github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-28 09:28:55 -04:00
Code Issues Projects Releases Packages Wiki Activity

Enable security in a number of logsdb and tsdb integration tests. (#128877)

Browse source 
This change enables security in a number of tsdb and logsdb integration tests. A number of java/yaml rest tests in logsdb module, additionally logsdb and tsdb rolling upgrade tests.

A recent bug (#128050) wouldn't have happened if logsdb rolling upgrade tests ran with security enabled.
This commit is contained in:
Martijn van Groningen 2025-06-04 16:23:25 +02:00 committed by GitHub
parent 213132392d
commit e23a5e7661
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 149 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/AbstractRollingUpgradeTestCase.java
View file

@ -45,6 +45,8 @@ public abstract class AbstractRollingUpgradeTestCase extends ParameterizedRollin
.setting("xpack.security.enabled", "false")
.feature(FeatureFlag.TIME_SERIES_MODE);
// Avoid triggering bogus assertion when serialized parsed mappings don't match with original mappings, because _source key is
// inconsistent
if (oldVersion.before(Version.fromString("8.18.0"))) {
cluster.jvmArg("-da:org.elasticsearch.index.mapper.DocumentMapper");
cluster.jvmArg("-da:org.elasticsearch.index.mapper.MapperService");

78
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/AbstractRollingUpgradeWithSecurityTestCase.java Normal file
View file

@ -0,0 +1,78 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/
package org.elasticsearch.upgrades;
import com.carrotsearch.randomizedtesting.annotations.Name;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.core.SuppressForbidden;
import org.elasticsearch.test.cluster.ElasticsearchCluster;
import org.elasticsearch.test.cluster.local.distribution.DistributionType;
import org.elasticsearch.test.cluster.util.Version;
import org.junit.ClassRule;
import org.junit.rules.RuleChain;
import org.junit.rules.TemporaryFolder;
import org.junit.rules.TestRule;
import java.util.function.Supplier;
public abstract class AbstractRollingUpgradeWithSecurityTestCase extends ParameterizedRollingUpgradeTestCase {
private static final String USER = "test_admin";
private static final String PASS = "x-pack-test-password";
private static final TemporaryFolder repoDirectory = new TemporaryFolder();
private static final ElasticsearchCluster cluster = buildCluster();
private static ElasticsearchCluster buildCluster() {
Version oldVersion = Version.fromString(OLD_CLUSTER_VERSION);
var cluster = ElasticsearchCluster.local()
.distribution(DistributionType.DEFAULT)
.version(getOldClusterTestVersion())
.nodes(NODE_NUM)
.user(USER, PASS)
.setting("xpack.security.autoconfiguration.enabled", "false")
.setting("path.repo", new Supplier<>() {
@Override
@SuppressForbidden(reason = "TemporaryFolder only has io.File methods, not nio.File")
public String get() {
return repoDirectory.getRoot().getPath();
}
});
// Avoid triggering bogus assertion when serialized parsed mappings don't match with original mappings, because _source key is
// inconsistent
if (oldVersion.before(Version.fromString("8.18.0"))) {
cluster.jvmArg("-da:org.elasticsearch.index.mapper.DocumentMapper");
cluster.jvmArg("-da:org.elasticsearch.index.mapper.MapperService");
}
return cluster.build();
}
@ClassRule
public static TestRule ruleChain = RuleChain.outerRule(repoDirectory).around(cluster);
protected AbstractRollingUpgradeWithSecurityTestCase(@Name("upgradedNodes") int upgradedNodes) {
super(upgradedNodes);
}
@Override
protected ElasticsearchCluster getUpgradeCluster() {
return cluster;
}
protected Settings restClientSettings() {
String token = basicAuthHeaderValue(USER, new SecureString(PASS.toCharArray()));
return Settings.builder().put(super.restClientSettings()).put(ThreadContext.PREFIX + ".Authorization", token).build();
}
}

2
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/DownsampleIT.java
View file

