Convert ServiceAccountIT to new test clusters framework (#92604) (#92886

)

test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/LocalClusterHandle.java

@@ -152,13 +152,34 @@ private WaitForHttpResource configureWaitForReady() throws MalformedURLException
         User credentials = node.getSpec().getUsers().get(0);
         wait.setUsername(credentials.getUsername());
         wait.setPassword(credentials.getPassword());
-        if (securityAutoConfigured) {
+        if (sslEnabled) {
+            configureWaitSecurity(wait, node);
+        } else if (securityAutoConfigured) {
             wait.setCertificateAuthorities(node.getWorkingDir().resolve("config/certs/http_ca.crt").toFile());
         }
 
         return wait;
     }
 
+    private void configureWaitSecurity(WaitForHttpResource wait, Node node) {
+        String caFile = node.getSpec().getSetting("xpack.security.http.ssl.certificate_authorities", null);
+        if (caFile != null) {
+            wait.setCertificateAuthorities(node.getWorkingDir().resolve("config").resolve(caFile).toFile());
+        }
+        String sslCertFile = node.getSpec().getSetting("xpack.security.http.ssl.certificate", null);
+        if (sslCertFile != null) {
+            wait.setCertificateAuthorities(node.getWorkingDir().resolve("config").resolve(sslCertFile).toFile());
+        }
+        String sslKeystoreFile = node.getSpec().getSetting("xpack.security.http.ssl.keystore.path", null);
+        if (sslKeystoreFile != null && caFile == null) { // Can not set both trust stores and CA
+            wait.setTrustStoreFile(node.getWorkingDir().resolve("config").resolve(sslKeystoreFile).toFile());
+        }
+        String keystorePassword = node.getSpec().getSetting("xpack.security.http.ssl.keystore.secure_password", null);
+        if (keystorePassword != null) {
+            wait.setTrustStorePassword(keystorePassword);
+        }
+    }
+
     private boolean isSecurityAutoConfigured(Node node) {
         Path configFile = node.getWorkingDir().resolve("config").resolve("elasticsearch.yml");
         try (Stream<String> lines = Files.lines(configFile)) {

test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/LocalClusterSpec.java

@@ -161,8 +161,20 @@ public boolean isSecurityEnabled() {
             );
         }
 
+        /**
+         * Return node configured setting or the provided default if no explicit value has been configured. This method returns all
+         * settings, to include security settings provided to the keystore
+         *
+         * @param setting the setting name
+         * @param defaultValue a default value
+         * @return the configured setting value or provided default
+         */
         public String getSetting(String setting, String defaultValue) {
-            return resolveSettings().getOrDefault(setting, defaultValue);
+            Map<String, String> allSettings = new HashMap<>();
+            allSettings.putAll(resolveSettings());
+            allSettings.putAll(keystoreSettings);
+
+            return allSettings.getOrDefault(setting, defaultValue);
         }
 
         /**

x-pack/plugin/security/qa/service-account/build.gradle

@@ -1,44 +1,8 @@
-apply plugin: 'elasticsearch.legacy-java-rest-test'
+apply plugin: 'elasticsearch.internal-java-rest-test'
 
 dependencies {
   javaRestTestImplementation project(':x-pack:plugin:core')
   javaRestTestImplementation project(':client:rest-high-level')
   javaRestTestImplementation project(':x-pack:plugin:security')
-}
-
-testClusters.matching { it.name == 'javaRestTest' }.configureEach {
-  testDistribution = 'DEFAULT'
-  numberOfNodes = 2
-
-  extraConfigFile 'node.key', file('src/javaRestTest/resources/ssl/node.key')
-  extraConfigFile 'node.crt', file('src/javaRestTest/resources/ssl/node.crt')
-  extraConfigFile 'ca.crt', file('src/javaRestTest/resources/ssl/ca.crt')
-  extraConfigFile 'service_tokens', file('src/javaRestTest/resources/service_tokens')
-
-  setting 'xpack.ml.enabled', 'false'
-  setting 'xpack.license.self_generated.type', 'trial'
-
-  setting 'xpack.security.enabled', 'true'
-  setting 'xpack.security.authc.token.enabled', 'true'
-  setting 'xpack.security.authc.api_key.enabled', 'true'
-
-  setting 'xpack.security.http.ssl.enabled', 'true'
-  setting 'xpack.security.http.ssl.certificate', 'node.crt'
-  setting 'xpack.security.http.ssl.key', 'node.key'
-  setting 'xpack.security.http.ssl.certificate_authorities', 'ca.crt'
-
-  setting 'xpack.security.transport.ssl.enabled', 'true'
-  setting 'xpack.security.transport.ssl.certificate', 'node.crt'
-  setting 'xpack.security.transport.ssl.key', 'node.key'
-  setting 'xpack.security.transport.ssl.certificate_authorities', 'ca.crt'
-  setting 'xpack.security.transport.ssl.verification_mode', 'certificate'
-
-  keystore 'bootstrap.password', 'x-pack-test-password'
-  keystore 'xpack.security.transport.ssl.secure_key_passphrase', 'node-password'
-  keystore 'xpack.security.http.ssl.secure_key_passphrase', 'node-password'
-
-  rolesFile file('src/javaRestTest/resources/roles.yml')
-  user username: "test_admin", password: 'x-pack-test-password'
-  user username: "elastic/fleet-server", password: 'x-pack-test-password', role: "superuser"
-  user username: "service_account_manager", password: 'x-pack-test-password', role: "service_account_manager"
+  clusterModules(project(":modules:analysis-common"))
 }

