(-) diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java index f319c2b3438a1..0519d8786304d 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java @@ -662,7 +662,12 @@ protected static void wipeAllIndices() throws IOException { final String warning = warnings.get(0); final boolean isSystemIndexWarning = warning.contains("this request accesses system indices") && warning.contains("but in a future major version, direct access to system indices will be prevented by default"); - return isSystemIndexWarning == false; + // We don't know is security is implicitly disabled, so just accept all security disabled warnings. + final boolean isSecurityDisabledWarning = warning.contains("Elasticsearch built-in security features are not " + + "enabled, your cluster may be accessible without authentication. Read " + + "https://www.elastic.co/guide/en/elasticsearch/reference/") + && warning.contains("/get-started-enable-security.html for more information"); + return isSystemIndexWarning == false && isSecurityDisabledWarning == false; }).build(); deleteRequest.setOptions(allowSystemIndexAccessWarningOptions); final Response response = adminClient().performRequest(deleteRequest); diff --git a/x-pack/plugin/security/qa/basic-enable-security/build.gradle b/x-pack/plugin/security/qa/basic-enable-security/build.gradle index 5d710ceffdc10..2be12a4707ffc 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/build.gradle +++ b/x-pack/plugin/security/qa/basic-enable-security/build.gradle @@ -11,7 +11,6 @@ dependencies { tasks.named("javaRestTest").configure { description = "Run tests against a cluster that doesn't have security" - systemProperty 'tests.has_security', 'false' } if (BuildParams.inFipsJvm){ @@ -25,11 +24,35 @@ testClusters { numberOfNodes = 2 setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'basic' - setting 'xpack.security.enabled', 'false' } } -tasks.register("javaRestTestWithSecurity", StandaloneRestIntegTestTask) { +tasks.register("javaRestTestWithSecurityDisabled", StandaloneRestIntegTestTask) { + description = "Run tests against a cluster that has security explicitly disabled" + dependsOn "javaRestTest" + useCluster testClusters.javaRestTest + systemProperty 'tests.has_security', 'false' + testClassesDirs = sourceSets.javaRestTest.output.classesDirs + classpath = sourceSets.javaRestTest.runtimeClasspath + onlyIf { + BuildParams.inFipsJvm == false + } + doFirst { + testClusters.javaRestTest { + // TODO Rene: revisit if using dedicated new cluster definitions would be more efficient. + // Reconfigure cluster to explicitly disable security + setting 'xpack.ml.enabled', 'false' + setting 'xpack.license.self_generated.type', 'basic' + setting 'xpack.security.enabled', 'false' + + restart() + } + nonInputProperties.systemProperty 'tests.rest.cluster', "${-> testClusters.javaRestTest.getAllHttpSocketURI().join(",")}" + } +} +tasks.named("check").configure { dependsOn("javaRestTestWithSecurityDisabled") } + +tasks.register("javaRestTestWithSecurityEnabled", StandaloneRestIntegTestTask) { description = "Run tests against a cluster that has security enabled" dependsOn "javaRestTest" useCluster testClusters.javaRestTest @@ -64,5 +87,5 @@ tasks.register("javaRestTestWithSecurity", StandaloneRestIntegTestTask) { nonInputProperties.systemProperty 'tests.rest.cluster', "${-> testClusters.javaRestTest.getAllHttpSocketURI().join(",")}" } } -tasks.named("check").configure { dependsOn("javaRestTestWithSecurity") } +tasks.named("check").configure { dependsOn("javaRestTestWithSecurityEnabled") } diff --git a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java index f43e2f7c75a2a..e8c7b73fc6010 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java @@ -6,10 +6,14 @@ */ package org.elasticsearch.xpack.security; +import org.apache.http.HttpHost; import org.apache.http.util.EntityUtils; +import org.elasticsearch.Version; import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; +import org.elasticsearch.client.RestClient; +import org.elasticsearch.client.RestClientBuilder; import org.elasticsearch.common.Booleans; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; @@ -17,10 +21,12 @@ import org.elasticsearch.test.rest.ESRestTestCase; import org.elasticsearch.test.rest.yaml.ObjectPath; import org.elasticsearch.xpack.security.authc.InternalRealms; +import org.hamcrest.Matchers; import org.junit.BeforeClass; import java.io.IOException; import java.util.Arrays; +import java.util.List; import java.util.Locale; import java.util.Map; @@ -33,11 +39,13 @@ public class EnableSecurityOnBasicLicenseIT extends ESRestTestCase { private static boolean securityEnabled; + private static boolean securityExplicitlySet; @BeforeClass public static void checkTestMode() { final String hasSecurity = System.getProperty("tests.has_security"); - securityEnabled = Booleans.parseBoolean(hasSecurity); + securityExplicitlySet = hasSecurity != null; + securityEnabled = hasSecurity == null ? false : Booleans.parseBoolean(hasSecurity); } @Override @@ -58,10 +66,20 @@ protected Settings restClientSettings() { @Override protected boolean preserveClusterUponCompletion() { - // If this is the first run (security not yet enabled), then don't clean up afterwards because we want to test restart with data + // If this is one of the first two runs (security not yet enabled), then don't clean up afterwards because we want to test restart + // with data return securityEnabled == false; } + @Override + protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { + RestClientBuilder builder = RestClient.builder(hosts); + configureClient(builder, settings); + builder.setStrictDeprecationMode(false); + return builder.build(); + } + + public void testSecuritySetup() throws Exception { logger.info("Security status: {}", securityEnabled); logger.info("Cluster:\n{}", getClusterInfo()); @@ -74,8 +92,9 @@ public void testSecuritySetup() throws Exception { } checkAllowedWrite("index_allowed"); - // Security runs second, and should see the doc from the first (non-security) run - final int expectedIndexCount = securityEnabled ? 2 : 1; + // Security runs third, and should see the docs from the first two (non-security) runs + // Security explicitly disabled runs second and should see the doc from the first (implicitly disabled) run + final int expectedIndexCount = securityEnabled ? 3 : securityExplicitlySet ? 2 : 1; checkIndexCount("index_allowed", expectedIndexCount); final String otherIndex = "index_" + randomAlphaOfLengthBetween(2, 6).toLowerCase(Locale.ROOT); @@ -84,6 +103,22 @@ public void testSecuritySetup() throws Exception { } else { checkAllowedWrite(otherIndex); } + checkSecurityDisabledWarning(); + } + + public void checkSecurityDisabledWarning() throws Exception { + final Request request = new Request("GET", "/_cat/indices"); + Response response = client().performRequest(request); + List warningHeaders = response.getWarnings(); + if (securityExplicitlySet) { + assertThat (warningHeaders, Matchers.empty()); + } else { + assertThat (warningHeaders, Matchers.hasSize(1)); + assertThat (warningHeaders.get(0), + containsString("Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + + "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/get-started-enable-security.html for more information")); + } } private String getClusterInfo() throws IOException { diff --git a/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java b/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java index f19fedf324e7f..dd9ac66df5f0a 100644 --- a/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java +++ b/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java @@ -6,12 +6,18 @@ */ package org.elasticsearch.xpack.security; +import org.apache.http.HttpHost; import org.apache.http.util.EntityUtils; import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; +import org.elasticsearch.client.RestClient; +import org.elasticsearch.client.RestClientBuilder; +import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.rest.ESRestTestCase; +import java.io.IOException; + import static org.hamcrest.Matchers.containsString; /** @@ -21,6 +27,14 @@ */ public class SetSecurityUserProcessorWithSecurityNotEnabledIT extends ESRestTestCase { + @Override + protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { + RestClientBuilder builder = RestClient.builder(hosts); + configureClient(builder, settings); + builder.setStrictDeprecationMode(false); + return builder.build(); + } + public void testDefineAndUseProcessor() throws Exception { final String pipeline = "pipeline-" + getTestName(); final String index = "index-" + getTestName(); diff --git a/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java b/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java index b08265a16965c..5c5c18c79cf90 100644 --- a/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java @@ -6,9 +6,12 @@ */ package org.elasticsearch.xpack.security; +import org.apache.http.HttpHost; import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; +import org.elasticsearch.client.RestClient; +import org.elasticsearch.client.RestClientBuilder; import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.rest.ESRestTestCase; @@ -34,6 +37,14 @@ public class TlsWithBasicLicenseIT extends ESRestTestCase { private static Path httpTrustStore; + @Override + protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { + RestClientBuilder builder = RestClient.builder(hosts); + configureClient(builder, settings); + builder.setStrictDeprecationMode(false); + return builder.build(); + } + @BeforeClass public static void findTrustStore() throws Exception { final URL resource = TlsWithBasicLicenseIT.class.getResource("/ssl/ca.p12"); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java index ed3d7e14fdc8b..e3c9adace6364 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java @@ -11,9 +11,11 @@ import org.apache.logging.log4j.message.ParameterizedMessage; import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ExceptionsHelper; +import org.elasticsearch.Version; import org.elasticsearch.action.ActionListener; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.RestApiVersion; +import org.elasticsearch.common.logging.HeaderWarning; import org.elasticsearch.common.util.Maps; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.MediaType; @@ -89,6 +91,9 @@ public void handleRequest(RestRequest request, RestChannel channel, NodeClient c e -> handleException("Secondary authentication", request, channel, e))); }, e -> handleException("Authentication", request, channel, e))); } else { + HeaderWarning.addWarning("Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + + "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/get-started-enable-security.html for more information"); restHandler.handleRequest(request, channel, client); } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java index b42fdf26891de..c278adf15cec7 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java @@ -9,6 +9,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.elasticsearch.Version; import org.elasticsearch.license.LicenseStateListener; import org.elasticsearch.license.XPackLicenseState; @@ -40,6 +41,11 @@ public synchronized void licenseStateChanged() { // old state might be null (undefined) so do Object comparison if (Objects.equals(newState, securityEnabled) == false) { logger.info("Active license is now [{}]; Security is {}", licenseState.getOperationMode(), newState ? "enabled" : "disabled"); + if (newState == false) { + logger.warn("Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + + "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + + Version.CURRENT.major + "." + Version.CURRENT.minor + "/get-started-enable-security.html for more information"); + } this.securityEnabled = newState; } } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java index 3b8d393d4f066..7dcd3101e62ba 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java @@ -6,6 +6,9 @@ */ package org.elasticsearch.xpack.security; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.Version; import org.elasticsearch.action.ActionListener; @@ -18,6 +21,7 @@ import org.elasticsearch.cluster.node.DiscoveryNodes; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Setting; @@ -34,6 +38,7 @@ import org.elasticsearch.rest.RestRequest; import org.elasticsearch.script.ScriptService; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.test.MockLogAppender; import org.elasticsearch.test.VersionUtils; import org.elasticsearch.test.rest.FakeRestRequest; import org.elasticsearch.threadpool.ThreadPool; @@ -56,6 +61,7 @@ import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail; import org.elasticsearch.xpack.security.authc.AuthenticationService; import org.elasticsearch.xpack.security.authc.Realms; +import org.elasticsearch.xpack.security.support.SecurityStatusChangeListener; import org.hamcrest.Matchers; import org.junit.After; @@ -514,6 +520,30 @@ public void testLicenseUpdateFailureHandlerUpdate() throws Exception { } } + public void testWarningLoggingSecurityImplicitlyDisabled() throws Exception { + MockLogAppender logAppender = new MockLogAppender(); + logAppender.start(); + SecurityStatusChangeListener listener = new SecurityStatusChangeListener(licenseState); + Logger listenerLogger = LogManager.getLogger(listener.getClass()); + Loggers.addAppender(listenerLogger, logAppender); + Collection components = createComponentsWithSecurityNotExplicitlyEnabled(Settings.EMPTY); + AuthenticationService service = findComponent(AuthenticationService.class, components); + assertNotNull(service); + logAppender.addExpectation(new MockLogAppender.SeenEventExpectation( + "built-in security features are not enabled", + listener.getClass().getName(), + Level.WARN, + "Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + + "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + + Version.CURRENT.major + "." + Version.CURRENT.minor + "/get-started-enable-security.html for more information" + )); + licenseState.update( + randomFrom(License.OperationMode.BASIC, License.OperationMode.TRIAL), + true, Long.MAX_VALUE, null); + + logAppender.assertAllExpectationsMatched(); + } + private void logAndFail(Exception e) { logger.error("unexpected exception", e); fail("unexpected exception " + e.getMessage()); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java index a57b0b8087c49..d363a5f885ba3 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java @@ -9,6 +9,7 @@ import com.nimbusds.jose.util.StandardCharset; import org.apache.lucene.util.SetOnce; import org.elasticsearch.ElasticsearchException; +import org.elasticsearch.Version; import org.elasticsearch.action.ActionListener; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.bytes.BytesArray; @@ -143,6 +144,9 @@ public void testProcessBasicLicense() throws Exception { RestRequest request = mock(RestRequest.class); when(licenseState.isSecurityEnabled()).thenReturn(false); filter.handleRequest(request, channel, null); + assertWarnings("Elasticsearch built-in security features are not enabled, your cluster may be accessible without authentication. " + + "Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + Version.CURRENT.minor + + "/get-started-enable-security.html for more information"); verify(restHandler).handleRequest(request, channel, null); verifyZeroInteractions(channel, authcService); } @@ -200,6 +204,9 @@ public void testProcessOptionsMethod() throws Exception { RestRequest request = mock(RestRequest.class); when(request.method()).thenReturn(RestRequest.Method.OPTIONS); filter.handleRequest(request, channel, null); + assertWarnings("Elasticsearch built-in security features are not enabled, your cluster may be accessible without authentication. " + + "Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + Version.CURRENT.minor + + "/get-started-enable-security.html for more information"); verify(restHandler).handleRequest(request, channel, null); verifyZeroInteractions(channel); verifyZeroInteractions(authcService); From e3716bf9451a5efeff525cd22c076867db103b9d Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Wed, 10 Mar 2021 21:27:30 +0100 Subject: [PATCH 02/48] Fixing tests --- .../test/rest/yaml/ESClientYamlSuiteTestCase.java | 13 +++++++++++++ .../test/rest/yaml/section/DoSection.java | 5 +++++ .../security/EnableSecurityOnBasicLicenseIT.java | 6 +++++- 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/ESClientYamlSuiteTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/ESClientYamlSuiteTestCase.java index 7e2219e126beb..bba4168b97113 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/ESClientYamlSuiteTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/ESClientYamlSuiteTestCase.java @@ -23,6 +23,7 @@ import org.elasticsearch.client.sniff.ElasticsearchNodesSniffer; import org.elasticsearch.common.Strings; import org.elasticsearch.common.collect.Tuple; +import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.NamedXContentRegistry; import org.elasticsearch.common.xcontent.support.XContentMapValues; import org.elasticsearch.core.internal.io.IOUtils; @@ -109,6 +110,18 @@ protected ESClientYamlSuiteTestCase(ClientYamlTestCandidate testCandidate) { private static boolean useDefaultNumberOfShards; + @Override + protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { + RestClientBuilder builder = RestClient.builder(hosts); + configureClient(builder, settings); + if (settings.hasValue("xpack.security.enabled")) { + builder.setStrictDeprecationMode(true); + } else { + builder.setStrictDeprecationMode(false); + } + return builder.build(); + } + @BeforeClass public static void initializeUseDefaultNumberOfShards() { useDefaultNumberOfShards = usually(); diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java index 29a009332a093..ea3f5bdc78ac0 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java @@ -81,6 +81,10 @@ * */ public class DoSection implements ExecutableSection { + private final String SecurityDisabledWarningHeaderPattern = "Elasticsearch built-in security features are not enabled, your cluster may " + + "be accessible without authentication. Read https:\\/\\/www\\.elastic\\.co\\/guide\\/en\\/elasticsearch\\/reference" + + "\\/(\\d+\\.)(\\d+)(\\.\\d+)?\\/get-started-enable-security\\.html for more information"; + public static DoSection parse(XContentParser parser) throws IOException { String currentFieldName = null; XContentParser.Token token; @@ -379,6 +383,7 @@ void checkWarningHeaders(final List warningHeaders, final Version master .map(HeaderWarning::escapeAndEncode) .collect(toCollection(LinkedHashSet::new)); final Set allowedRegex = new LinkedHashSet<>(allowedWarningHeadersRegex); + allowedRegex.add(Pattern.compile(SecurityDisabledWarningHeaderPattern)); final Set expected = expectedWarningHeaders.stream() .map(HeaderWarning::escapeAndEncode) .collect(toCollection(LinkedHashSet::new)); diff --git a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java index e8c7b73fc6010..3bd08f945131f 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java @@ -75,7 +75,11 @@ protected boolean preserveClusterUponCompletion() { protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { RestClientBuilder builder = RestClient.builder(hosts); configureClient(builder, settings); - builder.setStrictDeprecationMode(false); + if (settings.hasValue("xpack.security.enabled")) { + builder.setStrictDeprecationMode(true); + } else { + builder.setStrictDeprecationMode(false); + } return builder.build(); } From 16d858c768a624deed7a4811f44be850fe0cb251 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Tue, 16 Mar 2021 12:55:53 +0100 Subject: [PATCH 03/48] Warn users if security is implicitly disabled --- docs/build.gradle | 1 + .../org/elasticsearch/test/rest/yaml/section/DoSection.java | 5 ----- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/build.gradle b/docs/build.gradle index 99cf9a23d9992..8e041b07d7d34 100644 --- a/docs/build.gradle +++ b/docs/build.gradle @@ -47,6 +47,7 @@ testClusters.matching { it.name == "integTest"}.configureEach { keystorePassword 'keystore-password' } + setting 'xpack.security.enabled', 'false' // enable regexes in painless so our tests don't complain about example snippets that use them setting 'script.painless.regex.enabled', 'true' setting 'path.repo', "${buildDir}/cluster/shared/repo" diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java index ea3f5bdc78ac0..29a009332a093 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java @@ -81,10 +81,6 @@ * */ public class DoSection implements ExecutableSection { - private final String SecurityDisabledWarningHeaderPattern = "Elasticsearch built-in security features are not enabled, your cluster may " + - "be accessible without authentication. Read https:\\/\\/www\\.elastic\\.co\\/guide\\/en\\/elasticsearch\\/reference" + - "\\/(\\d+\\.)