@ -25,7 +25,7 @@ import java.util.concurrent.TimeUnit;
import static org.hamcrest.Matchers.equalTo;
public class DownsampleIT extends AbstractRollingUpgradeTestCase {
public class DownsampleIT extends AbstractRollingUpgradeWithSecurityTestCase {
private static final String FIXED_INTERVAL = "1h";
private String index;

14
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/LogsIndexModeRollingUpgradeIT.java
View file

@ -15,8 +15,11 @@ import org.elasticsearch.client.Request;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.common.network.InetAddresses;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.time.DateFormatter;
import org.elasticsearch.common.time.FormatNames;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.test.cluster.ElasticsearchCluster;
import org.elasticsearch.test.cluster.local.distribution.DistributionType;
import org.hamcrest.Matcher;
@ -31,6 +34,9 @@ import java.util.function.Supplier;
public class LogsIndexModeRollingUpgradeIT extends AbstractRollingUpgradeTestCase {
private static final String USER = "test_admin";
private static final String PASS = "x-pack-test-password";
@ClassRule()
public static final ElasticsearchCluster cluster = ElasticsearchCluster.local()
.distribution(DistributionType.DEFAULT)
@ -39,7 +45,8 @@ public class LogsIndexModeRollingUpgradeIT extends AbstractRollingUpgradeTestCas
.module("mapper-extras")
.module("x-pack-aggregate-metric")
.module("x-pack-stack")
.setting("xpack.security.enabled", "false")
.setting("xpack.security.autoconfiguration.enabled", "false")
.user(USER, PASS)
.setting("xpack.license.self_generated.type", initTestSeed().nextBoolean() ? "trial" : "basic")
// We upgrade from standard to logsdb, so we need to start with logsdb disabled,
// then later cluster.logsdb.enabled gets set to true and next rollover data stream is in logsdb mode.
@ -56,6 +63,11 @@ public class LogsIndexModeRollingUpgradeIT extends AbstractRollingUpgradeTestCas
return cluster.getHttpAddresses();
}
protected Settings restClientSettings() {
String token = basicAuthHeaderValue(USER, new SecureString(PASS.toCharArray()));
return Settings.builder().put(super.restClientSettings()).put(ThreadContext.PREFIX + ".Authorization", token).build();
}
private static final String BULK_INDEX_REQUEST = """
{ "create": {} }
{ "@timestamp": "%s", "host.name": "%s", "method": "%s", "ip.address": "%s", "message": "%s" }

2
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/LogsUsageRollingUpgradeIT.java
View file

@ -23,7 +23,7 @@ import static org.hamcrest.Matchers.hasEntry;
import static org.hamcrest.Matchers.hasKey;
import static org.hamcrest.Matchers.not;
public class LogsUsageRollingUpgradeIT extends AbstractRollingUpgradeTestCase {
public class LogsUsageRollingUpgradeIT extends AbstractRollingUpgradeWithSecurityTestCase {
public LogsUsageRollingUpgradeIT(@Name("upgradedNodes") int upgradedNodes) {
super(upgradedNodes);

2
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/LogsdbIndexingRollingUpgradeIT.java
View file

@ -35,7 +35,7 @@ import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.notNullValue;
public class LogsdbIndexingRollingUpgradeIT extends AbstractRollingUpgradeTestCase {
public class LogsdbIndexingRollingUpgradeIT extends AbstractRollingUpgradeWithSecurityTestCase {
static String BULK_ITEM_TEMPLATE =
"""

2
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/NoLogsUsageRollingUpgradeIT.java
View file

@ -20,7 +20,7 @@ import static org.hamcrest.Matchers.hasEntry;
import static org.hamcrest.Matchers.hasKey;
import static org.hamcrest.Matchers.not;
public class NoLogsUsageRollingUpgradeIT extends AbstractRollingUpgradeTestCase {
public class NoLogsUsageRollingUpgradeIT extends AbstractRollingUpgradeWithSecurityTestCase {
public NoLogsUsageRollingUpgradeIT(@Name("upgradedNodes") int upgradedNodes) {
super(upgradedNodes);