x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java

@@ -19,13 +19,16 @@
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.common.xcontent.XContentHelper;
 import org.elasticsearch.core.PathUtils;
+import org.elasticsearch.test.cluster.ElasticsearchCluster;
+import org.elasticsearch.test.cluster.util.resource.Resource;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.xcontent.ToXContent;
 import org.elasticsearch.xcontent.XContentType;
 import org.elasticsearch.xcontent.json.JsonXContent;
 import org.elasticsearch.xpack.core.security.authz.store.ReservedRolesStore;
 import org.elasticsearch.xpack.core.security.user.KibanaSystemUser;
 import org.junit.BeforeClass;
+import org.junit.ClassRule;
 
 import java.io.FileNotFoundException;
 import java.io.IOException;
@@ -197,6 +200,36 @@ public class ServiceAccountIT extends ESRestTestCase {
             }
         }""";
 
+    @ClassRule
+    public static ElasticsearchCluster cluster = ElasticsearchCluster.local()
+        .nodes(2)
+        .module("analysis-common")
+        .setting("xpack.license.self_generated.type", "trial")
+        .setting("xpack.security.enabled", "true")
+        .setting("xpack.security.authc.token.enabled", "true")
+        .setting("xpack.security.authc.api_key.enabled", "true")
+        .setting("xpack.security.http.ssl.enabled", "true")
+        .setting("xpack.security.http.ssl.certificate", "node.crt")
+        .setting("xpack.security.http.ssl.key", "node.key")
+        .setting("xpack.security.http.ssl.certificate_authorities", "ca.crt")
+        .setting("xpack.security.transport.ssl.enabled", "true")
+        .setting("xpack.security.transport.ssl.certificate", "node.crt")
+        .setting("xpack.security.transport.ssl.key", "node.key")
+        .setting("xpack.security.transport.ssl.certificate_authorities", "ca.crt")
+        .setting("xpack.security.transport.ssl.verification_mode", "certificate")
+        .keystore("bootstrap.password", "x-pack-test-password")
+        .keystore("xpack.security.transport.ssl.secure_key_passphrase", "node-password")
+        .keystore("xpack.security.http.ssl.secure_key_passphrase", "node-password")
+        .configFile("node.key", Resource.fromClasspath("ssl/node.key"))
+        .configFile("node.crt", Resource.fromClasspath("ssl/node.crt"))
+        .configFile("ca.crt", Resource.fromClasspath("ssl/ca.crt"))
+        .configFile("service_tokens", Resource.fromClasspath("service_tokens"))
+        .rolesFile(Resource.fromClasspath("roles.yml"))
+        .user("test_admin", "x-pack-test-password")
+        .user("elastic/fleet-server", "x-pack-test-password", "superuser")
+        .user("service_account_manager", "x-pack-test-password", "service_account_manager")
+        .build();
+
     @BeforeClass
     public static void init() throws URISyntaxException, FileNotFoundException {
         URL resource = ServiceAccountIT.class.getResource("/ssl/ca.crt");
@@ -206,6 +239,11 @@ public static void init() throws URISyntaxException, FileNotFoundException {
         caPath = PathUtils.get(resource.toURI());
     }
 
+    @Override
+    protected String getTestRestCluster() {
+        return cluster.getHttpAddresses();
+    }
+
     @Override
     protected String getProtocol() {
         // Because http.ssl.enabled = true
@@ -574,6 +612,6 @@ private void assertNodesCredentials(Map<String, Object> responseMap) {
         final Map<String, Object> fileTokens = (Map<String, Object>) nodes.get("file_tokens");
         assertThat(fileTokens, hasKey("token1"));
         final Map<String, Object> token1 = (Map<String, Object>) fileTokens.get("token1");
-        assertThat((List<String>) token1.get("nodes"), equalTo(List.of("javaRestTest-0", "javaRestTest-1")));
+        assertThat((List<String>) token1.get("nodes"), equalTo(List.of("test-cluster-0", "test-cluster-1")));
     }
 }