(\\d+)(\\.\\d+)?\\/get-started-enable-security\\.html for more information"; - public static DoSection parse(XContentParser parser) throws IOException { String currentFieldName = null; XContentParser.Token token; @@ -383,7 +379,6 @@ void checkWarningHeaders(final List warningHeaders, final Version master .map(HeaderWarning::escapeAndEncode) .collect(toCollection(LinkedHashSet::new)); final Set allowedRegex = new LinkedHashSet<>(allowedWarningHeadersRegex); - allowedRegex.add(Pattern.compile(SecurityDisabledWarningHeaderPattern)); final Set expected = expectedWarningHeaders.stream() .map(HeaderWarning::escapeAndEncode) .collect(toCollection(LinkedHashSet::new)); From 5afbbbadd732fa212ab6b924d5260fe44a6eac3c Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Tue, 16 Mar 2021 13:00:39 +0100 Subject: [PATCH 04/48] Revert "Warn users if security is implicitly disabled" This reverts commit 16d858c7 --- docs/build.gradle | 1 - .../org/elasticsearch/test/rest/yaml/section/DoSection.java | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/build.gradle b/docs/build.gradle index 8e041b07d7d34..99cf9a23d9992 100644 --- a/docs/build.gradle +++ b/docs/build.gradle @@ -47,7 +47,6 @@ testClusters.matching { it.name == "integTest"}.configureEach { keystorePassword 'keystore-password' } - setting 'xpack.security.enabled', 'false' // enable regexes in painless so our tests don't complain about example snippets that use them setting 'script.painless.regex.enabled', 'true' setting 'path.repo', "${buildDir}/cluster/shared/repo" diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java index 29a009332a093..ea3f5bdc78ac0 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java @@ -81,6 +81,10 @@ * */ public class DoSection implements ExecutableSection { + private final String SecurityDisabledWarningHeaderPattern = "Elasticsearch built-in security features are not enabled, your cluster may " + + "be accessible without authentication. Read https:\\/\\/www\\.elastic\\.co\\/guide\\/en\\/elasticsearch\\/reference" + + "\\/(\\d+\\.)(\\d+)(\\.\\d+)?\\/get-started-enable-security\\.html for more information"; + public static DoSection parse(XContentParser parser) throws IOException { String currentFieldName = null; XContentParser.Token token; @@ -379,6 +383,7 @@ void checkWarningHeaders(final List warningHeaders, final Version master .map(HeaderWarning::escapeAndEncode) .collect(toCollection(LinkedHashSet::new)); final Set allowedRegex = new LinkedHashSet<>(allowedWarningHeadersRegex); + allowedRegex.add(Pattern.compile(SecurityDisabledWarningHeaderPattern)); final Set expected = expectedWarningHeaders.stream() .map(HeaderWarning::escapeAndEncode) .collect(toCollection(LinkedHashSet::new)); From dc07f6ca178cf0781b861a547f75a11416a07f1d Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Tue, 16 Mar 2021 20:42:15 +0100 Subject: [PATCH 05/48] Fixing tests --- docs/build.gradle | 1 + docs/reference/rest-api/usage.asciidoc | 9 +-------- modules/reindex/build.gradle | 1 + .../elasticsearch/test/rest/yaml/section/DoSection.java | 5 ----- x-pack/plugin/data-streams/qa/rest/build.gradle | 1 + 5 files changed, 4 insertions(+), 13 deletions(-) diff --git a/docs/build.gradle b/docs/build.gradle index 99cf9a23d9992..25c88f46f75fe 100644 --- a/docs/build.gradle +++ b/docs/build.gradle @@ -49,6 +49,7 @@ testClusters.matching { it.name == "integTest"}.configureEach { // enable regexes in painless so our tests don't complain about example snippets that use them setting 'script.painless.regex.enabled', 'true' + setting 'xpack.security.enabled', 'false' setting 'path.repo', "${buildDir}/cluster/shared/repo" Closure configFile = { extraConfigFile it, file("src/test/cluster/config/$it") diff --git a/docs/reference/rest-api/usage.asciidoc b/docs/reference/rest-api/usage.asciidoc index 2776f0f3b2841..913a5ad8bfedb 100644 --- a/docs/reference/rest-api/usage.asciidoc +++ b/docs/reference/rest-api/usage.asciidoc @@ -48,14 +48,7 @@ GET /_xpack/usage { "security" : { "available" : true, - "enabled" : false, - "ssl" : { - "http" : { - "enabled" : false - }, - "transport" : { - "enabled" : false - } + "enabled" : false } }, "monitoring" : { diff --git a/modules/reindex/build.gradle b/modules/reindex/build.gradle index 6f456f533e2b8..bc0bb66fbec3b 100644 --- a/modules/reindex/build.gradle +++ b/modules/reindex/build.gradle @@ -30,6 +30,7 @@ testClusters.all { module ':modules:lang-painless' // Whitelist reindexing from the local node so we can test reindex-from-remote. setting 'reindex.remote.whitelist', '127.0.0.1:*' + setting 'xpack.security.enabled', 'false' } tasks.named("test").configure { diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java index ea3f5bdc78ac0..29a009332a093 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/section/DoSection.java @@ -81,10 +81,6 @@ * */ public class DoSection implements ExecutableSection { - private final String SecurityDisabledWarningHeaderPattern = "Elasticsearch built-in security features are not enabled, your cluster may " + - "be accessible without authentication. Read https:\\/\\/www\\.elastic\\.co\\/guide\\/en\\/elasticsearch\\/reference" + - "\\/(\\d+\\.)(\\d+)(\\.\\d+)?\\/get-started-enable-security\\.html for more information"; - public static DoSection parse(XContentParser parser) throws IOException { String currentFieldName = null; XContentParser.Token token; @@ -383,7 +379,6 @@ void checkWarningHeaders(final List warningHeaders, final Version master .map(HeaderWarning::escapeAndEncode) .collect(toCollection(LinkedHashSet::new)); final Set allowedRegex = new LinkedHashSet<>(allowedWarningHeadersRegex); - allowedRegex.add(Pattern.compile(SecurityDisabledWarningHeaderPattern)); final Set expected = expectedWarningHeaders.stream() .map(HeaderWarning::escapeAndEncode) .collect(toCollection(LinkedHashSet::new)); diff --git a/x-pack/plugin/data-streams/qa/rest/build.gradle b/x-pack/plugin/data-streams/qa/rest/build.gradle index 5f45157f1f6a5..ad9b53333079c 100644 --- a/x-pack/plugin/data-streams/qa/rest/build.gradle +++ b/x-pack/plugin/data-streams/qa/rest/build.gradle @@ -19,6 +19,7 @@ testClusters.all { setting 'xpack.license.self_generated.type', 'trial' // disable ILM history, since it disturbs tests using _all setting 'indices.lifecycle.history_index_enabled', 'false' + setting 'xpack.security.enabled', 'false' } if (BuildParams.inFipsJvm){ // These fail in CI but only when run as part of checkPart2 and not individually. From 5ccc2cf576edb2eb6113edffdca5516770cbf51e Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Tue, 16 Mar 2021 21:28:14 +0100 Subject: [PATCH 06/48] Fixing tests --- plugins/examples/painless-whitelist/build.gradle | 1 + qa/rolling-upgrade/build.gradle | 1 + rest-api-spec/build.gradle | 1 + x-pack/plugin/ccr/qa/restart/build.gradle | 1 + x-pack/plugin/eql/qa/correctness/build.gradle | 1 + 5 files changed, 5 insertions(+) diff --git a/plugins/examples/painless-whitelist/build.gradle b/plugins/examples/painless-whitelist/build.gradle index 9cd57a2d64799..4728919d271be 100644 --- a/plugins/examples/painless-whitelist/build.gradle +++ b/plugins/examples/painless-whitelist/build.gradle @@ -23,6 +23,7 @@ dependencies { testClusters.all { testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'false' } tasks.named("test").configure { enabled = false } diff --git a/qa/rolling-upgrade/build.gradle b/qa/rolling-upgrade/build.gradle index 2ee07f94ae3d7..e2b4abc5a7aae 100644 --- a/qa/rolling-upgrade/build.gradle +++ b/qa/rolling-upgrade/build.gradle @@ -38,6 +38,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.wireCompatible) { setting 'repositories.url.allowed_urls', 'http://snapshot.test*' setting 'path.repo', "${buildDir}/cluster/shared/repo/${baseName}" + setting 'xpack.security.enabled', 'false' } } diff --git a/rest-api-spec/build.gradle b/rest-api-spec/build.gradle index e52d80a89d230..c49fd39213c7e 100644 --- a/rest-api-spec/build.gradle +++ b/rest-api-spec/build.gradle @@ -20,6 +20,7 @@ artifacts { testClusters.all { module ':modules:mapper-extras' + setting 'xpack.security.enabled', 'false' } tasks.named("test").configure {enabled = false } diff --git a/x-pack/plugin/ccr/qa/restart/build.gradle b/x-pack/plugin/ccr/qa/restart/build.gradle index 82fdb18eaa5e2..944ffab44d058 100644 --- a/x-pack/plugin/ccr/qa/restart/build.gradle +++ b/x-pack/plugin/ccr/qa/restart/build.gradle @@ -12,6 +12,7 @@ testClusters { 'leader-cluster' { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'false' } 'follow-cluster' { diff --git a/x-pack/plugin/eql/qa/correctness/build.gradle b/x-pack/plugin/eql/qa/correctness/build.gradle index 37ef226933078..25a2d7121c026 100644 --- a/x-pack/plugin/eql/qa/correctness/build.gradle +++ b/x-pack/plugin/eql/qa/correctness/build.gradle @@ -40,6 +40,7 @@ testClusters { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' jvmArgs '-Xms4g', '-Xmx4g' + setting 'xpack.security.enabled', 'false' } runTask { jvmArgs '-Xms8g', '-Xmx8g' From 6ecef82d1ea4148d0657e77b9f3a0160496a8cb4 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Thu, 18 Mar 2021 20:50:10 +0100 Subject: [PATCH 07/48] Fixing tests --- docs/reference/rest-api/usage.asciidoc | 1 - qa/repository-multi-version/build.gradle | 3 ++- .../upgrades/MultiVersionRepositoryAccessIT.java | 5 +++++ rest-api-spec/build.gradle | 1 - .../java/org/elasticsearch/test/rest/ESRestTestCase.java | 2 +- .../elasticsearch/xpack/security/TlsWithBasicLicenseIT.java | 6 +++++- .../xpack/security/rest/SecurityRestFilter.java | 1 - 7 files changed, 13 insertions(+), 6 deletions(-) diff --git a/docs/reference/rest-api/usage.asciidoc b/docs/reference/rest-api/usage.asciidoc index 913a5ad8bfedb..2ea2b106e9f42 100644 --- a/docs/reference/rest-api/usage.asciidoc +++ b/docs/reference/rest-api/usage.asciidoc @@ -49,7 +49,6 @@ GET /_xpack/usage "security" : { "available" : true, "enabled" : false - } }, "monitoring" : { "available" : true, diff --git a/qa/repository-multi-version/build.gradle b/qa/repository-multi-version/build.gradle index 19f2d656c5f00..05bedf0bbd385 100644 --- a/qa/repository-multi-version/build.gradle +++ b/qa/repository-multi-version/build.gradle @@ -30,6 +30,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { version = v numberOfNodes = 2 setting 'path.repo', "${buildDir}/cluster/shared/repo/${baseName}" + setting 'xpack.security.enabled', 'false' } } @@ -76,4 +77,4 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { tasks.register(bwcTaskName(bwcVersion)) { dependsOn tasks.named("${baseName}#Step4NewClusterTest") } -} \ No newline at end of file +} diff --git a/qa/repository-multi-version/src/test/java/org/elasticsearch/upgrades/MultiVersionRepositoryAccessIT.java b/qa/repository-multi-version/src/test/java/org/elasticsearch/upgrades/MultiVersionRepositoryAccessIT.java index e7514cf605a17..a05b2908901ed 100644 --- a/qa/repository-multi-version/src/test/java/org/elasticsearch/upgrades/MultiVersionRepositoryAccessIT.java +++ b/qa/repository-multi-version/src/test/java/org/elasticsearch/upgrades/MultiVersionRepositoryAccessIT.java @@ -23,7 +23,9 @@ import org.elasticsearch.client.ResponseException; import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestHighLevelClient; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.DeprecationHandler; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.json.JsonXContent; @@ -34,8 +36,11 @@ import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; +import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.stream.Collectors; import static org.elasticsearch.repositories.blobstore.BlobStoreRepository.READONLY_SETTING_KEY; diff --git a/rest-api-spec/build.gradle b/rest-api-spec/build.gradle index c49fd39213c7e..e52d80a89d230 100644 --- a/rest-api-spec/build.gradle +++ b/rest-api-spec/build.gradle @@ -20,7 +20,6 @@ artifacts { testClusters.all { module ':modules:mapper-extras' - setting 'xpack.security.enabled', 'false' } tasks.named("test").configure {enabled = false } diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java index c1d84ec5b67b5..b9ef112d7bdf4 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java @@ -692,7 +692,7 @@ protected static void wipeAllIndices() throws IOException { final String warning = warnings.get(0); final boolean isSystemIndexWarning = warning.contains("this request accesses system indices") && warning.contains("but in a future major version, direct access to system indices will be prevented by default"); - // We don't know is security is implicitly disabled, so just accept all security disabled warnings. + // We don't know if security is implicitly disabled, so just accept all security disabled warnings. final boolean isSecurityDisabledWarning = warning.contains("Elasticsearch built-in security features are not " + "enabled, your cluster may be accessible without authentication. Read " + "https://www.elastic.co/guide/en/elasticsearch/reference/") diff --git a/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java b/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java index 5c5c18c79cf90..6692476b2a16b 100644 --- a/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java @@ -41,7 +41,11 @@ public class TlsWithBasicLicenseIT extends ESRestTestCase { protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { RestClientBuilder builder = RestClient.builder(hosts); configureClient(builder, settings); - builder.setStrictDeprecationMode(false); + if (settings.hasValue("xpack.security.enabled")) { + builder.setStrictDeprecationMode(true); + } else { + builder.setStrictDeprecationMode(false); + } return builder.build(); } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java index 1ff4f472c76eb..85bf3894f5b50 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java @@ -14,7 +14,6 @@ import org.elasticsearch.Version; import org.elasticsearch.action.ActionListener; import org.elasticsearch.client.node.NodeClient; -import org.elasticsearch.common.RestApiVersion; import org.elasticsearch.common.logging.HeaderWarning; import org.elasticsearch.common.util.Maps; import org.elasticsearch.common.util.concurrent.ThreadContext; From 0e8c3ae8a63cdc32dad0c372272a73220330a35a Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Sun, 21 Mar 2021 19:41:32 +0100 Subject: [PATCH 08/48] Fixing test --- modules/reindex/build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/reindex/build.gradle b/modules/reindex/build.gradle index bc0bb66fbec3b..6f456f533e2b8 100644 --- a/modules/reindex/build.gradle +++ b/modules/reindex/build.gradle @@ -30,7 +30,6 @@ testClusters.all { module ':modules:lang-painless' // Whitelist reindexing from the local node so we can test reindex-from-remote. setting 'reindex.remote.whitelist', '127.0.0.1:*' - setting 'xpack.security.enabled', 'false' } tasks.named("test").configure { From f8f68e0a8115fb7da6c4cafa66c2d607bbd6509f Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Mon, 22 Mar 2021 21:34:37 +0100 Subject: [PATCH 09/48] Fixing tests --- modules/reindex/build.gradle | 1 + qa/ccs-unavailable-clusters/build.gradle | 5 ++++ ...rossClusterSearchUnavailableClusterIT.java | 10 +++++++ qa/die-with-dignity/build.gradle | 2 ++ .../qa/die_with_dignity/DieWithDignityIT.java | 5 +++- .../MultiVersionRepositoryAccessIT.java | 5 ---- qa/verify-version-constants/build.gradle | 2 ++ .../VerifyVersionConstantsIT.java | 11 ++++++++ rest-api-spec/build.gradle | 1 + .../test/rest/ESRestTestCase.java | 26 +++++++++++++++++++ .../downgrade-to-basic-license/build.gradle | 6 ++++- .../xpack/ccr/FollowIndexIT.java | 11 ++++++++ .../plugin/ccr/qa/multi-cluster/build.gradle | 7 +++++ .../elasticsearch/xpack/ccr/AutoFollowIT.java | 11 ++++++++ .../org/elasticsearch/xpack/ccr/ChainIT.java | 10 +++++++ .../elasticsearch/xpack/ccr/XPackUsageIT.java | 11 ++++++++ x-pack/plugin/ccr/qa/restart/build.gradle | 5 +++- .../elasticsearch/xpack/ccr/RestartIT.java | 10 +++++++ .../enrich/EnrichAdvancedSecurityIT.java | 1 - .../xpack/security/PermissionsIT.java | 1 - .../qa/jdbc/security/JdbcConnectionIT.java | 2 -- .../xpack/sql/qa/security/RestSqlIT.java | 2 -- .../test/rest/CatIndicesWithSecurityIT.java | 1 - .../integration/TransformRestTestCase.java | 1 - ...CoreWithSecurityClientYamlTestSuiteIT.java | 2 -- ...sterSearchWithSecurityYamlTestSuiteIT.java | 2 -- ...ndexWithSecurityClientYamlTestSuiteIT.java | 2 -- .../xpack/security/ReindexWithSecurityIT.java | 1 - .../xpack/security/PermissionsIT.java | 2 -- 29 files changed, 131 insertions(+), 25 deletions(-) diff --git a/modules/reindex/build.gradle b/modules/reindex/build.gradle index 6f456f533e2b8..bc0bb66fbec3b 100644 --- a/modules/reindex/build.gradle +++ b/modules/reindex/build.gradle @@ -30,6 +30,7 @@ testClusters.all { module ':modules:lang-painless' // Whitelist reindexing from the local node so we can test reindex-from-remote. setting 'reindex.remote.whitelist', '127.0.0.1:*' + setting 'xpack.security.enabled', 'false' } tasks.named("test").configure { diff --git a/qa/ccs-unavailable-clusters/build.gradle b/qa/ccs-unavailable-clusters/build.gradle index 5f24db03aed06..6f6f08f4eb55f 100644 --- a/qa/ccs-unavailable-clusters/build.gradle +++ b/qa/ccs-unavailable-clusters/build.gradle @@ -10,6 +10,11 @@ apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.test-with-dependencies' +testClusters.matching { it.name == "integTest" }.configureEach { + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' +} + dependencies { testImplementation project(":client:rest-high-level") } diff --git a/qa/ccs-unavailable-clusters/src/test/java/org/elasticsearch/search/CrossClusterSearchUnavailableClusterIT.java b/qa/ccs-unavailable-clusters/src/test/java/org/elasticsearch/search/CrossClusterSearchUnavailableClusterIT.java index 6ee4423c7c661..00f0fb99f6c45 100644 --- a/qa/ccs-unavailable-clusters/src/test/java/org/elasticsearch/search/CrossClusterSearchUnavailableClusterIT.java +++ b/qa/ccs-unavailable-clusters/src/test/java/org/elasticsearch/search/CrossClusterSearchUnavailableClusterIT.java @@ -38,7 +38,9 @@ import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.node.DiscoveryNodes; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.search.aggregations.InternalAggregations; @@ -327,4 +329,12 @@ private HighLevelClient(RestClient restClient) { super(restClient, (client) -> {}, Collections.emptyList()); } } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/qa/die-with-dignity/build.gradle b/qa/die-with-dignity/build.gradle index dc536c69f5704..5d655968c43d9 100644 --- a/qa/die-with-dignity/build.gradle +++ b/qa/die-with-dignity/build.gradle @@ -21,6 +21,8 @@ tasks.named("javaRestTest").configure { testClusters.matching { it.name == "javaRestTest" }.configureEach { systemProperty "die.with.dignity.test", "whatever" + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } tasks.named("test").configure { diff --git a/qa/die-with-dignity/src/javaRestTest/java/org/elasticsearch/qa/die_with_dignity/DieWithDignityIT.java b/qa/die-with-dignity/src/javaRestTest/java/org/elasticsearch/qa/die_with_dignity/DieWithDignityIT.java index d65781238230e..a42d6b5a43e01 100644 --- a/qa/die-with-dignity/src/javaRestTest/java/org/elasticsearch/qa/die_with_dignity/DieWithDignityIT.java +++ b/qa/die-with-dignity/src/javaRestTest/java/org/elasticsearch/qa/die_with_dignity/DieWithDignityIT.java @@ -10,7 +10,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.common.io.PathUtils; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import java.io.BufferedReader; @@ -99,13 +101,14 @@ protected boolean preserveClusterUponCompletion() { @Override protected final Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); return Settings.builder() .put(super.restClientSettings()) + .put(ThreadContext.PREFIX + ".Authorization", token) // increase the timeout here to 90 seconds to handle long waits for a green // cluster health. the waits for green need to be longer than a minute to // account for delayed shards .put(ESRestTestCase.CLIENT_SOCKET_TIMEOUT, "1s") .build(); } - } diff --git a/qa/repository-multi-version/src/test/java/org/elasticsearch/upgrades/MultiVersionRepositoryAccessIT.java b/qa/repository-multi-version/src/test/java/org/elasticsearch/upgrades/MultiVersionRepositoryAccessIT.java index a05b2908901ed..e7514cf605a17 100644 --- a/qa/repository-multi-version/src/test/java/org/elasticsearch/upgrades/MultiVersionRepositoryAccessIT.java +++ b/qa/repository-multi-version/src/test/java/org/elasticsearch/upgrades/MultiVersionRepositoryAccessIT.java @@ -23,9 +23,7 @@ import org.elasticsearch.client.ResponseException; import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestHighLevelClient; -import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.DeprecationHandler; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.json.JsonXContent; @@ -36,11 +34,8 @@ import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; -import java.nio.charset.StandardCharsets; -import java.util.Base64; import java.util.List; import java.util.Map; -import java.util.Objects; import java.util.stream.Collectors; import static org.elasticsearch.repositories.blobstore.BlobStoreRepository.READONLY_SETTING_KEY; diff --git a/qa/verify-version-constants/build.gradle b/qa/verify-version-constants/build.gradle index 02d386c78152f..8f9f1527b3ebb 100644 --- a/qa/verify-version-constants/build.gradle +++ b/qa/verify-version-constants/build.gradle @@ -21,6 +21,8 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { testClusters { "${baseName}" { version = bwcVersion.toString() + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } } diff --git a/qa/verify-version-constants/src/test/java/org/elasticsearch/qa/verify_version_constants/VerifyVersionConstantsIT.java b/qa/verify-version-constants/src/test/java/org/elasticsearch/qa/verify_version_constants/VerifyVersionConstantsIT.java index a883a5e137c7c..ee9e922e66871 100644 --- a/qa/verify-version-constants/src/test/java/org/elasticsearch/qa/verify_version_constants/VerifyVersionConstantsIT.java +++ b/qa/verify-version-constants/src/test/java/org/elasticsearch/qa/verify_version_constants/VerifyVersionConstantsIT.java @@ -11,6 +11,9 @@ import org.elasticsearch.Version; import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import org.elasticsearch.test.rest.yaml.ObjectPath; @@ -42,4 +45,12 @@ public boolean preserveClusterUponCompletion() { */ return true; } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/rest-api-spec/build.gradle b/rest-api-spec/build.gradle index e52d80a89d230..c49fd39213c7e 100644 --- a/rest-api-spec/build.gradle +++ b/rest-api-spec/build.gradle @@ -20,6 +20,7 @@ artifacts { testClusters.all { module ':modules:mapper-extras' + setting 'xpack.security.enabled', 'false' } tasks.named("test").configure {enabled = false } diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java index fb63a217a64aa..fc104486cfa91 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java @@ -32,10 +32,12 @@ import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestClientBuilder; import org.elasticsearch.client.WarningsHandler; +import org.elasticsearch.common.CharArrays; import org.elasticsearch.common.CheckedRunnable; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.PathUtils; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.ssl.PemUtils; import org.elasticsearch.common.unit.TimeValue; @@ -66,6 +68,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.nio.CharBuffer; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; @@ -79,6 +82,7 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; +import java.util.Base64; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -298,6 +302,28 @@ public static RequestOptions expectWarnings(String... warnings) { return expectVersionSpecificWarnings(consumer -> consumer.current(warnings)); } + /** + * Construct a Basic auth header + * @param username user name + * @param passwd user password + */ + public static String basicAuthHeaderValue(String username, SecureString passwd) { + CharBuffer chars = CharBuffer.allocate(username.length() + passwd.length() + 1); + byte[] charBytes = null; + try { + chars.put(username).put(':').put(passwd.getChars()); + charBytes = CharArrays.toUtf8Bytes(chars.array()); + + String basicToken = Base64.getEncoder().encodeToString(charBytes); + return "Basic " + basicToken; + } finally { + Arrays.fill(chars.array(), (char) 0); + if (charBytes != null) { + Arrays.fill(charBytes, (byte) 0); + } + } + } + /** * Construct an HttpHost from the given host and port */ diff --git a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle index f0af6a5fe7f1d..19c8a3a8f9dc2 100644 --- a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle +++ b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle @@ -15,13 +15,17 @@ testClusters { "leader-cluster" { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } "follow-cluster" { testDistribution = 'DEFAULT' setting 'xpack.monitoring.collection.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' - setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters."leader-cluster".getAllTransportPortURI().join(",")}\"" } + setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters."leader-cluster".getAllTransportPortURI().join(",")}\"" + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser'} } } diff --git a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java index 51547abf627b4..049eeb37134a5 100644 --- a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java +++ b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java @@ -13,6 +13,9 @@ import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.logging.JsonLogLine; import org.elasticsearch.common.logging.JsonLogsStream; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.hamcrest.FeatureMatcher; import org.hamcrest.Matcher; import org.hamcrest.Matchers; @@ -125,4 +128,12 @@ private void createNewIndexAndIndexDocs(RestClient client, String index) throws } } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/ccr/qa/multi-cluster/build.gradle b/x-pack/plugin/ccr/qa/multi-cluster/build.gradle index 0028f679c528e..6d8959d003a7b 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/build.gradle +++ b/x-pack/plugin/ccr/qa/multi-cluster/build.gradle @@ -13,10 +13,14 @@ testClusters { 'leader-cluster' { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } 'middle-cluster' { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters.named('leader-cluster').get().getAllTransportPortURI().join(",")}\"" } } @@ -51,6 +55,9 @@ testClusters.matching { it.name == "follow-cluster" }.configureEach { testDistribution = 'DEFAULT' setting 'xpack.monitoring.collection.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters.named('leader-cluster').get().getAllTransportPortURI().join(",")}\"" } setting 'cluster.remote.middle_cluster.seeds', diff --git a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/AutoFollowIT.java b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/AutoFollowIT.java index 2637885334c3e..11289fe8b9ae2 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/AutoFollowIT.java +++ b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/AutoFollowIT.java @@ -12,6 +12,9 @@ import org.elasticsearch.client.ResponseException; import org.elasticsearch.client.RestClient; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.ObjectPath; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.json.JsonXContent; @@ -686,4 +689,12 @@ private void deleteDataStream(RestClient client, String name) throws IOException assertOK(client.performRequest(deleteTemplateRequest)); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/ChainIT.java b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/ChainIT.java index 1a1cf44b858fd..5b857ebadcaad 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/ChainIT.java +++ b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/ChainIT.java @@ -8,7 +8,9 @@ package org.elasticsearch.xpack.ccr; import org.elasticsearch.client.RestClient; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; public class ChainIT extends ESCCRRestTestCase { @@ -67,4 +69,12 @@ public void testFollowIndex() throws Exception { } } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/XPackUsageIT.java b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/XPackUsageIT.java index e41a95b957aaa..8493f0be79a44 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/XPackUsageIT.java +++ b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/XPackUsageIT.java @@ -8,6 +8,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.RestClient; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.ObjectPath; import java.io.IOException; @@ -91,4 +94,12 @@ private void assertIndexFollowingActive(String expectedFollowerIndex) throws IOE assertThat(followStatus, equalTo("active")); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/ccr/qa/restart/build.gradle b/x-pack/plugin/ccr/qa/restart/build.gradle index 944ffab44d058..f143a4fade14d 100644 --- a/x-pack/plugin/ccr/qa/restart/build.gradle +++ b/x-pack/plugin/ccr/qa/restart/build.gradle @@ -12,13 +12,16 @@ testClusters { 'leader-cluster' { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' - setting 'xpack.security.enabled', 'false' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } 'follow-cluster' { testDistribution = 'DEFAULT' setting 'xpack.monitoring.collection.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters.'leader-cluster'.getAllTransportPortURI().get(0)}\"" } nameCustomization = { 'follow' } diff --git a/x-pack/plugin/ccr/qa/restart/src/test/java/org/elasticsearch/xpack/ccr/RestartIT.java b/x-pack/plugin/ccr/qa/restart/src/test/java/org/elasticsearch/xpack/ccr/RestartIT.java index 858ffde006fa3..efb5e7a1a86cf 100644 --- a/x-pack/plugin/ccr/qa/restart/src/test/java/org/elasticsearch/xpack/ccr/RestartIT.java +++ b/x-pack/plugin/ccr/qa/restart/src/test/java/org/elasticsearch/xpack/ccr/RestartIT.java @@ -10,7 +10,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.RestClient; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import java.io.IOException; @@ -95,4 +97,12 @@ private void verifyFollower(final String index, final int numberOfDocuments, fin }); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/enrich/qa/rest-with-advanced-security/src/javaRestTest/java/org/elasticsearch/xpack/enrich/EnrichAdvancedSecurityIT.java b/x-pack/plugin/enrich/qa/rest-with-advanced-security/src/javaRestTest/java/org/elasticsearch/xpack/enrich/EnrichAdvancedSecurityIT.java index f2b4abd1274e8..f0cb70b80f4a6 100644 --- a/x-pack/plugin/enrich/qa/rest-with-advanced-security/src/javaRestTest/java/org/elasticsearch/xpack/enrich/EnrichAdvancedSecurityIT.java +++ b/x-pack/plugin/enrich/qa/rest-with-advanced-security/src/javaRestTest/java/org/elasticsearch/xpack/enrich/EnrichAdvancedSecurityIT.java @@ -6,7 +6,6 @@ */ package org.elasticsearch.xpack.enrich; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.nullValue; diff --git a/x-pack/plugin/ilm/qa/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java b/x-pack/plugin/ilm/qa/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java index a08c509530bd2..54d825c4320b9 100644 --- a/x-pack/plugin/ilm/qa/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java +++ b/x-pack/plugin/ilm/qa/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java @@ -62,7 +62,6 @@ import static java.util.Collections.singletonMap; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.greaterThanOrEqualTo; diff --git a/x-pack/plugin/sql/qa/jdbc/security/src/test/java/org/elasticsearch/xpack/sql/qa/jdbc/security/JdbcConnectionIT.java b/x-pack/plugin/sql/qa/jdbc/security/src/test/java/org/elasticsearch/xpack/sql/qa/jdbc/security/JdbcConnectionIT.java index 520c981c5eedd..b26b9bbeea297 100644 --- a/x-pack/plugin/sql/qa/jdbc/security/src/test/java/org/elasticsearch/xpack/sql/qa/jdbc/security/JdbcConnectionIT.java +++ b/x-pack/plugin/sql/qa/jdbc/security/src/test/java/org/elasticsearch/xpack/sql/qa/jdbc/security/JdbcConnectionIT.java @@ -19,8 +19,6 @@ import java.nio.file.Path; import java.util.Properties; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - public class JdbcConnectionIT extends ConnectionTestCase { static final boolean SSL_ENABLED = Booleans.parseBoolean(System.getProperty("tests.ssl.enabled"), false); diff --git a/x-pack/plugin/sql/qa/server/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/RestSqlIT.java b/x-pack/plugin/sql/qa/server/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/RestSqlIT.java index 936356a602b70..4937b8e4a72ea 100644 --- a/x-pack/plugin/sql/qa/server/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/RestSqlIT.java +++ b/x-pack/plugin/sql/qa/server/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/RestSqlIT.java @@ -18,8 +18,6 @@ import java.nio.file.Files; import java.nio.file.Path; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - /** * Integration test for the rest sql action. The one that speaks json directly to a * user rather than to the JDBC driver or CLI. diff --git a/x-pack/plugin/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java b/x-pack/plugin/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java index 4ca468619d1ac..c26804c9d1122 100644 --- a/x-pack/plugin/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java +++ b/x-pack/plugin/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java @@ -18,7 +18,6 @@ import java.io.IOException; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.matchesRegex; public class CatIndicesWithSecurityIT extends ESRestTestCase { diff --git a/x-pack/plugin/transform/qa/single-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/transform/integration/TransformRestTestCase.java b/x-pack/plugin/transform/qa/single-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/transform/integration/TransformRestTestCase.java index 2a9ea04d885c8..ae98a220aebb5 100644 --- a/x-pack/plugin/transform/qa/single-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/transform/integration/TransformRestTestCase.java +++ b/x-pack/plugin/transform/qa/single-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/transform/integration/TransformRestTestCase.java @@ -41,7 +41,6 @@ import java.util.stream.Collectors; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.equalTo; public abstract class TransformRestTestCase extends ESRestTestCase { diff --git a/x-pack/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/CoreWithSecurityClientYamlTestSuiteIT.java b/x-pack/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/CoreWithSecurityClientYamlTestSuiteIT.java index 14e9fbc250b0a..ea509a3c1fb04 100644 --- a/x-pack/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/CoreWithSecurityClientYamlTestSuiteIT.java +++ b/x-pack/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/CoreWithSecurityClientYamlTestSuiteIT.java @@ -19,8 +19,6 @@ import java.util.Objects; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - @TimeoutSuite(millis = 30 * TimeUnits.MINUTE) // as default timeout seems not enough on the jenkins VMs public class CoreWithSecurityClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { diff --git a/x-pack/qa/multi-cluster-search-security/src/test/java/org/elasticsearch/xpack/security/MultiClusterSearchWithSecurityYamlTestSuiteIT.java b/x-pack/qa/multi-cluster-search-security/src/test/java/org/elasticsearch/xpack/security/MultiClusterSearchWithSecurityYamlTestSuiteIT.java index 60070d8b9853c..e4f08aecb60bc 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/java/org/elasticsearch/xpack/security/MultiClusterSearchWithSecurityYamlTestSuiteIT.java +++ b/x-pack/qa/multi-cluster-search-security/src/test/java/org/elasticsearch/xpack/security/MultiClusterSearchWithSecurityYamlTestSuiteIT.java @@ -15,8 +15,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public class MultiClusterSearchWithSecurityYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String USER = "test_user"; diff --git a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java index c971306f4172f..46b0fbedd6af5 100644 --- a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java +++ b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java @@ -21,8 +21,6 @@ import java.net.URL; import java.nio.file.Path; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - public class ReindexWithSecurityClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String USER = "test_admin"; private static final String PASS = "x-pack-test-password"; diff --git a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityIT.java b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityIT.java index 2daff698ed4fe..b07cd7396c3c5 100644 --- a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityIT.java +++ b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityIT.java @@ -33,7 +33,6 @@ import java.nio.file.Path; import java.util.Collections; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; diff --git a/x-pack/qa/runtime-fields/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java b/x-pack/qa/runtime-fields/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java index c1dd3129aa76f..44718bd5cad0d 100644 --- a/x-pack/qa/runtime-fields/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java +++ b/x-pack/qa/runtime-fields/with-security/src/javaRestTest/java/org/elasticsearch/xpack/security/PermissionsIT.java @@ -29,8 +29,6 @@ import java.util.Collections; import java.util.Map; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - public class PermissionsIT extends ESRestTestCase { private static HighLevelClient highLevelClient; From 993a4b4746897c515d48d9c5914b0f61f86a50a1 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Mon, 22 Mar 2021 22:07:34 +0100 Subject: [PATCH 10/48] Fixing tests --- .../org/elasticsearch/xpack/ccr/FollowIndexSecurityIT.java | 1 - .../license/XPackCoreClientYamlTestSuiteIT.java | 2 -- .../ml/integration/ExplainDataFrameAnalyticsRestIT.java | 1 + .../elasticsearch/smoketest/SmokeTestWatcherTestSuiteIT.java | 1 - .../smoketest/SmokeTestWatcherWithSecurityIT.java | 1 - .../SmokeTestWatcherWithSecurityClientYamlTestSuiteIT.java | 3 --- .../multi_cluster/MultiClusterYamlTestSuiteIT.java | 2 -- .../multi_node/GlobalCheckpointSyncActionIT.java | 1 - .../src/test/java/org/elasticsearch/multi_node/RollupIT.java | 1 - .../org/elasticsearch/upgrades/AbstractUpgradeTestCase.java | 5 ++--- .../smoketest/XSmokeTestPluginsClientYamlTestSuiteIT.java | 2 -- .../SmokeTestSecurityWithMustacheClientYamlTestSuiteIT.java | 2 -- 12 files changed, 3 insertions(+), 19 deletions(-) diff --git a/x-pack/plugin/ccr/qa/security/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexSecurityIT.java