2
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/ParameterizedRollingUpgradeTestCase.java
View file

@ -206,7 +206,7 @@ public abstract class ParameterizedRollingUpgradeTestCase extends ESRestTestCase
}
@Override
protected final Settings restClientSettings() {
protected Settings restClientSettings() {
return Settings.builder()
.put(super.restClientSettings())
// increase the timeout here to 90 seconds to handle long waits for a green

2
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/TsdbIT.java
View file

@ -24,7 +24,7 @@ import static org.elasticsearch.cluster.metadata.DataStreamTestHelper.backingInd
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasSize;
public class TsdbIT extends AbstractRollingUpgradeTestCase {
public class TsdbIT extends AbstractRollingUpgradeWithSecurityTestCase {
public TsdbIT(@Name("upgradedNodes") int upgradedNodes) {
super(upgradedNodes);

2
qa/rolling-upgrade/src/javaRestTest/java/org/elasticsearch/upgrades/TsdbIndexingRollingUpgradeIT.java
View file

@ -30,7 +30,7 @@ import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.notNullValue;
public class TsdbIndexingRollingUpgradeIT extends AbstractRollingUpgradeTestCase {
public class TsdbIndexingRollingUpgradeIT extends AbstractRollingUpgradeWithSecurityTestCase {
static String BULK_ITEM_TEMPLATE =
"""

13
x-pack/plugin/logsdb/src/javaRestTest/java/org/elasticsearch/xpack/logsdb/LogsdbRestIT.java
View file

@ -9,9 +9,11 @@ package org.elasticsearch.xpack.logsdb;
import org.elasticsearch.client.Request;
import org.elasticsearch.cluster.metadata.IndexMetadata;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.time.DateFormatter;
import org.elasticsearch.common.time.FormatNames;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.support.XContentMapValues;
import org.elasticsearch.index.IndexSettings;
import org.elasticsearch.test.cluster.ElasticsearchCluster;
@ -30,10 +32,14 @@ import static org.hamcrest.Matchers.equalTo;
public class LogsdbRestIT extends ESRestTestCase {
private static final String USER = "test_admin";
private static final String PASS = "x-pack-test-password";
@ClassRule
public static ElasticsearchCluster cluster = ElasticsearchCluster.local()
.distribution(DistributionType.DEFAULT)
.setting("xpack.security.enabled", "false")
.user(USER, PASS, "superuser", false)
.setting("xpack.security.autoconfiguration.enabled", "false")
.setting("xpack.license.self_generated.type", "trial")
.build();
@ -42,6 +48,11 @@ public class LogsdbRestIT extends ESRestTestCase {
return cluster.getHttpAddresses();
}
protected Settings restClientSettings() {
String token = basicAuthHeaderValue(USER, new SecureString(PASS.toCharArray()));
return Settings.builder().put(super.restClientSettings()).put(ThreadContext.PREFIX + ".Authorization", token).build();
}
public void testFeatureUsageWithLogsdbIndex() throws IOException {
{
if (randomBoolean()) {

12
x-pack/plugin/logsdb/src/javaRestTest/java/org/elasticsearch/xpack/logsdb/LogsdbSnapshotRestoreIT.java
View file

@ -11,9 +11,11 @@ import org.apache.http.client.methods.HttpPut;
import org.elasticsearch.client.Request;
import org.elasticsearch.client.Response;
import org.elasticsearch.common.network.InetAddresses;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.time.DateFormatter;
import org.elasticsearch.common.time.FormatNames;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.core.SuppressForbidden;
import org.elasticsearch.repositories.fs.FsRepository;
@ -46,11 +48,14 @@ import static org.hamcrest.Matchers.hasSize;
public class LogsdbSnapshotRestoreIT extends ESRestTestCase {
private static TemporaryFolder repoDirectory = new TemporaryFolder();
private static final String USER = "test_admin";
private static final String PASS = "x-pack-test-password";
private static ElasticsearchCluster cluster = ElasticsearchCluster.local()
.distribution(DistributionType.DEFAULT)
.setting("path.repo", () -> getRepoPath())
.setting("xpack.security.enabled", "false")
.user(USER, PASS)
.setting("xpack.security.autoconfiguration.enabled", "false")
.setting("xpack.license.self_generated.type", "trial")
.build();
@ -131,6 +136,11 @@ public class LogsdbSnapshotRestoreIT extends ESRestTestCase {
return cluster.getHttpAddresses();
}
protected Settings restClientSettings() {
String token = basicAuthHeaderValue(USER, new SecureString(PASS.toCharArray()));
return Settings.builder().put(super.restClientSettings()).put(ThreadContext.PREFIX + ".Authorization", token).build();
}
public void testSnapshotRestore() throws Exception {
snapshotAndRestore("synthetic", "object", false);
}

