diff --git a/bwc-test/build.gradle b/bwc-test/build.gradle index cc5e6925cd..9aa6eaf2c0 100644 --- a/bwc-test/build.gradle +++ b/bwc-test/build.gradle @@ -142,7 +142,7 @@ def String extractVersion(versionStr) { node.setting("plugins.security.ssl.http.pemtrustedcas_filepath", "root-ca.pem") node.setting("plugins.security.allow_unsafe_democertificates", "true") node.setting("plugins.security.allow_default_init_securityindex", "true") - node.setting("plugins.security.authcz.admin_dn", "CN=kirk,OU=client,O=client,L=test,C=de") + node.setting("plugins.security.authcz.admin_dn", "\n - CN=kirk,OU=client,O=client,L=test,C=de") node.setting("plugins.security.audit.type", "internal_opensearch") node.setting("plugins.security.enable_snapshot_restore_privilege", "true") node.setting("plugins.security.check_snapshot_restore_write_privileges", "true") diff --git a/bwc-test/settings.gradle b/bwc-test/settings.gradle deleted file mode 100644 index 44118444c3..0000000000 --- a/bwc-test/settings.gradle +++ /dev/null @@ -1,7 +0,0 @@ -/* - * This file was generated by the Gradle 'init' task. - * - * This project uses @Incubating APIs which are subject to change. - */ - -rootProject.name = 'bwc-test' diff --git a/bwc-test/src/test/java/org/opensearch/security/bwc/SecurityBackwardsCompatibilityIT.java b/bwc-test/src/test/java/org/opensearch/security/bwc/SecurityBackwardsCompatibilityIT.java index 1a72eb7d7c..483134db10 100644 --- a/bwc-test/src/test/java/org/opensearch/security/bwc/SecurityBackwardsCompatibilityIT.java +++ b/bwc-test/src/test/java/org/opensearch/security/bwc/SecurityBackwardsCompatibilityIT.java @@ -8,10 +8,14 @@ package org.opensearch.security.bwc; import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.nio.file.Path; import java.util.HashMap; import java.util.List; import java.util.Locale; import java.util.Map; +import java.util.Objects; import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; @@ -38,10 +42,12 @@ import org.opensearch.client.RestClient; import org.opensearch.client.RestClientBuilder; import org.opensearch.common.Randomness; +import org.opensearch.common.io.PathUtils; import org.opensearch.common.settings.Settings; import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.common.util.io.IOUtils; import org.opensearch.common.xcontent.support.XContentMapValues; +import org.opensearch.commons.rest.SecureRestClientBuilder; import org.opensearch.security.bwc.helper.RestHelper; import org.opensearch.test.rest.OpenSearchRestTestCase; @@ -51,6 +57,7 @@ import static org.hamcrest.Matchers.hasKey; import static org.hamcrest.Matchers.is; + public class SecurityBackwardsCompatibilityIT extends OpenSearchRestTestCase { private ClusterType CLUSTER_TYPE; @@ -113,6 +120,19 @@ protected final Settings restClientSettings() { .build(); } + @Override + protected Settings restAdminSettings() { + return Settings.builder() + .put("http.port", 9200) + .put("plugins.security.ssl.http.enabled", true) + // this is incorrect on common-utils side. It should be using `pemtrustedcas_filepath` + .put("plugins.security.ssl.http.pemcert_filepath", "sample.pem") + .put("plugins.security.ssl.http.keystore_filepath", "test-kirk.jks") + .put("plugins.security.ssl.http.keystore_password", "changeit") + .put("plugins.security.ssl.http.keystore_keypassword", "changeit") + .build(); + } + protected RestClient buildClient(Settings settings, HttpHost[] hosts, String username, String password) { RestClientBuilder builder = RestClient.builder(hosts); configureHttpsClient(builder, settings, username, password); @@ -122,7 +142,18 @@ protected RestClient buildClient(Settings settings, HttpHost[] hosts, String use } @Override - protected RestClient buildClient(Settings settings, HttpHost[] hosts) { + protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { + String keystore = settings.get("plugins.security.ssl.http.keystore_filepath"); + if (Objects.nonNull(keystore)) { + URI uri = null; + try { + uri = this.getClass().getClassLoader().getResource("security/test-kirk.jks").toURI(); + } catch (URISyntaxException e) { + throw new RuntimeException(e); + } + Path configPath = PathUtils.get(uri).getParent().toAbsolutePath(); + return new SecureRestClientBuilder(settings, configPath, hosts).build(); + } String username = Optional.ofNullable(System.getProperty("tests.opensearch.username")) .orElseThrow(() -> new RuntimeException("user name is missing")); String password = Optional.ofNullable(System.getProperty("tests.opensearch.password")) @@ -185,6 +216,16 @@ public void testDataIngestionAndSearchBackwardsCompatibility() throws Exception searchMatchAll(index); } + public void testDebugCertInfo() throws Exception { + Response response = RestHelper.makeRequest( + adminClient(), + "GET", + "_plugins/_security/api/certificates", + null + ); + assertEquals("SSL certs info endpoint should return 200", 200, response.getStatusLine().getStatusCode()); + } + public void testNodeStats() throws IOException { List responses = RestHelper.requestAgainstAllNodes(client(), "GET", "_nodes/stats", null); responses.forEach(r -> assertThat(r.getStatusLine().getStatusCode(), is(200))); diff --git a/settings.gradle b/settings.gradle index 1c3e7ff5aa..745b68fc2c 100644 --- a/settings.gradle +++ b/settings.gradle @@ -5,3 +5,6 @@ */ rootProject.name = 'opensearch-security' + +include "bwc-test" +project(":bwc-test").name = rootProject.name + "-bwc-test" \ No newline at end of file