b/x-pack/plugin/ccr/qa/security/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexSecurityIT.java index 463ee95765231..7943beca98f70 100644 --- a/x-pack/plugin/ccr/qa/security/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexSecurityIT.java +++ b/x-pack/plugin/ccr/qa/security/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexSecurityIT.java @@ -26,7 +26,6 @@ import java.util.Map; import java.util.concurrent.TimeUnit; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasSize; diff --git a/x-pack/plugin/core/src/yamlRestTest/java/org/elasticsearch/license/XPackCoreClientYamlTestSuiteIT.java b/x-pack/plugin/core/src/yamlRestTest/java/org/elasticsearch/license/XPackCoreClientYamlTestSuiteIT.java index ccaa10bd1d6c3..b010e6c1eb133 100644 --- a/x-pack/plugin/core/src/yamlRestTest/java/org/elasticsearch/license/XPackCoreClientYamlTestSuiteIT.java +++ b/x-pack/plugin/core/src/yamlRestTest/java/org/elasticsearch/license/XPackCoreClientYamlTestSuiteIT.java @@ -15,8 +15,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; - public class XPackCoreClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String BASIC_AUTH_VALUE = diff --git a/x-pack/plugin/ml/qa/native-multi-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/ml/integration/ExplainDataFrameAnalyticsRestIT.java b/x-pack/plugin/ml/qa/native-multi-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/ml/integration/ExplainDataFrameAnalyticsRestIT.java index 289054c610596..0168089a65f31 100644 --- a/x-pack/plugin/ml/qa/native-multi-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/ml/integration/ExplainDataFrameAnalyticsRestIT.java +++ b/x-pack/plugin/ml/qa/native-multi-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/ml/integration/ExplainDataFrameAnalyticsRestIT.java @@ -10,6 +10,7 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.RequestOptions; import org.elasticsearch.client.ResponseException; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.SecuritySettingsSourceField; diff --git a/x-pack/plugin/watcher/qa/rest/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherTestSuiteIT.java b/x-pack/plugin/watcher/qa/rest/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherTestSuiteIT.java index 5b8a493aadc3a..4686eb7d935ed 100644 --- a/x-pack/plugin/watcher/qa/rest/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherTestSuiteIT.java +++ b/x-pack/plugin/watcher/qa/rest/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherTestSuiteIT.java @@ -24,7 +24,6 @@ import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.rest.action.search.RestSearchAction.TOTAL_HITS_AS_INT_PARAM; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; import static org.hamcrest.Matchers.greaterThanOrEqualTo; import static org.hamcrest.Matchers.hasEntry; import static org.hamcrest.Matchers.is; diff --git a/x-pack/plugin/watcher/qa/with-security/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityIT.java b/x-pack/plugin/watcher/qa/with-security/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityIT.java index a02c3a0651f02..bf8f076f0eee8 100644 --- a/x-pack/plugin/watcher/qa/with-security/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityIT.java +++ b/x-pack/plugin/watcher/qa/with-security/src/javaRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityIT.java @@ -25,7 +25,6 @@ import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.rest.action.search.RestSearchAction.TOTAL_HITS_AS_INT_PARAM; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; import static org.hamcrest.Matchers.greaterThanOrEqualTo; import static org.hamcrest.Matchers.hasEntry; import static org.hamcrest.Matchers.is; diff --git a/x-pack/plugin/watcher/qa/with-security/src/yamlRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityClientYamlTestSuiteIT.java b/x-pack/plugin/watcher/qa/with-security/src/yamlRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityClientYamlTestSuiteIT.java index b9b21e5219c91..8f07ee64a63f8 100644 --- a/x-pack/plugin/watcher/qa/with-security/src/yamlRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityClientYamlTestSuiteIT.java +++ b/x-pack/plugin/watcher/qa/with-security/src/yamlRestTest/java/org/elasticsearch/smoketest/SmokeTestWatcherWithSecurityClientYamlTestSuiteIT.java @@ -13,12 +13,9 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; -import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; import org.elasticsearch.xpack.watcher.WatcherYamlSuiteTestCase; import org.junit.Before; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public class SmokeTestWatcherWithSecurityClientYamlTestSuiteIT extends WatcherYamlSuiteTestCase { private static final String TEST_ADMIN_USERNAME = "test_admin"; diff --git a/x-pack/qa/multi-cluster-tests-with-security/src/test/java/org/elasticsearch/multi_cluster/MultiClusterYamlTestSuiteIT.java b/x-pack/qa/multi-cluster-tests-with-security/src/test/java/org/elasticsearch/multi_cluster/MultiClusterYamlTestSuiteIT.java index ca7fd7d588e6e..c08e331f90997 100644 --- a/x-pack/qa/multi-cluster-tests-with-security/src/test/java/org/elasticsearch/multi_cluster/MultiClusterYamlTestSuiteIT.java +++ b/x-pack/qa/multi-cluster-tests-with-security/src/test/java/org/elasticsearch/multi_cluster/MultiClusterYamlTestSuiteIT.java @@ -18,8 +18,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - @TimeoutSuite(millis = 5 * TimeUnits.MINUTE) // to account for slow as hell VMs public class MultiClusterYamlTestSuiteIT extends ESClientYamlSuiteTestCase { diff --git a/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/GlobalCheckpointSyncActionIT.java b/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/GlobalCheckpointSyncActionIT.java index 5a950088a1af2..52b62687db27e 100644 --- a/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/GlobalCheckpointSyncActionIT.java +++ b/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/GlobalCheckpointSyncActionIT.java @@ -17,7 +17,6 @@ import org.elasticsearch.test.rest.yaml.ObjectPath; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; import static org.hamcrest.Matchers.equalTo; public class GlobalCheckpointSyncActionIT extends ESRestTestCase { diff --git a/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/RollupIT.java b/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/RollupIT.java index ff3fde8893d9d..b8d0aff1e783a 100644 --- a/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/RollupIT.java +++ b/x-pack/qa/multi-node/src/test/java/org/elasticsearch/multi_node/RollupIT.java @@ -33,7 +33,6 @@ import java.util.concurrent.TimeUnit; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.oneOf; diff --git a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/AbstractUpgradeTestCase.java b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/AbstractUpgradeTestCase.java index 72bc13e24b5e8..b78a73c9972f8 100644 --- a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/AbstractUpgradeTestCase.java +++ b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/AbstractUpgradeTestCase.java @@ -10,6 +10,7 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.common.io.Streams; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; @@ -21,12 +22,10 @@ import java.util.List; import java.util.stream.Collectors; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public abstract class AbstractUpgradeTestCase extends ESRestTestCase { private static final String BASIC_AUTH_VALUE = - basicAuthHeaderValue("test_user", SecuritySettingsSourceField.TEST_PASSWORD); + basicAuthHeaderValue("test_user", new SecureString(SecuritySettingsSourceField.TEST_PASSWORD)); protected static final Version UPGRADE_FROM_VERSION = Version.fromString(System.getProperty("tests.upgrade_from_version")); diff --git a/x-pack/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/XSmokeTestPluginsClientYamlTestSuiteIT.java b/x-pack/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/XSmokeTestPluginsClientYamlTestSuiteIT.java index acb0d01b7a085..5f43aec0f24a4 100644 --- a/x-pack/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/XSmokeTestPluginsClientYamlTestSuiteIT.java +++ b/x-pack/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/XSmokeTestPluginsClientYamlTestSuiteIT.java @@ -15,8 +15,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public class XSmokeTestPluginsClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String USER = "test_user"; diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/java/org/elasticsearch/smoketest/SmokeTestSecurityWithMustacheClientYamlTestSuiteIT.java b/x-pack/qa/smoke-test-security-with-mustache/src/test/java/org/elasticsearch/smoketest/SmokeTestSecurityWithMustacheClientYamlTestSuiteIT.java index 4aabba22733be..343cdb931542a 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/java/org/elasticsearch/smoketest/SmokeTestSecurityWithMustacheClientYamlTestSuiteIT.java +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/java/org/elasticsearch/smoketest/SmokeTestSecurityWithMustacheClientYamlTestSuiteIT.java @@ -15,8 +15,6 @@ import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; -import static org.elasticsearch.xpack.test.SecuritySettingsSourceField.basicAuthHeaderValue; - public class SmokeTestSecurityWithMustacheClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { private static final String BASIC_AUTH_VALUE = basicAuthHeaderValue("test_admin", From b37289c3280245a5e737413075af7f4a1121f166 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Tue, 23 Mar 2021 20:34:13 +0100 Subject: [PATCH 11/48] Fixing tests --- .../docker/test/DockerYmlTestSuiteIT.java | 22 -------------- qa/full-cluster-restart/build.gradle | 3 +- .../AbstractMultiClusterRemoteTestCase.java | 22 -------------- .../xpack/ccr/FollowIndexIT.java | 9 ++++++ .../ccr/qa/non-compliant-license/build.gradle | 4 +++ .../xpack/ccr/CcrMultiClusterLicenseIT.java | 10 +++++++ .../xpack/security/SecurityTests.java | 30 ------------------- .../SecurityStatusChangeListenerTests.java | 18 ++++++++++- 8 files changed, 42 insertions(+), 76 deletions(-) diff --git a/distribution/docker/src/test/java/org/elasticsearch/docker/test/DockerYmlTestSuiteIT.java b/distribution/docker/src/test/java/org/elasticsearch/docker/test/DockerYmlTestSuiteIT.java index d3e475278c3fe..7ce27f90d9b0e 100644 --- a/distribution/docker/src/test/java/org/elasticsearch/docker/test/DockerYmlTestSuiteIT.java +++ b/distribution/docker/src/test/java/org/elasticsearch/docker/test/DockerYmlTestSuiteIT.java @@ -10,7 +10,6 @@ import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.client.Request; -import org.elasticsearch.common.CharArrays; import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; @@ -24,11 +23,8 @@ import java.io.IOException; import java.net.URISyntaxException; -import java.nio.CharBuffer; import java.nio.file.Files; import java.nio.file.Path; -import java.util.Arrays; -import java.util.Base64; public class DockerYmlTestSuiteIT extends ESClientYamlSuiteTestCase { @@ -130,22 +126,4 @@ protected String getProtocol() { } return "https"; } - - private static String basicAuthHeaderValue(String username, SecureString passwd) { - CharBuffer chars = CharBuffer.allocate(username.length() + passwd.length() + 1); - byte[] charBytes = null; - try { - chars.put(username).put(':').put(passwd.getChars()); - charBytes = CharArrays.toUtf8Bytes(chars.array()); - - //TODO we still have passwords in Strings in headers. Maybe we can look into using a CharSequence? - String basicToken = Base64.getEncoder().encodeToString(charBytes); - return "Basic " + basicToken; - } finally { - Arrays.fill(chars.array(), (char) 0); - if (charBytes != null) { - Arrays.fill(charBytes, (byte) 0); - } - } - } } diff --git a/qa/full-cluster-restart/build.gradle b/qa/full-cluster-restart/build.gradle index a87fa65d31c49..ce45f33e5ec09 100644 --- a/qa/full-cluster-restart/build.gradle +++ b/qa/full-cluster-restart/build.gradle @@ -26,6 +26,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { // some tests rely on the translog not being flushed setting 'indices.memory.shard_inactive_time', '60m' setting 'path.repo', "${buildDir}/cluster/shared/repo/${baseName}" + setting 'xpack.security.enabled', 'false' } } @@ -59,4 +60,4 @@ for (Version bwcVersion : BuildParams.bwcVersions.indexCompatible) { tasks.register(bwcTaskName(bwcVersion)) { dependsOn tasks.named("${baseName}#upgradedClusterTest") } -} \ No newline at end of file +} diff --git a/qa/remote-clusters/src/test/java/org/elasticsearch/cluster/remote/test/AbstractMultiClusterRemoteTestCase.java b/qa/remote-clusters/src/test/java/org/elasticsearch/cluster/remote/test/AbstractMultiClusterRemoteTestCase.java index 77b8ed5c3ca08..0ae59b4f0416e 100644 --- a/qa/remote-clusters/src/test/java/org/elasticsearch/cluster/remote/test/AbstractMultiClusterRemoteTestCase.java +++ b/qa/remote-clusters/src/test/java/org/elasticsearch/cluster/remote/test/AbstractMultiClusterRemoteTestCase.java @@ -13,7 +13,6 @@ import org.elasticsearch.client.RequestOptions; import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestHighLevelClient; -import org.elasticsearch.common.CharArrays; import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; @@ -26,11 +25,8 @@ import java.io.IOException; import java.net.URISyntaxException; -import java.nio.CharBuffer; import java.nio.file.Files; import java.nio.file.Path; -import java.util.Arrays; -import java.util.Base64; import java.util.Collections; public abstract class AbstractMultiClusterRemoteTestCase extends ESRestTestCase { @@ -150,24 +146,6 @@ protected String getProtocol() { return "https"; } - private static String basicAuthHeaderValue(String username, SecureString passwd) { - CharBuffer chars = CharBuffer.allocate(username.length() + passwd.length() + 1); - byte[] charBytes = null; - try { - chars.put(username).put(':').put(passwd.getChars()); - charBytes = CharArrays.toUtf8Bytes(chars.array()); - - //TODO we still have passwords in Strings in headers. Maybe we can look into using a CharSequence? - String basicToken = Base64.getEncoder().encodeToString(charBytes); - return "Basic " + basicToken; - } finally { - Arrays.fill(chars.array(), (char) 0); - if (charBytes != null) { - Arrays.fill(charBytes, (byte) 0); - } - } - } - private String getProperty(String key) { String value = System.getProperty(key); if (value == null) { diff --git a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java index c958cb5c943fc..4a608790312eb 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java +++ b/x-pack/plugin/ccr/qa/multi-cluster/src/test/java/org/elasticsearch/xpack/ccr/FollowIndexIT.java @@ -11,7 +11,9 @@ import org.elasticsearch.client.ResponseException; import org.elasticsearch.client.RestClient; import org.elasticsearch.cluster.metadata.DataStream; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import java.io.IOException; import java.util.Map; @@ -190,4 +192,11 @@ public void testChangeBackingIndexNameFails() throws Exception { assertThat(failure.getMessage(), containsString("a backing index name in the local and remote cluster must remain the same")); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/x-pack/plugin/ccr/qa/non-compliant-license/build.gradle b/x-pack/plugin/ccr/qa/non-compliant-license/build.gradle index 6e4a8b1ef0114..a20fab7d86d65 100644 --- a/x-pack/plugin/ccr/qa/non-compliant-license/build.gradle +++ b/x-pack/plugin/ccr/qa/non-compliant-license/build.gradle @@ -12,11 +12,15 @@ dependencies { testClusters { 'leader-cluster' { testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } 'follow-cluster' { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters.'leader-cluster'.getAllTransportPortURI().join(",")}\"" } } diff --git a/x-pack/plugin/ccr/qa/non-compliant-license/src/test/java/org/elasticsearch/xpack/ccr/CcrMultiClusterLicenseIT.java b/x-pack/plugin/ccr/qa/non-compliant-license/src/test/java/org/elasticsearch/xpack/ccr/CcrMultiClusterLicenseIT.java index 88c490a30bfc4..7aa486d728737 100644 --- a/x-pack/plugin/ccr/qa/non-compliant-license/src/test/java/org/elasticsearch/xpack/ccr/CcrMultiClusterLicenseIT.java +++ b/x-pack/plugin/ccr/qa/non-compliant-license/src/test/java/org/elasticsearch/xpack/ccr/CcrMultiClusterLicenseIT.java @@ -9,6 +9,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.ResponseException; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import java.util.Locale; @@ -44,4 +47,11 @@ private static void assertNonCompliantLicense(final Request request, final Strin assertThat(e, hasToString(containsString(expected))); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java index 7dcd3101e62ba..3b8d393d4f066 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java @@ -6,9 +6,6 @@ */ package org.elasticsearch.xpack.security; -import org.apache.logging.log4j.Level; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.Version; import org.elasticsearch.action.ActionListener; @@ -21,7 +18,6 @@ import org.elasticsearch.cluster.node.DiscoveryNodes; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.Strings; -import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Setting; @@ -38,7 +34,6 @@ import org.elasticsearch.rest.RestRequest; import org.elasticsearch.script.ScriptService; import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.test.MockLogAppender; import org.elasticsearch.test.VersionUtils; import org.elasticsearch.test.rest.FakeRestRequest; import org.elasticsearch.threadpool.ThreadPool; @@ -61,7 +56,6 @@ import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail; import org.elasticsearch.xpack.security.authc.AuthenticationService; import org.elasticsearch.xpack.security.authc.Realms; -import org.elasticsearch.xpack.security.support.SecurityStatusChangeListener; import org.hamcrest.Matchers; import org.junit.After; @@ -520,30 +514,6 @@ public void testLicenseUpdateFailureHandlerUpdate() throws Exception { } } - public void testWarningLoggingSecurityImplicitlyDisabled() throws Exception { - MockLogAppender logAppender = new MockLogAppender(); - logAppender.start(); - SecurityStatusChangeListener listener = new SecurityStatusChangeListener(licenseState); - Logger listenerLogger = LogManager.getLogger(listener.getClass()); - Loggers.addAppender(listenerLogger, logAppender); - Collection components = createComponentsWithSecurityNotExplicitlyEnabled(Settings.EMPTY); - AuthenticationService service = findComponent(AuthenticationService.class, components); - assertNotNull(service); - logAppender.addExpectation(new MockLogAppender.SeenEventExpectation( - "built-in security features are not enabled", - listener.getClass().getName(), - Level.WARN, - "Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + - "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + - Version.CURRENT.major + "." + Version.CURRENT.minor + "/get-started-enable-security.html for more information" - )); - licenseState.update( - randomFrom(License.OperationMode.BASIC, License.OperationMode.TRIAL), - true, Long.MAX_VALUE, null); - - logAppender.assertAllExpectationsMatched(); - } - private void logAndFail(Exception e) { logger.error("unexpected exception", e); fail("unexpected exception " + e.getMessage()); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java index d28eecad35ec7..592c6c25189ec 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java @@ -10,6 +10,7 @@ import org.apache.logging.log4j.Level; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.elasticsearch.Version; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.license.License; import org.elasticsearch.license.XPackLicenseState; @@ -63,7 +64,14 @@ public void testSecurityEnabledToDisabled() { Level.INFO, "Active license is now [PLATINUM]; Security is enabled" )); - + logAppender.addExpectation(new MockLogAppender.SeenEventExpectation( + "built-in security features are not enabled", + listener.getClass().getName(), + Level.WARN, + "Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + + "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + + Version.CURRENT.major + "." + Version.CURRENT.minor + "/get-started-enable-security.html for more information" + )); when(licenseState.isSecurityEnabled()).thenReturn(false); when(licenseState.getOperationMode()).thenReturn(License.OperationMode.BASIC); logAppender.addExpectation(new MockLogAppender.SeenEventExpectation( @@ -87,6 +95,14 @@ public void testSecurityDisabledToEnabled() { Level.INFO, "Active license is now [TRIAL]; Security is disabled" )); + logAppender.addExpectation(new MockLogAppender.SeenEventExpectation( + "built-in security features are not enabled", + listener.getClass().getName(), + Level.WARN, + "Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + + "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + + Version.CURRENT.major + "." + Version.CURRENT.minor + "/get-started-enable-security.html for more information" + )); listener.licenseStateChanged(); when(licenseState.getOperationMode()).thenReturn(License.OperationMode.BASIC); From e2c6b045477404ad68cdb9c083f7e07af37e531d Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Tue, 23 Mar 2021 21:11:04 +0100 Subject: [PATCH 12/48] Fixing tests --- qa/mixed-cluster/build.gradle | 1 + rest-api-spec/build.gradle | 4 +++- x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle | 5 +++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/qa/mixed-cluster/build.gradle b/qa/mixed-cluster/build.gradle index 4995db6bbeb8a..c214efcb7ecbc 100644 --- a/qa/mixed-cluster/build.gradle +++ b/qa/mixed-cluster/build.gradle @@ -38,6 +38,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.wireCompatible) { numberOfNodes = 4 setting 'path.repo', "${buildDir}/cluster/shared/repo/${baseName}" + setting 'xpack.security.enabled', 'false' } } diff --git a/rest-api-spec/build.gradle b/rest-api-spec/build.gradle index a9f2eff906fb8..c0ffacb5c3fc5 100644 --- a/rest-api-spec/build.gradle +++ b/rest-api-spec/build.gradle @@ -19,8 +19,10 @@ artifacts { } testClusters.all { + "yamlRestCompatTest" { + setting 'xpack.security.enabled', 'false' + } module ':modules:mapper-extras' - setting 'xpack.security.enabled', 'false' } tasks.named("test").configure {enabled = false } diff --git a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle index 19c8a3a8f9dc2..355df38be0a30 100644 --- a/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle +++ b/x-pack/plugin/ccr/qa/downgrade-to-basic-license/build.gradle @@ -23,9 +23,10 @@ testClusters { testDistribution = 'DEFAULT' setting 'xpack.monitoring.collection.