14
x-pack/plugin/logsdb/src/javaRestTest/java/org/elasticsearch/xpack/logsdb/qa/AbstractChallengeRestTest.java
View file

@ -12,7 +12,9 @@ import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.common.CheckedSupplier;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.core.CheckedConsumer;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.search.builder.SearchSourceBuilder;
@ -30,6 +32,10 @@ import java.util.List;
import java.util.function.Supplier;
public abstract class AbstractChallengeRestTest extends ESRestTestCase {
private static final String USER = "test_admin";
private static final String PASS = "x-pack-test-password";
private final String baselineDataStreamName;
private final String contenderDataStreamName;
private final String baselineTemplateName;
@ -48,7 +54,8 @@ public abstract class AbstractChallengeRestTest extends ESRestTestCase {
.distribution(DistributionType.DEFAULT)
.module("data-streams")
.module("x-pack-stack")
.setting("xpack.security.enabled", "false")
.user(USER, PASS)
.setting("xpack.security.autoconfiguration.enabled", "false")
.setting("xpack.license.self_generated.type", "trial")
.setting("cluster.logsdb.enabled", "true")
.build();
@ -58,6 +65,11 @@ public abstract class AbstractChallengeRestTest extends ESRestTestCase {
return cluster.getHttpAddresses();
}
protected Settings restClientSettings() {
String token = basicAuthHeaderValue(USER, new SecureString(PASS.toCharArray()));
return Settings.builder().put(super.restClientSettings()).put(ThreadContext.PREFIX + ".Authorization", token).build();
}
public AbstractChallengeRestTest(
final String baselineDataStreamName,
final String contenderDataStreamName,

14
x-pack/plugin/logsdb/src/yamlRestTest/java/org/elasticsearch/xpack/logsdb/LogsdbTestSuiteIT.java
View file

@ -10,6 +10,9 @@ package org.elasticsearch.xpack.logsdb;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.test.cluster.ElasticsearchCluster;
import org.elasticsearch.test.cluster.FeatureFlag;
import org.elasticsearch.test.cluster.local.distribution.DistributionType;
@ -19,10 +22,14 @@ import org.junit.ClassRule;
public class LogsdbTestSuiteIT extends ESClientYamlSuiteTestCase {
private static final String USER = "test_admin";
private static final String PASS = "x-pack-test-password";
@ClassRule
public static final ElasticsearchCluster cluster = ElasticsearchCluster.local()
.distribution(DistributionType.DEFAULT)
.setting("xpack.security.enabled", "false")
.user(USER, PASS, "superuser", false)
.setting("xpack.security.autoconfiguration.enabled", "false")
.setting("xpack.license.self_generated.type", "trial")
.feature(FeatureFlag.DOC_VALUES_SKIPPER)
.feature(FeatureFlag.USE_LUCENE101_POSTINGS_FORMAT)
@ -42,4 +49,9 @@ public class LogsdbTestSuiteIT extends ESClientYamlSuiteTestCase {
return cluster.getHttpAddresses();
}
protected Settings restClientSettings() {
String token = basicAuthHeaderValue(USER, new SecureString(PASS.toCharArray()));
return Settings.builder().put(super.restClientSettings()).put(ThreadContext.PREFIX + ".Authorization", token).build();
}
}