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' - setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters."leader-cluster".getAllTransportPortURI().join(",")}\"" setting 'xpack.security.enabled', 'true' - user username: 'admin', password: 'admin-password', role: 'superuser'} + user username: 'admin', password: 'admin-password', role: 'superuser' + setting 'cluster.remote.leader_cluster.seeds', { "\"${testClusters."leader-cluster".getAllTransportPortURI().join(",")}\"" + } } } From 32e42661a5907a7c2f2e3703d491d060eb2dd9bf Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Wed, 24 Mar 2021 17:37:20 +0100 Subject: [PATCH 13/48] Fixing tests --- rest-api-spec/build.gradle | 7 ++++--- x-pack/plugin/enrich/qa/common/build.gradle | 6 ++++++ x-pack/plugin/enrich/qa/rest/build.gradle | 1 + 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/rest-api-spec/build.gradle b/rest-api-spec/build.gradle index c0ffacb5c3fc5..497aa842ce8c9 100644 --- a/rest-api-spec/build.gradle +++ b/rest-api-spec/build.gradle @@ -19,12 +19,13 @@ artifacts { } testClusters.all { - "yamlRestCompatTest" { - setting 'xpack.security.enabled', 'false' - } module ':modules:mapper-extras' } +testClusters.matching { it.name == "yamlRestCompatTest" }.configureEach { + setting 'xpack.security.enabled', 'false' +} + tasks.named("test").configure {enabled = false } tasks.named("jarHell").configure {enabled = false } diff --git a/x-pack/plugin/enrich/qa/common/build.gradle b/x-pack/plugin/enrich/qa/common/build.gradle index 72cd4bba91169..d4f5f678196d1 100644 --- a/x-pack/plugin/enrich/qa/common/build.gradle +++ b/x-pack/plugin/enrich/qa/common/build.gradle @@ -4,3 +4,9 @@ tasks.named("test").configure { enabled = false } dependencies { api project(':test:framework') } + +testClusters.all { + testDistribution = 'DEFAULT' + setting 'xpack.license.self_generated.type', 'basic' + setting 'xpack.security.enabled', 'false' +} diff --git a/x-pack/plugin/enrich/qa/rest/build.gradle b/x-pack/plugin/enrich/qa/rest/build.gradle index 702e6a9896cf8..345d3c7618c41 100644 --- a/x-pack/plugin/enrich/qa/rest/build.gradle +++ b/x-pack/plugin/enrich/qa/rest/build.gradle @@ -24,4 +24,5 @@ testClusters.all { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' setting 'xpack.monitoring.collection.enabled', 'true' + setting 'xpack.security.enabled', 'false' } From 35d7afff0f2dcb6671003d3219959fe0e155a29b Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Wed, 24 Mar 2021 18:32:23 +0100 Subject: [PATCH 14/48] Fixing tests --- distribution/docker/build.gradle | 4 ++++ modules/reindex/build.gradle | 3 +++ 2 files changed, 7 insertions(+) diff --git a/distribution/docker/build.gradle b/distribution/docker/build.gradle index 2a4d3bd243377..22842a4a77e6a 100644 --- a/distribution/docker/build.gradle +++ b/distribution/docker/build.gradle @@ -28,6 +28,10 @@ dependencies { transformLog4jJar project(path: ":distribution:docker:transform-log4j-config", configuration: 'default') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + ext.expansions = { Architecture architecture, DockerBase base, boolean local -> String classifier if (local) { diff --git a/modules/reindex/build.gradle b/modules/reindex/build.gradle index bc0bb66fbec3b..822d81f408f9c 100644 --- a/modules/reindex/build.gradle +++ b/modules/reindex/build.gradle @@ -30,6 +30,9 @@ testClusters.all { module ':modules:lang-painless' // Whitelist reindexing from the local node so we can test reindex-from-remote. setting 'reindex.remote.whitelist', '127.0.0.1:*' +} + +testClusters.matching { it.name == "yamlRestCompatTest" }.configureEach { setting 'xpack.security.enabled', 'false' } From 51bbe2d91aba8b4c12fe2ff4071928e14b47451a Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Wed, 24 Mar 2021 20:45:36 +0100 Subject: [PATCH 15/48] Fixing tests --- .../elasticsearch/test/eql/BaseEqlSpecTestCase.java | 10 ++++++++++ x-pack/plugin/eql/qa/correctness/build.gradle | 3 ++- .../elasticsearch/xpack/eql/EsEQLCorrectnessIT.java | 10 ++++++++++ x-pack/plugin/eql/qa/rest/build.gradle | 2 ++ 4 files changed, 24 insertions(+), 1 deletion(-) diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java index 76165a2324e74..4370dc5f09289 100644 --- a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java +++ b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java @@ -23,8 +23,10 @@ import org.elasticsearch.client.eql.EqlSearchResponse.Sequence; import org.elasticsearch.common.Strings; import org.elasticsearch.common.logging.LoggerMessageFormat; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import org.junit.AfterClass; import org.junit.Before; @@ -244,4 +246,12 @@ protected String requestResultPosition() { protected TimeValue timeout() { return TimeValue.timeValueSeconds(10); } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/x-pack/plugin/eql/qa/correctness/build.gradle b/x-pack/plugin/eql/qa/correctness/build.gradle index 25a2d7121c026..9f3e2feea5b28 100644 --- a/x-pack/plugin/eql/qa/correctness/build.gradle +++ b/x-pack/plugin/eql/qa/correctness/build.gradle @@ -40,7 +40,8 @@ testClusters { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' jvmArgs '-Xms4g', '-Xmx4g' - setting 'xpack.security.enabled', 'false' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } runTask { jvmArgs '-Xms8g', '-Xmx8g' diff --git a/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java b/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java index b05d513eae76d..9e4f2d72a45fc 100644 --- a/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java +++ b/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java @@ -20,7 +20,9 @@ import org.elasticsearch.client.RestHighLevelClient; import org.elasticsearch.client.eql.EqlSearchRequest; import org.elasticsearch.client.eql.EqlSearchResponse; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.test.rest.ESRestTestCase; import org.junit.After; @@ -84,6 +86,14 @@ protected boolean preserveClusterUponCompletion() { return true; } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + @Override protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { RestClientBuilder builder = RestClient.builder(hosts); diff --git a/x-pack/plugin/eql/qa/rest/build.gradle b/x-pack/plugin/eql/qa/rest/build.gradle index b5247e7109909..bfa4b165d6cd3 100644 --- a/x-pack/plugin/eql/qa/rest/build.gradle +++ b/x-pack/plugin/eql/qa/rest/build.gradle @@ -23,4 +23,6 @@ testClusters.all { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' setting 'xpack.monitoring.collection.enabled', 'true' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } From 2ea433da16af5e672ebbba7de96c2e4884fe60ce Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Wed, 24 Mar 2021 21:03:49 +0100 Subject: [PATCH 16/48] Fixing tests --- qa/logging-config/build.gradle | 4 ++++ qa/smoke-test-http/build.gradle | 4 ++++ qa/smoke-test-ingest-disabled/build.gradle | 4 ++++ qa/unconfigured-node-name/build.gradle | 6 ++++-- test/framework/build.gradle | 4 ++++ 5 files changed, 20 insertions(+), 2 deletions(-) diff --git a/qa/logging-config/build.gradle b/qa/logging-config/build.gradle index 9efa4b8ab8ed9..e31834f68345d 100644 --- a/qa/logging-config/build.gradle +++ b/qa/logging-config/build.gradle @@ -11,6 +11,10 @@ apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' apply plugin: 'elasticsearch.standalone-test' +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + testClusters.matching { it.name == "integTest" }.configureEach { /** * Provide a custom log4j configuration where layout is an old style pattern and confirm that Elasticsearch diff --git a/qa/smoke-test-http/build.gradle b/qa/smoke-test-http/build.gradle index 4cd966f8dfad5..28008876e14dd 100644 --- a/qa/smoke-test-http/build.gradle +++ b/qa/smoke-test-http/build.gradle @@ -17,6 +17,10 @@ dependencies { testImplementation project(':plugins:transport-nio') // for http } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("integTest").configure { /* * We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each diff --git a/qa/smoke-test-ingest-disabled/build.gradle b/qa/smoke-test-ingest-disabled/build.gradle index 87b5916a89bfc..268254d3288cc 100644 --- a/qa/smoke-test-ingest-disabled/build.gradle +++ b/qa/smoke-test-ingest-disabled/build.gradle @@ -15,6 +15,10 @@ dependencies { testImplementation project(':modules:ingest-common') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + testClusters.matching { it.name == "integTest" }.configureEach { setting 'node.roles', '[data,master,remote_cluster_client]' } diff --git a/qa/unconfigured-node-name/build.gradle b/qa/unconfigured-node-name/build.gradle index a98aa7a0b9601..1196c6a88603f 100644 --- a/qa/unconfigured-node-name/build.gradle +++ b/qa/unconfigured-node-name/build.gradle @@ -1,5 +1,3 @@ -import org.elasticsearch.gradle.OS - /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License @@ -12,6 +10,10 @@ apply plugin: 'elasticsearch.testclusters' apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + testClusters.matching { it.name == "integTest" }.configureEach { nameCustomization = { null } } diff --git a/test/framework/build.gradle b/test/framework/build.gradle index f7b9528bdbb35..9db5657a952a1 100644 --- a/test/framework/build.gradle +++ b/test/framework/build.gradle @@ -36,6 +36,10 @@ dependencies { api "org.apache.commons:commons-lang3:${versions.commons_lang3}" } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("compileJava").configure { options.compilerArgs << '-Xlint:-cast,-unchecked' } // the main files are actually test files, so use the appropriate forbidden api sigs From ac0d50c2eba24ab6d4005ec980fb9fa3d38d8fb0 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Wed, 24 Mar 2021 21:15:19 +0100 Subject: [PATCH 17/48] Fixing tests --- .../java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java b/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java index 9e4f2d72a45fc..e846ff363b4f3 100644 --- a/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java +++ b/x-pack/plugin/eql/qa/correctness/src/javaRestTest/java/org/elasticsearch/xpack/eql/EsEQLCorrectnessIT.java @@ -89,9 +89,7 @@ protected boolean preserveClusterUponCompletion() { @Override protected Settings restClientSettings() { String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); - return Settings.builder() - .put(ThreadContext.PREFIX + ".Authorization", token) - .build(); + return Settings.builder().put(ThreadContext.PREFIX + ".Authorization", token).build(); } @Override From 052d7c2035b06c67b1c12d8397d4fdf0d09a13c8 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Wed, 24 Mar 2021 23:48:41 +0100 Subject: [PATCH 18/48] Fixing tests --- qa/multi-cluster-search/build.gradle | 2 ++ .../build.gradle | 4 ++++ .../java/org/elasticsearch/xpack/eql/EqlRestIT.java | 11 +++++++++++ 3 files changed, 17 insertions(+) diff --git a/qa/multi-cluster-search/build.gradle b/qa/multi-cluster-search/build.gradle index dcc8a89071ad0..e59ed02d63d72 100644 --- a/qa/multi-cluster-search/build.gradle +++ b/qa/multi-cluster-search/build.gradle @@ -25,6 +25,7 @@ testClusters { 'remote-cluster' { numberOfNodes = 2 setting 'node.roles', '[data,ingest,master]' + setting 'xpack.security.enabled', 'false' } } @@ -38,6 +39,7 @@ testClusters.matching { it.name == "mixedClusterTest"}.configureEach { setting 'cluster.remote.my_remote_cluster.seeds', { "\"${testClusters.'remote-cluster'.getAllTransportPortURI().get(0)}\"" } setting 'cluster.remote.connections_per_cluster', '1' + setting 'xpack.security.enabled', 'false' } tasks.register("integTest") { diff --git a/qa/smoke-test-ingest-with-all-dependencies/build.gradle b/qa/smoke-test-ingest-with-all-dependencies/build.gradle index c31b31e411195..b7a8df8cc2e15 100644 --- a/qa/smoke-test-ingest-with-all-dependencies/build.gradle +++ b/qa/smoke-test-ingest-with-all-dependencies/build.gradle @@ -19,6 +19,10 @@ dependencies { testImplementation project(':modules:reindex') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("testingConventions").configure { naming { IT { diff --git a/x-pack/plugin/eql/qa/rest/src/javaRestTest/java/org/elasticsearch/xpack/eql/EqlRestIT.java b/x-pack/plugin/eql/qa/rest/src/javaRestTest/java/org/elasticsearch/xpack/eql/EqlRestIT.java index 14150a830dccd..63158dcc501d9 100644 --- a/x-pack/plugin/eql/qa/rest/src/javaRestTest/java/org/elasticsearch/xpack/eql/EqlRestIT.java +++ b/x-pack/plugin/eql/qa/rest/src/javaRestTest/java/org/elasticsearch/xpack/eql/EqlRestIT.java @@ -7,7 +7,18 @@ package org.elasticsearch.xpack.eql; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.eql.EqlRestTestCase; public class EqlRestIT extends EqlRestTestCase { + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } From 44498fb76adc297614f6d17bb86f3ee1eb3133b9 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Thu, 25 Mar 2021 10:11:19 +0100 Subject: [PATCH 19/48] Fixing tests --- qa/smoke-test-multinode/build.gradle | 4 ++++ x-pack/plugin/eql/qa/rest/build.gradle | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/qa/smoke-test-multinode/build.gradle b/qa/smoke-test-multinode/build.gradle index 5e1a97e3a1d54..5dc166c66bf8a 100644 --- a/qa/smoke-test-multinode/build.gradle +++ b/qa/smoke-test-multinode/build.gradle @@ -23,6 +23,10 @@ testClusters.matching { it.name == "integTest" }.configureEach { setting 'path.repo', repo.absolutePath } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("integTest").configure { doFirst { project.delete(repo) diff --git a/x-pack/plugin/eql/qa/rest/build.gradle b/x-pack/plugin/eql/qa/rest/build.gradle index bfa4b165d6cd3..13e9aeefc5ea9 100644 --- a/x-pack/plugin/eql/qa/rest/build.gradle +++ b/x-pack/plugin/eql/qa/rest/build.gradle @@ -23,6 +23,13 @@ testClusters.all { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' setting 'xpack.monitoring.collection.enabled', 'true' +} + +testClusters.matching { it.name == "yamlRestTest" }.configureEach { + setting 'xpack.security.enabled', 'false' +} + +testClusters.matching { it.name == "javaRestTest" }.configureEach { setting 'xpack.security.enabled', 'true' user username: 'admin', password: 'admin-password', role: 'superuser' } From 3a17b7be1d07676d14031d45db01d789b34b034c Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Thu, 25 Mar 2021 10:41:12 +0100 Subject: [PATCH 20/48] Fixing tests --- .../test/eql/EqlRestValidationTestCase.java | 10 ++++++++++ .../test/eql/stats/EqlUsageRestTestCase.java | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java index 2bb6ca3cfa2d4..99c3203c3b934 100644 --- a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java +++ b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java @@ -11,7 +11,9 @@ import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.test.rest.ESRestTestCase; @@ -112,4 +114,12 @@ private void assertValidRequestOnIndices(String[] indices, String reqParameter) assertOK(response); } } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/stats/EqlUsageRestTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/stats/EqlUsageRestTestCase.java index 0d55045c27dd3..8c3d627ef4125 100644 --- a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/stats/EqlUsageRestTestCase.java +++ b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/stats/EqlUsageRestTestCase.java @@ -9,6 +9,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.RestHighLevelClient; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.XContentHelper; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.test.eql.DataLoader; @@ -373,4 +376,12 @@ private RestHighLevelClient highLevelClient() { } return highLevelClient; } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } From e5c1bd9d0b44e184ae7d8adc832894cccd3aa973 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Thu, 25 Mar 2021 18:50:24 +0100 Subject: [PATCH 21/48] Fixing tests --- qa/smoke-test-plugins/build.gradle | 1 + .../org/elasticsearch/test/eql/BaseEqlSpecTestCase.java | 8 -------- .../elasticsearch/test/eql/EqlRestValidationTestCase.java | 8 -------- x-pack/plugin/eql/qa/rest/build.gradle | 8 -------- 4 files changed, 1 insertion(+), 24 deletions(-) diff --git a/qa/smoke-test-plugins/build.gradle b/qa/smoke-test-plugins/build.gradle index 740e913189289..67a54372e67e8 100644 --- a/qa/smoke-test-plugins/build.gradle +++ b/qa/smoke-test-plugins/build.gradle @@ -27,6 +27,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { pluginPaths.each { pluginPath -> plugin pluginPath } + setting 'xpack.security.enabled', 'false' } ext.expansions = [ diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java index 4370dc5f09289..ce040282c51f0 100644 --- a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java +++ b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java @@ -246,12 +246,4 @@ protected String requestResultPosition() { protected TimeValue timeout() { return TimeValue.timeValueSeconds(10); } - - @Override - protected Settings restClientSettings() { - String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); - return Settings.builder() - .put(ThreadContext.PREFIX + ".Authorization", token) - .build(); - } } diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java index 99c3203c3b934..b8704fcf7655e 100644 --- a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java +++ b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java @@ -114,12 +114,4 @@ private void assertValidRequestOnIndices(String[] indices, String reqParameter) assertOK(response); } } - - @Override - protected Settings restClientSettings() { - String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); - return Settings.builder() - .put(ThreadContext.PREFIX + ".Authorization", token) - .build(); - } } diff --git a/x-pack/plugin/eql/qa/rest/build.gradle b/x-pack/plugin/eql/qa/rest/build.gradle index 13e9aeefc5ea9..24d6cf8dbc445 100644 --- a/x-pack/plugin/eql/qa/rest/build.gradle +++ b/x-pack/plugin/eql/qa/rest/build.gradle @@ -23,13 +23,5 @@ testClusters.all { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' setting 'xpack.monitoring.collection.enabled', 'true' -} - -testClusters.matching { it.name == "yamlRestTest" }.configureEach { setting 'xpack.security.enabled', 'false' } - -testClusters.matching { it.name == "javaRestTest" }.configureEach { - setting 'xpack.security.enabled', 'true' - user username: 'admin', password: 'admin-password', role: 'superuser' -} From 5765140c732468392fdfb3e6fdbc9f7dd72ea7d8 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Thu, 25 Mar 2021 20:16:51 +0100 Subject: [PATCH 22/48] Fixing tests --- .../ingest-geoip/qa/file-based-update/build.gradle | 2 ++ .../elasticsearch/ingest/geoip/UpdateDatabasesIT.java | 11 +++++++++++ .../elasticsearch/test/eql/BaseEqlSpecTestCase.java | 2 -- .../test/eql/EqlRestValidationTestCase.java | 2 -- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/modules/ingest-geoip/qa/file-based-update/build.gradle b/modules/ingest-geoip/qa/file-based-update/build.gradle index 4f2ed2e30a54f..507715e703b23 100644 --- a/modules/ingest-geoip/qa/file-based-update/build.gradle +++ b/modules/ingest-geoip/qa/file-based-update/build.gradle @@ -12,6 +12,8 @@ apply plugin: 'elasticsearch.rest-test' testClusters.all { testDistribution = 'DEFAULT' setting 'resource.reload.interval.high', '100ms' + setting 'xpack.security.enabled', 'true' + user username: 'admin', password: 'admin-password', role: 'superuser' } tasks.named("integTest").configure { diff --git a/modules/ingest-geoip/qa/file-based-update/src/test/java/org/elasticsearch/ingest/geoip/UpdateDatabasesIT.java b/modules/ingest-geoip/qa/file-based-update/src/test/java/org/elasticsearch/ingest/geoip/UpdateDatabasesIT.java index 9179fe7010237..918266ff78df7 100644 --- a/modules/ingest-geoip/qa/file-based-update/src/test/java/org/elasticsearch/ingest/geoip/UpdateDatabasesIT.java +++ b/modules/ingest-geoip/qa/file-based-update/src/test/java/org/elasticsearch/ingest/geoip/UpdateDatabasesIT.java @@ -11,6 +11,9 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.common.io.PathUtils; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.ObjectPath; import org.elasticsearch.common.xcontent.XContentHelper; import org.elasticsearch.common.xcontent.json.JsonXContent; @@ -53,4 +56,12 @@ private static Map toMap(Response response) throws IOException { return XContentHelper.convertToMap(JsonXContent.jsonXContent, EntityUtils.toString(response.getEntity()), false); } + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } + } diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java index ce040282c51f0..76165a2324e74 100644 --- a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java +++ b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java @@ -23,10 +23,8 @@ import org.elasticsearch.client.eql.EqlSearchResponse.Sequence; import org.elasticsearch.common.Strings; import org.elasticsearch.common.logging.LoggerMessageFormat; -import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import org.junit.AfterClass; import org.junit.Before; diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java index b8704fcf7655e..2bb6ca3cfa2d4 100644 --- a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java +++ b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlRestValidationTestCase.java @@ -11,9 +11,7 @@ import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; import org.elasticsearch.common.Strings; -import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.test.rest.ESRestTestCase; From 24e501366324024d59b9f53f6198e8bee475c1c2 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Thu, 25 Mar 2021 22:07:55 +0100 Subject: [PATCH 23/48] Fixing tests --- x-pack/plugin/repositories-metering-api/qa/azure/build.gradle | 4 ++++ x-pack/plugin/searchable-snapshots/qa/azure/build.gradle | 1 + 2 files changed, 5 insertions(+) diff --git a/x-pack/plugin/repositories-metering-api/qa/azure/build.gradle b/x-pack/plugin/repositories-metering-api/qa/azure/build.gradle index 8702d73b9c0df..7ef9ff04235d9 100644 --- a/x-pack/plugin/repositories-metering-api/qa/azure/build.gradle +++ b/x-pack/plugin/repositories-metering-api/qa/azure/build.gradle @@ -49,6 +49,10 @@ if (useFixture) { testFixtures.useFixture(fixture.path, 'azure-fixture-repositories-metering') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("integTest") { dependsOn ":plugins:repository-azure:bundlePlugin" systemProperty 'test.azure.container', azureContainer diff --git a/x-pack/plugin/searchable-snapshots/qa/azure/build.gradle b/x-pack/plugin/searchable-snapshots/qa/azure/build.gradle index 689c9189d9f6e..efce7e1ba75a8 100644 --- a/x-pack/plugin/searchable-snapshots/qa/azure/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/azure/build.gradle @@ -60,6 +60,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { } setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'false' if (useFixture) { def fixtureAddress = { fixtureName -> From 979f23caaa65c20fca3e75ee33852d2a64ceb3b2 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Thu, 25 Mar 2021 23:06:52 +0100 Subject: [PATCH 24/48] Fixing tests --- x-pack/plugin/repositories-metering-api/qa/gcs/build.gradle | 4 ++++ x-pack/plugin/sql/qa/mixed-node/build.gradle | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/x-pack/plugin/repositories-metering-api/qa/gcs/build.gradle b/x-pack/plugin/repositories-metering-api/qa/gcs/build.gradle index 7557a595c5ea2..f87508040f18d 100644 --- a/x-pack/plugin/repositories-metering-api/qa/gcs/build.gradle +++ b/x-pack/plugin/repositories-metering-api/qa/gcs/build.gradle @@ -51,6 +51,10 @@ if (!gcsServiceAccount && !gcsBucket && !gcsBasePath) { serviceAccountFile = new File(gcsServiceAccount) } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + /** A service account file that points to the Google Cloud Storage service emulated by the fixture **/ tasks.register("createServiceAccountFile") { doLast { diff --git a/x-pack/plugin/sql/qa/mixed-node/build.gradle b/x-pack/plugin/sql/qa/mixed-node/build.gradle index 8a39ecc795848..41f45fa68efa5 100644 --- a/x-pack/plugin/sql/qa/mixed-node/build.gradle +++ b/x-pack/plugin/sql/qa/mixed-node/build.gradle @@ -14,6 +14,10 @@ dependencies { testImplementation project(path: xpackModule('sql'), configuration: 'default') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("integTest").configure{ enabled = false} // A bug (https://github.com/elastic/elasticsearch/issues/68439) limits us to perform tests with versions from 7.10.3 onwards From 4e56250701ee2fa9c267628ca13a35a2ed733cba Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Fri, 26 Mar 2021 00:00:59 +0100 Subject: [PATCH 25/48] Fixing tests --- x-pack/plugin/repositories-metering-api/build.gradle | 6 +++++- x-pack/plugin/searchable-snapshots/build.gradle | 4 ++++ x-pack/plugin/snapshot-repo-test-kit/build.gradle | 4 ++++ x-pack/plugin/snapshot-repo-test-kit/qa/azure/build.gradle | 4 ++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/x-pack/plugin/repositories-metering-api/build.gradle b/x-pack/plugin/repositories-metering-api/build.gradle index 37e325d6c0dbf..620b3e79a2b9e 100644 --- a/x-pack/plugin/repositories-metering-api/build.gradle +++ b/x-pack/plugin/repositories-metering-api/build.gradle @@ -14,4 +14,8 @@ dependencies { testImplementation(testArtifact(project(xpackModule('core')))) } -addQaCheckDependencies() \ No newline at end of file +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + +addQaCheckDependencies() diff --git a/x-pack/plugin/searchable-snapshots/build.gradle b/x-pack/plugin/searchable-snapshots/build.gradle index da23d1fb514db..2a408991f036d 100644 --- a/x-pack/plugin/searchable-snapshots/build.gradle +++ b/x-pack/plugin/searchable-snapshots/build.gradle @@ -16,4 +16,8 @@ dependencies { internalClusterTestImplementation(testArtifact(project(xpackModule('core')))) } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + addQaCheckDependencies() diff --git a/x-pack/plugin/snapshot-repo-test-kit/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/build.gradle index 142c2d198d769..9b2518628eec7 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/build.gradle @@ -15,4 +15,8 @@ dependencies { internalClusterTestImplementation testArtifact(project(xpackModule('core'))) } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + addQaCheckDependencies() diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/azure/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/azure/build.gradle index 9709b1fd3ad64..a4a308d2c8b2e 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/azure/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/azure/build.gradle @@ -49,6 +49,10 @@ if (useFixture) { testFixtures.useFixture(fixture.path, 'azure-fixture-repository-test-kit') } +testClusters.all { + setting 'xpack.security.enabled', 'false' +} + tasks.named("integTest").configure { systemProperty 'test.azure.container', azureContainer nonInputProperties.systemProperty 'test.azure.base_path', azureBasePath + "_repository_test_kit_tests_" + BuildParams.testSeed From 0d4be4f55855d474e12ab9b1955ae126d3d0bb28 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Fri, 26 Mar 2021 14:16:50 +0100 Subject: [PATCH 26/48] Fixing tests --- x-pack/plugin/searchable-snapshots/qa/gcs/build.gradle | 2 ++ x-pack/plugin/snapshot-repo-test-kit/qa/gcs/build.gradle | 1 + 2 files changed, 3 insertions(+) diff --git a/x-pack/plugin/searchable-snapshots/qa/gcs/build.gradle b/x-pack/plugin/searchable-snapshots/qa/gcs/build.gradle index 5ea79b1c5e70c..982cbd43aed15 100644 --- a/x-pack/plugin/searchable-snapshots/qa/gcs/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/gcs/build.gradle @@ -112,6 +112,8 @@ testClusters.matching { it.name == "integTest" }.configureEach { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/gcs/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/gcs/build.gradle index e2328372052c0..2bba6007fb845 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/gcs/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/gcs/build.gradle @@ -108,6 +108,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { } else { println "Using an external service to test " + project.name } + setting 'xpack.security.enabled', 'false' } tasks.register("gcsThirdPartyTest") { From ec16dd2eb413c770e19772eb52e48a41b15b5e02 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Fri, 26 Mar 2021 15:57:52 +0100 Subject: [PATCH 27/48] Fixing tests --- x-pack/plugin/eql/qa/mixed-node/build.gradle | 2 +- x-pack/plugin/repositories-metering-api/qa/s3/build.gradle | 1 + x-pack/plugin/rollup/qa/rest/build.gradle | 1 + x-pack/plugin/snapshot-repo-test-kit/qa/s3/build.gradle | 1 + x-pack/plugin/spatial/build.gradle | 1 + 5 files changed, 5 insertions(+), 1 deletion(-) diff --git a/x-pack/plugin/eql/qa/mixed-node/build.gradle b/x-pack/plugin/eql/qa/mixed-node/build.gradle index 5e041a2aa5f2d..c0da999eb0b04 100644 --- a/x-pack/plugin/eql/qa/mixed-node/build.gradle +++ b/x-pack/plugin/eql/qa/mixed-node/build.gradle @@ -32,7 +32,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.wireCompatible.findAll { it.on setting 'xpack.security.enabled', 'false' setting 'xpack.watcher.enabled', 'false' setting 'xpack.ml.enabled', 'false' - setting 'xpack.eql.enabled', 'true' + setting 'xpack.eql.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' // for debugging purposes // setting 'logger.org.elasticsearch.xpack.eql.plugin.TransportEqlSearchAction', 'TRACE' diff --git a/x-pack/plugin/repositories-metering-api/qa/s3/build.gradle b/x-pack/plugin/repositories-metering-api/qa/s3/build.gradle index 6d62408b42b77..61c41669d1d27 100644 --- a/x-pack/plugin/repositories-metering-api/qa/s3/build.gradle +++ b/x-pack/plugin/repositories-metering-api/qa/s3/build.gradle @@ -68,6 +68,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { } else { println "Using an external service to test " + project.name } + setting 'xpack.security.enabled', 'false' } tasks.register("s3ThirdPartyTest").configure { diff --git a/x-pack/plugin/rollup/qa/rest/build.gradle b/x-pack/plugin/rollup/qa/rest/build.gradle index 19e595acb0f53..88d555407d1da 100644 --- a/x-pack/plugin/rollup/qa/rest/build.gradle +++ b/x-pack/plugin/rollup/qa/rest/build.gradle @@ -24,6 +24,7 @@ testClusters.all { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'basic' systemProperty 'es.rollup_v2_feature_flag_enabled', 'true' + setting 'xpack.security.enabled', 'false' } tasks.named("test").configure{enabled = false } diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/s3/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/s3/build.gradle index bf8e1e5f660dc..6c749d478f8ac 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/s3/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/s3/build.gradle @@ -73,6 +73,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { } else { println "Using an external service to test " + project.name } + setting 'xpack.security.enabled', 'false' } tasks.register("s3ThirdPartyTest") { diff --git a/x-pack/plugin/spatial/build.gradle b/x-pack/plugin/spatial/build.gradle index e6daaec27ef4c..6e4e6654b57f5 100644 --- a/x-pack/plugin/spatial/build.gradle +++ b/x-pack/plugin/spatial/build.gradle @@ -30,4 +30,5 @@ restResources { testClusters.all { setting 'xpack.license.self_generated.type', 'trial' testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'false' } From 5cc78fedf9eaac2ebf1aa983bb8ca472b8315d4d Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Fri, 26 Mar 2021 17:37:46 +0100 Subject: [PATCH 28/48] Fixing tests --- x-pack/plugin/searchable-snapshots/qa/hdfs/build.gradle | 2 ++ x-pack/plugin/searchable-snapshots/qa/minio/build.gradle | 2 ++ x-pack/plugin/searchable-snapshots/qa/rest/build.gradle | 2 ++ x-pack/plugin/searchable-snapshots/qa/s3/build.gradle | 2 ++ 4 files changed, 8 insertions(+) diff --git a/x-pack/plugin/searchable-snapshots/qa/hdfs/build.gradle b/x-pack/plugin/searchable-snapshots/qa/hdfs/build.gradle index dc795d018287a..a55497943f424 100644 --- a/x-pack/plugin/searchable-snapshots/qa/hdfs/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/hdfs/build.gradle @@ -133,6 +133,8 @@ testClusters.configureEach { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } testClusters.matching { it.name == "integTestSecure" }.configureEach { diff --git a/x-pack/plugin/searchable-snapshots/qa/minio/build.gradle b/x-pack/plugin/searchable-snapshots/qa/minio/build.gradle index 636748812447c..85f087fbea630 100644 --- a/x-pack/plugin/searchable-snapshots/qa/minio/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/minio/build.gradle @@ -44,5 +44,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/searchable-snapshots/qa/rest/build.gradle b/x-pack/plugin/searchable-snapshots/qa/rest/build.gradle index 464a5be7802f1..32f6d8efa613b 100644 --- a/x-pack/plugin/searchable-snapshots/qa/rest/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/rest/build.gradle @@ -20,6 +20,8 @@ testClusters.matching { it.name == "integTest" }.configureEach { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } restResources { diff --git a/x-pack/plugin/searchable-snapshots/qa/s3/build.gradle b/x-pack/plugin/searchable-snapshots/qa/s3/build.gradle index 1c0f913f2eaeb..fb2644f72bb2f 100644 --- a/x-pack/plugin/searchable-snapshots/qa/s3/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/s3/build.gradle @@ -71,6 +71,8 @@ testClusters.matching { it.name == "integTest" }.configureEach { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } tasks.register("s3ThirdPartyTest") { From d35c8453403b0b8cb88c6cb2aa21a026a69626b8 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Fri, 26 Mar 2021 19:42:37 +0100 Subject: [PATCH 29/48] Fixing tests --- x-pack/plugin/searchable-snapshots/qa/url/build.gradle | 2 ++ x-pack/plugin/snapshot-repo-test-kit/qa/minio/build.gradle | 2 ++ x-pack/plugin/snapshot-repo-test-kit/qa/rest/build.gradle | 1 + 3 files changed, 5 insertions(+) diff --git a/x-pack/plugin/searchable-snapshots/qa/url/build.gradle b/x-pack/plugin/searchable-snapshots/qa/url/build.gradle index 1323531d5f6dc..e1cbd449daccd 100644 --- a/x-pack/plugin/searchable-snapshots/qa/url/build.gradle +++ b/x-pack/plugin/searchable-snapshots/qa/url/build.gradle @@ -44,4 +44,6 @@ testClusters.matching { it.name == "integTest" }.configureEach { setting 'xpack.searchable.snapshot.shared_cache.size', '16MB' setting 'xpack.searchable.snapshot.shared_cache.region_size', '256KB' + + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/minio/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/minio/build.gradle index bc0442286eece..70996662d2edc 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/minio/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/minio/build.gradle @@ -47,5 +47,7 @@ testClusters.matching { it.name == "integTest" }.configureEach { keystore 's3.client.repository_test_kit.secret_key', 's3_test_secret_key' setting 's3.client.repository_test_kit.protocol', 'http' setting 's3.client.repository_test_kit.endpoint', { "${-> fixtureAddress()}" }, IGNORE_VALUE + + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/snapshot-repo-test-kit/qa/rest/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/qa/rest/build.gradle index de14d8511507e..c52633765ac71 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/qa/rest/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/qa/rest/build.gradle @@ -17,6 +17,7 @@ tasks.named("integTest").configure { testClusters.matching { it.name == "integTest" }.configureEach { testDistribution = 'DEFAULT' setting 'path.repo', repoDir.absolutePath + setting 'xpack.security.enabled', 'false' } restResources { From 5b21b4edfc1e740e46a9d153c5a4ace02f11d2f2 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Fri, 26 Mar 2021 20:40:20 +0100 Subject: [PATCH 30/48] Fixing tests --- x-pack/qa/runtime-fields/build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/qa/runtime-fields/build.gradle b/x-pack/qa/runtime-fields/build.gradle index 27d3eb9e26b6c..3f2da542ced18 100644 --- a/x-pack/qa/runtime-fields/build.gradle +++ b/x-pack/qa/runtime-fields/build.gradle @@ -28,6 +28,7 @@ subprojects { testClusters.matching { it.name == "yamlRestTest" }.configureEach { testDistribution = 'DEFAULT' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'false' } tasks.named("yamlRestTest").configure { From ae62dd9b89d25d40c74110ad05a9a8c129a83264 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Mon, 29 Mar 2021 16:58:27 +0200 Subject: [PATCH 31/48] Fixing tests --- x-pack/plugin/searchable-snapshots/build.gradle | 4 ---- x-pack/plugin/snapshot-repo-test-kit/build.gradle | 4 ---- 2 files changed, 8 deletions(-) diff --git a/x-pack/plugin/searchable-snapshots/build.gradle b/x-pack/plugin/searchable-snapshots/build.gradle index 2a408991f036d..da23d1fb514db 100644 --- a/x-pack/plugin/searchable-snapshots/build.gradle +++ b/x-pack/plugin/searchable-snapshots/build.gradle @@ -16,8 +16,4 @@ dependencies { internalClusterTestImplementation(testArtifact(project(xpackModule('core')))) } -testClusters.all { - setting 'xpack.security.enabled', 'false' -} - addQaCheckDependencies() diff --git a/x-pack/plugin/snapshot-repo-test-kit/build.gradle b/x-pack/plugin/snapshot-repo-test-kit/build.gradle index 9b2518628eec7..142c2d198d769 100644 --- a/x-pack/plugin/snapshot-repo-test-kit/build.gradle +++ b/x-pack/plugin/snapshot-repo-test-kit/build.gradle @@ -15,8 +15,4 @@ dependencies { internalClusterTestImplementation testArtifact(project(xpackModule('core'))) } -testClusters.all { - setting 'xpack.security.enabled', 'false' -} - addQaCheckDependencies() From 730dc1b48ead6db7c31a4c1d4b1e007c11244be8 Mon Sep 17 00:00:00 2001 From: BigPandaToo Date: Mon, 29 Mar 2021 17:05:46 +0200 Subject: [PATCH 32/48] Fixing tests --- x-pack/plugin/eql/qa/mixed-node/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugin/eql/qa/mixed-node/build.gradle b/x-pack/plugin/eql/qa/mixed-node/build.gradle index c0da999eb0b04..9369985f9e102 100644 --- a/x-pack/plugin/eql/qa/mixed-node/build.gradle +++ b/x-pack/plugin/eql/qa/mixed-node/build.gradle @@ -32,7 +32,7 @@ for (Version bwcVersion : BuildParams.bwcVersions.wireCompatible.findAll { it.on setting 'xpack.security.enabled', 'false' setting 'xpack.watcher.enabled', 'false' setting 'xpack.ml.enabled', 'false' - setting 'xpack.eql.enabled', 'true' + setting 'xpack.eql.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' // for debugging purposes // setting 'logger.org.elasticsearch.xpack.eql.plugin.TransportEqlSearchAction', 'TRACE' From 5e7f7b9545837ba3ec3b2cddac3654b849ca2959 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Mon, 29 Mar 2021 18:02:43 +0200 Subject: [PATCH 33/48] Fixing tests --- rest-api-spec/build.gradle | 4 ---- .../xpack/test/rest/CatIndicesWithSecurityIT.java | 1 + 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/rest-api-spec/build.gradle b/rest-api-spec/build.gradle index 497aa842ce8c9..e8101d069f359 100644 --- a/rest-api-spec/build.gradle +++ b/rest-api-spec/build.gradle @@ -22,10 +22,6 @@ testClusters.all { module ':modules:mapper-extras' } -testClusters.matching { it.name == "yamlRestCompatTest" }.configureEach { - setting 'xpack.security.enabled', 'false' -} - tasks.named("test").configure {enabled = false } tasks.named("jarHell").configure {enabled = false } diff --git a/x-pack/plugin/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java b/x-pack/plugin/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java index c26804c9d1122..4ca468619d1ac 100644 --- a/x-pack/plugin/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java +++ b/x-pack/plugin/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java @@ -18,6 +18,7 @@ import java.io.IOException; +import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.matchesRegex; public class CatIndicesWithSecurityIT extends ESRestTestCase { From 9c8481506c3eabac7bbdd0e845e4dc26bf4b4236 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Mon, 29 Mar 2021 18:44:01 +0200 Subject: [PATCH 34/48] Fixing tests --- rest-api-spec/build.gradle | 4 ++++ .../xpack/test/rest/CatIndicesWithSecurityIT.java | 1 - 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/rest-api-spec/build.gradle b/rest-api-spec/build.gradle index b294371996a48..170f9e50a866a 100644 --- a/rest-api-spec/build.gradle +++ b/rest-api-spec/build.gradle @@ -26,6 +26,10 @@ testClusters.all { module ':modules:mapper-extras' } +testClusters.matching { it.name == "yamlRestCompatTest" }.configureEach { + setting 'xpack.security.enabled', 'false' +} + tasks.named("test").configure { enabled = false } tasks.named("jarHell").configure { enabled = false } diff --git a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java index 4ca468619d1ac..c26804c9d1122 100644 --- a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java +++ b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/test/rest/CatIndicesWithSecurityIT.java @@ -18,7 +18,6 @@ import java.io.IOException; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.matchesRegex; public class CatIndicesWithSecurityIT extends ESRestTestCase { From 3165c03bef9b6896c99d38890fcf936785069c06 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Mon, 29 Mar 2021 19:20:31 +0200 Subject: [PATCH 35/48] Fixing tests --- x-pack/plugin/logstash/build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/plugin/logstash/build.gradle b/x-pack/plugin/logstash/build.gradle index d7ba5b977d209..f03b37e3e4576 100644 --- a/x-pack/plugin/logstash/build.gradle +++ b/x-pack/plugin/logstash/build.gradle @@ -19,4 +19,5 @@ dependencies { testClusters.all { testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'false' } From 40f45c826851fc903360002c4f458b88fa1fb172 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Mon, 29 Mar 2021 21:17:55 +0200 Subject: [PATCH 36/48] Fixing tests --- test/framework/build.gradle | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/framework/build.gradle b/test/framework/build.gradle index 9db5657a952a1..f7b9528bdbb35 100644 --- a/test/framework/build.gradle +++ b/test/framework/build.gradle @@ -36,10 +36,6 @@ dependencies { api "org.apache.commons:commons-lang3:${versions.commons_lang3}" } -testClusters.all { - setting 'xpack.security.enabled', 'false' -} - tasks.named("compileJava").configure { options.compilerArgs << '-Xlint:-cast,-unchecked' } // the main files are actually test files, so use the appropriate forbidden api sigs From c72402150d0f7f07d8f05ee4d05e5b352cc2da75 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Tue, 30 Mar 2021 20:47:50 +0200 Subject: [PATCH 37/48] test fix --- x-pack/plugin/logstash/build.gradle | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/plugin/logstash/build.gradle b/x-pack/plugin/logstash/build.gradle index f03b37e3e4576..9a3649b2e3b0d 100644 --- a/x-pack/plugin/logstash/build.gradle +++ b/x-pack/plugin/logstash/build.gradle @@ -19,5 +19,6 @@ dependencies { testClusters.all { testDistribution = 'DEFAULT' - setting 'xpack.security.enabled', 'false' + setting 'xpack.security.enabled', 'true' + user username: 'x_pack_rest_user', password: 'x-pack-test-password', role: 'superuser' } From a39de7d9b5447a44fbaf42db8379eeb77e304085 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Wed, 31 Mar 2021 19:03:18 +0200 Subject: [PATCH 38/48] Addressing review comments --- modules/reindex/build.gradle | 4 ---- .../java/org/elasticsearch/test/rest/ESRestTestCase.java | 4 ++-- x-pack/plugin/ccr/qa/multi-cluster/build.gradle | 1 - .../xpack/security/EnableSecurityOnBasicLicenseIT.java | 1 - .../plugin/security/qa/security-not-enabled/build.gradle | 1 + .../SetSecurityUserProcessorWithSecurityNotEnabledIT.java | 8 -------- .../xpack/security/rest/SecurityRestFilter.java | 8 +++++--- 7 files changed, 8 insertions(+), 19 deletions(-) diff --git a/modules/reindex/build.gradle b/modules/reindex/build.gradle index cbabe99ebcb8e..822df6287153e 100644 --- a/modules/reindex/build.gradle +++ b/modules/reindex/build.gradle @@ -32,10 +32,6 @@ testClusters.all { setting 'reindex.remote.whitelist', '127.0.0.1:*' } -testClusters.matching { it.name == "yamlRestCompatTest" }.configureEach { - setting 'xpack.security.enabled', 'false' -} - tasks.named("test").configure { /* * We have to disable setting the number of available processors as tests in the diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java index 791d953783167..afb96c2a8b18e 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java @@ -714,7 +714,7 @@ protected static void wipeAllIndices() throws IOException { //remove all indices except ilm history which can pop up after deleting all data streams but shouldn't interfere final Request deleteRequest = new Request("DELETE", "*,-.ds-ilm-history-*"); deleteRequest.addParameter("expand_wildcards", "open,closed" + (includeHidden ? ",hidden" : "")); - RequestOptions allowSystemIndexAccessWarningOptions = RequestOptions.DEFAULT.toBuilder() + RequestOptions allowSystemIndexAccessAndSecurityNotEnabledWarningOptions = RequestOptions.DEFAULT.toBuilder() .setWarningsHandler(warnings -> { if (warnings.size() == 0) { return false; @@ -732,7 +732,7 @@ protected static void wipeAllIndices() throws IOException { && warning.contains("/get-started-enable-security.html for more information"); return isSystemIndexWarning == false && isSecurityDisabledWarning == false; }).build(); - deleteRequest.setOptions(allowSystemIndexAccessWarningOptions); + deleteRequest.setOptions(allowSystemIndexAccessAndSecurityNotEnabledWarningOptions); final Response response = adminClient().performRequest(deleteRequest); try (InputStream is = response.getEntity().getContent()) { assertTrue((boolean) XContentHelper.convertToMap(XContentType.JSON.xContent(), is, true).get("acknowledged")); diff --git a/x-pack/plugin/ccr/qa/multi-cluster/build.gradle b/x-pack/plugin/ccr/qa/multi-cluster/build.gradle index 038a70ba38ed3..0a13e84eeed0d 100644 --- a/x-pack/plugin/ccr/qa/multi-cluster/build.gradle +++ b/x-pack/plugin/ccr/qa/multi-cluster/build.gradle @@ -59,7 +59,6 @@ testClusters.matching { it.name == "follow-cluster" }.configureEach { testDistribution = 'DEFAULT' setting 'xpack.monitoring.collection.enabled', 'true' setting 'xpack.license.self_generated.type', 'trial' - setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.security.enabled', 'true' user username: 'admin', password: 'admin-password', role: 'superuser' setting 'cluster.remote.leader_cluster.seeds', diff --git a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java index 3bd08f945131f..c6f25352268e7 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java @@ -30,7 +30,6 @@ import java.util.Locale; import java.util.Map; -import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.contains; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; diff --git a/x-pack/plugin/security/qa/security-not-enabled/build.gradle b/x-pack/plugin/security/qa/security-not-enabled/build.gradle index 4526d44576e9f..9b9ba98f53f8a 100644 --- a/x-pack/plugin/security/qa/security-not-enabled/build.gradle +++ b/x-pack/plugin/security/qa/security-not-enabled/build.gradle @@ -21,4 +21,5 @@ testClusters.all { // We run with a trial license, but do not enable security. // This means the security plugin is loaded and all feature are permitted, but they are not enabled setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.enabled', 'false' } diff --git a/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java b/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java index dd9ac66df5f0a..b45eb4975f289 100644 --- a/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java +++ b/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java @@ -27,14 +27,6 @@ */ public class SetSecurityUserProcessorWithSecurityNotEnabledIT extends ESRestTestCase { - @Override - protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { - RestClientBuilder builder = RestClient.builder(hosts); - configureClient(builder, settings); - builder.setStrictDeprecationMode(false); - return builder.build(); - } - public void testDefineAndUseProcessor() throws Exception { final String pipeline = "pipeline-" + getTestName(); final String index = "index-" + getTestName(); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java index 85bf3894f5b50..c2f2e53446d94 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java @@ -90,9 +90,11 @@ public void handleRequest(RestRequest request, RestChannel channel, NodeClient c e -> handleException("Secondary authentication", request, channel, e))); }, e -> handleException("Authentication", request, channel, e))); } else { - HeaderWarning.addWarning("Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + - "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + - Version.CURRENT.minor + "/get-started-enable-security.html for more information"); + if (request.method() != Method.OPTIONS) { + HeaderWarning.addWarning("Elasticsearch built-in security features are not enabled, your cluster may be accessible " + + "without authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/get-started-enable-security.html for more information"); + } restHandler.handleRequest(request, channel, client); } } From ee2e6eb84470edc138e1dce596b20f7d005d06b3 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Wed, 31 Mar 2021 19:54:50 +0200 Subject: [PATCH 39/48] Addressing review comments --- .../xpack/security/rest/SecurityRestFilterTests.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java index e0aa45833040c..c7f90c0543286 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java @@ -204,9 +204,6 @@ public void testProcessOptionsMethod() throws Exception { RestRequest request = mock(RestRequest.class); when(request.method()).thenReturn(RestRequest.Method.OPTIONS); filter.handleRequest(request, channel, null); - assertWarnings("Elasticsearch built-in security features are not enabled, your cluster may be accessible without authentication. " + - "Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + Version.CURRENT.minor + - "/get-started-enable-security.html for more information"); verify(restHandler).handleRequest(request, channel, null); verifyZeroInteractions(channel); verifyZeroInteractions(authcService); From 4e2cbb2b1515095161e467b954644f40de2bfcda Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Thu, 1 Apr 2021 11:38:40 +0200 Subject: [PATCH 40/48] Addressing review feedback --- distribution/docker/build.gradle | 5 ----- 1 file changed, 5 deletions(-) diff --git a/distribution/docker/build.gradle b/distribution/docker/build.gradle index 5065bfed7a471..b053f02f86da8 100644 --- a/distribution/docker/build.gradle +++ b/distribution/docker/build.gradle @@ -47,11 +47,6 @@ dependencies { tini 'krallin:tini:0.19.0@tini-amd64' } - -testClusters.all { - setting 'xpack.security.enabled', 'false' -} - ext.expansions = { Architecture architecture, DockerBase base -> String buildArgs = '' if (base == DockerBase.IRON_BANK) { From df35f52b3cb011a0fa023025f75435e2edbd3ec1 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Thu, 1 Apr 2021 21:36:55 +0200 Subject: [PATCH 41/48] Addressing PR feedback --- .../test/rest/yaml/ESClientYamlSuiteTestCase.java | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/ESClientYamlSuiteTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/ESClientYamlSuiteTestCase.java index bba4168b97113..7e2219e126beb 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/ESClientYamlSuiteTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/yaml/ESClientYamlSuiteTestCase.java @@ -23,7 +23,6 @@ import org.elasticsearch.client.sniff.ElasticsearchNodesSniffer; import org.elasticsearch.common.Strings; import org.elasticsearch.common.collect.Tuple; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.NamedXContentRegistry; import org.elasticsearch.common.xcontent.support.XContentMapValues; import org.elasticsearch.core.internal.io.IOUtils; @@ -110,18 +109,6 @@ protected ESClientYamlSuiteTestCase(ClientYamlTestCandidate testCandidate) { private static boolean useDefaultNumberOfShards; - @Override - protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { - RestClientBuilder builder = RestClient.builder(hosts); - configureClient(builder, settings); - if (settings.hasValue("xpack.security.enabled")) { - builder.setStrictDeprecationMode(true); - } else { - builder.setStrictDeprecationMode(false); - } - return builder.build(); - } - @BeforeClass public static void initializeUseDefaultNumberOfShards() { useDefaultNumberOfShards = usually(); From 210b37ed263ab045dcf47f73dcf931469910c9cf Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Thu, 1 Apr 2021 22:04:40 +0200 Subject: [PATCH 42/48] Addressing PR feedback --- .../EnableSecurityOnBasicLicenseIT.java | 2 +- .../plugin/security/qa/tls-basic/build.gradle | 2 ++ .../xpack/security/TlsWithBasicLicenseIT.java | 19 ++++--------------- 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java index c6f25352268e7..7ee178257c208 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java @@ -74,7 +74,7 @@ protected boolean preserveClusterUponCompletion() { protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { RestClientBuilder builder = RestClient.builder(hosts); configureClient(builder, settings); - if (settings.hasValue("xpack.security.enabled")) { + if (System.getProperty("tests.has_security") != null) { builder.setStrictDeprecationMode(true); } else { builder.setStrictDeprecationMode(false); diff --git a/x-pack/plugin/security/qa/tls-basic/build.gradle b/x-pack/plugin/security/qa/tls-basic/build.gradle index 951488c246f74..4e65c0e4472c0 100644 --- a/x-pack/plugin/security/qa/tls-basic/build.gradle +++ b/x-pack/plugin/security/qa/tls-basic/build.gradle @@ -24,6 +24,7 @@ testClusters.javaRestTest { setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'basic' + setting 'xpack.security.enabled', 'true' setting 'xpack.security.http.ssl.enabled', 'true' setting 'xpack.security.http.ssl.certificate', 'http.crt' setting 'xpack.security.http.ssl.key', 'http.key' @@ -34,4 +35,5 @@ testClusters.javaRestTest { setting 'xpack.security.transport.ssl.key', 'transport.key' setting 'xpack.security.transport.ssl.key_passphrase', 'transport-password' setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt' + user username: 'admin', password: 'admin-password', role: 'superuser' } diff --git a/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java b/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java index 6692476b2a16b..5f76628accf73 100644 --- a/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/tls-basic/src/javaRestTest/java/org/elasticsearch/xpack/security/TlsWithBasicLicenseIT.java @@ -6,14 +6,13 @@ */ package org.elasticsearch.xpack.security; -import org.apache.http.HttpHost; import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; -import org.elasticsearch.client.RestClient; -import org.elasticsearch.client.RestClientBuilder; import org.elasticsearch.common.io.PathUtils; +import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import org.elasticsearch.test.rest.yaml.ObjectPath; import org.junit.AfterClass; @@ -37,18 +36,6 @@ public class TlsWithBasicLicenseIT extends ESRestTestCase { private static Path httpTrustStore; - @Override - protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { - RestClientBuilder builder = RestClient.builder(hosts); - configureClient(builder, settings); - if (settings.hasValue("xpack.security.enabled")) { - builder.setStrictDeprecationMode(true); - } else { - builder.setStrictDeprecationMode(false); - } - return builder.build(); - } - @BeforeClass public static void findTrustStore() throws Exception { final URL resource = TlsWithBasicLicenseIT.class.getResource("/ssl/ca.p12"); @@ -70,7 +57,9 @@ protected String getProtocol() { @Override protected Settings restClientSettings() { + String token = basicAuthHeaderValue("admin", new SecureString("admin-password".toCharArray())); return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) .put(TRUSTSTORE_PATH, httpTrustStore) .put(TRUSTSTORE_PASSWORD, "password") .build(); From 12969d9f2a68a57e35dad6ac8b663e308a70ffa6 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Tue, 6 Apr 2021 18:53:37 +0200 Subject: [PATCH 43/48] Addressing PR comments + updating the branch --- qa/ccs-rolling-upgrade-remote-cluster/build.gradle | 2 ++ rest-api-spec/build.gradle | 3 --- .../java/org/elasticsearch/test/rest/ESRestTestCase.java | 7 +------ .../ml/integration/ExplainDataFrameAnalyticsRestIT.java | 1 - 4 files changed, 3 insertions(+), 10 deletions(-) diff --git a/qa/ccs-rolling-upgrade-remote-cluster/build.gradle b/qa/ccs-rolling-upgrade-remote-cluster/build.gradle index 47f0480f8c60e..79507e080da35 100644 --- a/qa/ccs-rolling-upgrade-remote-cluster/build.gradle +++ b/qa/ccs-rolling-upgrade-remote-cluster/build.gradle @@ -35,12 +35,14 @@ for (Version bwcVersion : BuildParams.bwcVersions.wireCompatible) { numberOfNodes = 2 versions = [bwcVersionStr, project.version] setting 'cluster.remote.node.attr', 'gateway' + setting 'xpack.security.enabled', 'false' } "${baseName}-remote" { numberOfNodes = 3 versions = [bwcVersionStr, project.version] firstNode.setting 'node.attr.gateway', 'true' lastNode.setting 'node.attr.gateway', 'true' + setting 'xpack.security.enabled', 'false' } } diff --git a/rest-api-spec/build.gradle b/rest-api-spec/build.gradle index 0d5f4b4e388cc..04a4501033493 100644 --- a/rest-api-spec/build.gradle +++ b/rest-api-spec/build.gradle @@ -26,9 +26,6 @@ testClusters.all { module ':modules:mapper-extras' } -testClusters.matching { it.name == "yamlRestCompatTest" }.configureEach { - setting 'xpack.security.enabled', 'false' -} tasks.named("test").configure { enabled = false } tasks.named("jarHell").configure { enabled = false } diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java index afb96c2a8b18e..ac779b787aafe 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java @@ -725,12 +725,7 @@ protected static void wipeAllIndices() throws IOException { final String warning = warnings.get(0); final boolean isSystemIndexWarning = warning.contains("this request accesses system indices") && warning.contains("but in a future major version, direct access to system indices will be prevented by default"); - // We don't know if security is implicitly disabled, so just accept all security disabled warnings. - final boolean isSecurityDisabledWarning = warning.contains("Elasticsearch built-in security features are not " + - "enabled, your cluster may be accessible without authentication. Read " + - "https://www.elastic.co/guide/en/elasticsearch/reference/") - && warning.contains("/get-started-enable-security.html for more information"); - return isSystemIndexWarning == false && isSecurityDisabledWarning == false; + return isSystemIndexWarning == false; }).build(); deleteRequest.setOptions(allowSystemIndexAccessAndSecurityNotEnabledWarningOptions); final Response response = adminClient().performRequest(deleteRequest); diff --git a/x-pack/plugin/ml/qa/native-multi-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/ml/integration/ExplainDataFrameAnalyticsRestIT.java b/x-pack/plugin/ml/qa/native-multi-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/ml/integration/ExplainDataFrameAnalyticsRestIT.java index 0168089a65f31..289054c610596 100644 --- a/x-pack/plugin/ml/qa/native-multi-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/ml/integration/ExplainDataFrameAnalyticsRestIT.java +++ b/x-pack/plugin/ml/qa/native-multi-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/ml/integration/ExplainDataFrameAnalyticsRestIT.java @@ -10,7 +10,6 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.RequestOptions; import org.elasticsearch.client.ResponseException; -import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.SecuritySettingsSourceField; From b2767dc0f6a810e970c6a3af6a6284af99163623 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Thu, 8 Apr 2021 20:00:49 +0200 Subject: [PATCH 44/48] Addressing PR comments + updating the branch --- rest-api-spec/build.gradle | 1 - .../java/org/elasticsearch/test/rest/ESRestTestCase.java | 4 ++-- x-pack/plugin/fleet/build.gradle | 2 ++ .../plugin/security/qa/basic-enable-security/build.gradle | 2 ++ .../SetSecurityUserProcessorWithSecurityNotEnabledIT.java | 6 ------ 5 files changed, 6 insertions(+), 9 deletions(-) diff --git a/rest-api-spec/build.gradle b/rest-api-spec/build.gradle index 488dab24d2aaf..67a0a035c8253 100644 --- a/rest-api-spec/build.gradle +++ b/rest-api-spec/build.gradle @@ -26,7 +26,6 @@ testClusters.all { module ':modules:mapper-extras' } - tasks.named("test").configure { enabled = false } tasks.named("jarHell").configure { enabled = false } diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java index ac779b787aafe..9633a96767cdf 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java @@ -714,7 +714,7 @@ protected static void wipeAllIndices() throws IOException { //remove all indices except ilm history which can pop up after deleting all data streams but shouldn't interfere final Request deleteRequest = new Request("DELETE", "*,-.ds-ilm-history-*"); deleteRequest.addParameter("expand_wildcards", "open,closed" + (includeHidden ? ",hidden" : "")); - RequestOptions allowSystemIndexAccessAndSecurityNotEnabledWarningOptions = RequestOptions.DEFAULT.toBuilder() + RequestOptions allowSystemIndexAccessWarningOptions = RequestOptions.DEFAULT.toBuilder() .setWarningsHandler(warnings -> { if (warnings.size() == 0) { return false; @@ -727,7 +727,7 @@ protected static void wipeAllIndices() throws IOException { && warning.contains("but in a future major version, direct access to system indices will be prevented by default"); return isSystemIndexWarning == false; }).build(); - deleteRequest.setOptions(allowSystemIndexAccessAndSecurityNotEnabledWarningOptions); + deleteRequest.setOptions(allowSystemIndexAccessWarningOptions); final Response response = adminClient().performRequest(deleteRequest); try (InputStream is = response.getEntity().getContent()) { assertTrue((boolean) XContentHelper.convertToMap(XContentType.JSON.xContent(), is, true).get("acknowledged")); diff --git a/x-pack/plugin/fleet/build.gradle b/x-pack/plugin/fleet/build.gradle index bc135af76077c..b1abb6eb58675 100644 --- a/x-pack/plugin/fleet/build.gradle +++ b/x-pack/plugin/fleet/build.gradle @@ -24,4 +24,6 @@ dependencies { testClusters.all { testDistribution = 'DEFAULT' + setting 'xpack.security.enabled', 'true' + user username: 'x_pack_rest_user', password: 'x-pack-test-password', role: 'superuser' } diff --git a/x-pack/plugin/security/qa/basic-enable-security/build.gradle b/x-pack/plugin/security/qa/basic-enable-security/build.gradle index 2be12a4707ffc..03337dbe35d20 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/build.gradle +++ b/x-pack/plugin/security/qa/basic-enable-security/build.gradle @@ -28,6 +28,7 @@ testClusters { } tasks.register("javaRestTestWithSecurityDisabled", StandaloneRestIntegTestTask) { + mustRunAfter("javaRestTest") description = "Run tests against a cluster that has security explicitly disabled" dependsOn "javaRestTest" useCluster testClusters.javaRestTest @@ -53,6 +54,7 @@ tasks.register("javaRestTestWithSecurityDisabled", StandaloneRestIntegTestTask) tasks.named("check").configure { dependsOn("javaRestTestWithSecurityDisabled") } tasks.register("javaRestTestWithSecurityEnabled", StandaloneRestIntegTestTask) { + mustRunAfter("javaRestTestWithSecurityDisabled") description = "Run tests against a cluster that has security enabled" dependsOn "javaRestTest" useCluster testClusters.javaRestTest diff --git a/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java b/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java index b45eb4975f289..f19fedf324e7f 100644 --- a/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java +++ b/x-pack/plugin/security/qa/security-not-enabled/src/javaRestTest/java/org/elasticsearch/xpack/security/SetSecurityUserProcessorWithSecurityNotEnabledIT.java @@ -6,18 +6,12 @@ */ package org.elasticsearch.xpack.security; -import org.apache.http.HttpHost; import org.apache.http.util.EntityUtils; import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; -import org.elasticsearch.client.RestClient; -import org.elasticsearch.client.RestClientBuilder; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.rest.ESRestTestCase; -import java.io.IOException; - import static org.hamcrest.Matchers.containsString; /** From d09cf3582fb0d1d7023071a7cc7dc171fb7aa4cf Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Thu, 8 Apr 2021 21:57:56 +0200 Subject: [PATCH 45/48] Updating the branch --- x-pack/plugin/shutdown/qa/multi-node/build.gradle | 2 ++ .../elasticsearch/xpack/shutdown/NodeShutdownIT.java | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/x-pack/plugin/shutdown/qa/multi-node/build.gradle b/x-pack/plugin/shutdown/qa/multi-node/build.gradle index 40205e8aa6a01..8e2a374637865 100644 --- a/x-pack/plugin/shutdown/qa/multi-node/build.gradle +++ b/x-pack/plugin/shutdown/qa/multi-node/build.gradle @@ -17,4 +17,6 @@ testClusters.all { numberOfNodes = 4 systemProperty 'es.shutdown_feature_flag_enabled', 'true' + setting 'xpack.security.enabled', 'true' + user username: clusterCredentials.username, password: clusterCredentials.password, role: 'superuser' } diff --git a/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java b/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java index ad88b24ae2844..fe87a42d103d0 100644 --- a/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java +++ b/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java @@ -8,6 +8,9 @@ package org.elasticsearch.xpack.shutdown; import org.elasticsearch.client.Request; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.ESRestTestCase; import java.io.IOException; @@ -62,4 +65,13 @@ private void assertNoShuttingDownNodes(String nodeIdToShutdown) throws IOExcepti List> nodesArray = (List>) statusResponse.get("nodes"); assertThat(nodesArray, empty()); } + + @Override + protected Settings restClientSettings() { + String token = basicAuthHeaderValue(System.getProperty("tests.rest.cluster.username"), + new SecureString(System.getProperty("tests.rest.cluster.password").toCharArray())); + return Settings.builder() + .put(ThreadContext.PREFIX + ".Authorization", token) + .build(); + } } From 7018bbe3157f53aa4499538d62d0bc3d8b81117f Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Thu, 8 Apr 2021 22:10:26 +0200 Subject: [PATCH 46/48] Clean up --- .../elasticsearch/xpack/shutdown/NodeShutdownIT.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java b/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java index fe87a42d103d0..b99571e69db75 100644 --- a/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java +++ b/x-pack/plugin/shutdown/qa/multi-node/src/javaRestTest/java/org/elasticsearch/xpack/shutdown/NodeShutdownIT.java @@ -68,10 +68,10 @@ private void assertNoShuttingDownNodes(String nodeIdToShutdown) throws IOExcepti @Override protected Settings restClientSettings() { - String token = basicAuthHeaderValue(System.getProperty("tests.rest.cluster.username"), - new SecureString(System.getProperty("tests.rest.cluster.password").toCharArray())); - return Settings.builder() - .put(ThreadContext.PREFIX + ".Authorization", token) - .build(); + String token = basicAuthHeaderValue( + System.getProperty("tests.rest.cluster.username"), + new SecureString(System.getProperty("tests.rest.cluster.password").toCharArray()) + ); + return Settings.builder().put(ThreadContext.PREFIX + ".Authorization", token).build(); } } From b19e1ff8f2eb2f1804af06dfed1b13cf0d6604e7 Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Tue, 13 Apr 2021 15:41:11 +0200 Subject: [PATCH 47/48] Fixing the warning message --- .../security/EnableSecurityOnBasicLicenseIT.java | 6 +++--- .../xpack/security/rest/SecurityRestFilter.java | 6 +++--- .../support/SecurityStatusChangeListener.java | 6 +++--- .../xpack/security/rest/SecurityRestFilterTests.java | 6 +++--- .../support/SecurityStatusChangeListenerTests.java | 12 ++++++------ 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java index 7ee178257c208..8e2223a3c9e4d 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java @@ -118,9 +118,9 @@ public void checkSecurityDisabledWarning() throws Exception { } else { assertThat (warningHeaders, Matchers.hasSize(1)); assertThat (warningHeaders.get(0), - containsString("Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + - "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + - Version.CURRENT.minor + "/get-started-enable-security.html for more information")); + containsString("Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be " + + "accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security.")); } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java index c2f2e53446d94..643e7562ea8a1 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java @@ -91,9 +91,9 @@ public void handleRequest(RestRequest request, RestChannel channel, NodeClient c }, e -> handleException("Authentication", request, channel, e))); } else { if (request.method() != Method.OPTIONS) { - HeaderWarning.addWarning("Elasticsearch built-in security features are not enabled, your cluster may be accessible " + - "without authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + - Version.CURRENT.minor + "/get-started-enable-security.html for more information"); + HeaderWarning.addWarning("Elasticsearch built-in security features are not enabled. Without authentication, your cluster " + + "could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + + "." + Version.CURRENT.minor + "/security-minimal-setup.html to enable security."); } restHandler.handleRequest(request, channel, client); } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java index c278adf15cec7..da71f41bb8604 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java @@ -42,9 +42,9 @@ public synchronized void licenseStateChanged() { if (Objects.equals(newState, securityEnabled) == false) { logger.info("Active license is now [{}]; Security is {}", licenseState.getOperationMode(), newState ? "enabled" : "disabled"); if (newState == false) { - logger.warn("Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + - "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + - Version.CURRENT.major + "." + Version.CURRENT.minor + "/get-started-enable-security.html for more information"); + logger.warn("Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be " + + "accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security."); } this.securityEnabled = newState; } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java index c7f90c0543286..fb4f370189546 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java @@ -144,9 +144,9 @@ public void testProcessBasicLicense() throws Exception { RestRequest request = mock(RestRequest.class); when(licenseState.isSecurityEnabled()).thenReturn(false); filter.handleRequest(request, channel, null); - assertWarnings("Elasticsearch built-in security features are not enabled, your cluster may be accessible without authentication. " + - "Read https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + Version.CURRENT.minor + - "/get-started-enable-security.html for more information"); + assertWarnings("Elasticsearch built-in security features are not enabled. Without authentication, your cluster " + + "could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security."); verify(restHandler).handleRequest(request, channel, null); verifyZeroInteractions(channel, authcService); } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java index 592c6c25189ec..4dffe7b93e4cf 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListenerTests.java @@ -68,9 +68,9 @@ public void testSecurityEnabledToDisabled() { "built-in security features are not enabled", listener.getClass().getName(), Level.WARN, - "Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + - "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + - Version.CURRENT.major + "." + Version.CURRENT.minor + "/get-started-enable-security.html for more information" + "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible " + + "to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security." )); when(licenseState.isSecurityEnabled()).thenReturn(false); when(licenseState.getOperationMode()).thenReturn(License.OperationMode.BASIC); @@ -99,9 +99,9 @@ public void testSecurityDisabledToEnabled() { "built-in security features are not enabled", listener.getClass().getName(), Level.WARN, - "Elasticsearch built-in security features are not enabled, your cluster may be accessible without " + - "authentication. Read https://www.elastic.co/guide/en/elasticsearch/reference/" + - Version.CURRENT.major + "." + Version.CURRENT.minor + "/get-started-enable-security.html for more information" + "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible " + + "to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/" + Version.CURRENT.major + "." + + Version.CURRENT.minor + "/security-minimal-setup.html to enable security." )); listener.licenseStateChanged(); From cee5550611bf1d333ea6a836cff07ba11dc196fe Mon Sep 17 00:00:00 2001 From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com> Date: Tue, 13 Apr 2021 17:20:20 +0200 Subject: [PATCH 48/48] Fixing test --- .../qa/basic-enable-security/build.gradle | 33 +++++-------------- .../EnableSecurityOnBasicLicenseIT.java | 2 +- 2 files changed, 9 insertions(+), 26 deletions(-) diff --git a/x-pack/plugin/security/qa/basic-enable-security/build.gradle b/x-pack/plugin/security/qa/basic-enable-security/build.gradle index 03337dbe35d20..99afa12a831a8 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/build.gradle +++ b/x-pack/plugin/security/qa/basic-enable-security/build.gradle @@ -4,6 +4,9 @@ import org.elasticsearch.gradle.info.BuildParams apply plugin: 'elasticsearch.java-rest-test' +//randomise between implicitly and explicitly disabled security +boolean implicitlyDisabledSecurity = (new Random(Long.parseUnsignedLong(BuildParams.testSeed.tokenize(':').get(0), 16))).nextBoolean() + dependencies { javaRestTestImplementation(testArtifact(project(xpackModule('security')))) javaRestTestImplementation(testArtifact(project(xpackModule('core')))) @@ -11,6 +14,9 @@ dependencies { tasks.named("javaRestTest").configure { description = "Run tests against a cluster that doesn't have security" + if (!implicitlyDisabledSecurity) { + systemProperty 'tests.has_security', 'false' + } } if (BuildParams.inFipsJvm){ @@ -24,37 +30,14 @@ testClusters { numberOfNodes = 2 setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'basic' - } -} - -tasks.register("javaRestTestWithSecurityDisabled", StandaloneRestIntegTestTask) { - mustRunAfter("javaRestTest") - description = "Run tests against a cluster that has security explicitly disabled" - dependsOn "javaRestTest" - useCluster testClusters.javaRestTest - systemProperty 'tests.has_security', 'false' - testClassesDirs = sourceSets.javaRestTest.output.classesDirs - classpath = sourceSets.javaRestTest.runtimeClasspath - onlyIf { - BuildParams.inFipsJvm == false - } - doFirst { - testClusters.javaRestTest { - // TODO Rene: revisit if using dedicated new cluster definitions would be more efficient. - // Reconfigure cluster to explicitly disable security - setting 'xpack.ml.enabled', 'false' - setting 'xpack.license.self_generated.type', 'basic' + if (!implicitlyDisabledSecurity) { setting 'xpack.security.enabled', 'false' - - restart() } - nonInputProperties.systemProperty 'tests.rest.cluster', "${-> testClusters.javaRestTest.getAllHttpSocketURI().join(",")}" } } -tasks.named("check").configure { dependsOn("javaRestTestWithSecurityDisabled") } tasks.register("javaRestTestWithSecurityEnabled", StandaloneRestIntegTestTask) { - mustRunAfter("javaRestTestWithSecurityDisabled") + mustRunAfter("javaRestTest") description = "Run tests against a cluster that has security enabled" dependsOn "javaRestTest" useCluster testClusters.javaRestTest diff --git a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java index 8e2223a3c9e4d..69e1c0bd91d32 100644 --- a/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java +++ b/x-pack/plugin/security/qa/basic-enable-security/src/javaRestTest/java/org/elasticsearch/xpack/security/EnableSecurityOnBasicLicenseIT.java @@ -97,7 +97,7 @@ public void testSecuritySetup() throws Exception { checkAllowedWrite("index_allowed"); // Security runs third, and should see the docs from the first two (non-security) runs // Security explicitly disabled runs second and should see the doc from the first (implicitly disabled) run - final int expectedIndexCount = securityEnabled ? 3 : securityExplicitlySet ? 2 : 1; + final int expectedIndexCount = securityEnabled ? 2 : 1; checkIndexCount("index_allowed", expectedIndexCount); final String otherIndex = "index_" + randomAlphaOfLengthBetween(2, 6).toLowerCase(Locale.ROOT);