forked from opensearch-project/sql
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Signed-off-by: Heemin Kim <heemin@amazon.com>
- Loading branch information
Showing
3 changed files
with
163 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
160 changes: 160 additions & 0 deletions
160
src/test/java/org/opensearch/geospatial/OpenSearchSecureRestTestCase.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,160 @@ | ||
| /* | ||
| * SPDX-License-Identifier: Apache-2.0 | ||
| * | ||
| * The OpenSearch Contributors require contributions made to | ||
| * this file be licensed under the Apache-2.0 license or a | ||
| * compatible open source license. | ||
| */ | ||
|
|
||
| package org.opensearch.geospatial; | ||
|
|
||
| import java.io.IOException; | ||
| import java.util.*; | ||
| import java.util.stream.Collectors; | ||
|
|
||
| import org.apache.http.Header; | ||
| import org.apache.http.HttpHost; | ||
| import org.apache.http.auth.AuthScope; | ||
| import org.apache.http.auth.UsernamePasswordCredentials; | ||
| import org.apache.http.client.CredentialsProvider; | ||
| import org.apache.http.conn.ssl.NoopHostnameVerifier; | ||
| import org.apache.http.impl.client.BasicCredentialsProvider; | ||
| import org.apache.http.message.BasicHeader; | ||
| import org.apache.http.ssl.SSLContextBuilder; | ||
| import org.junit.After; | ||
| import org.opensearch.client.Request; | ||
| import org.opensearch.client.Response; | ||
| import org.opensearch.client.RestClient; | ||
| import org.opensearch.client.RestClientBuilder; | ||
| import org.opensearch.common.settings.Settings; | ||
| import org.opensearch.common.unit.TimeValue; | ||
| import org.opensearch.common.util.concurrent.ThreadContext; | ||
| import org.opensearch.common.xcontent.DeprecationHandler; | ||
| import org.opensearch.common.xcontent.NamedXContentRegistry; | ||
| import org.opensearch.common.xcontent.XContentParser; | ||
| import org.opensearch.common.xcontent.XContentType; | ||
| import org.opensearch.test.rest.OpenSearchRestTestCase; | ||
|
|
||
| /** | ||
| * Integration test base class to support both security disabled and enabled OpenSearch cluster. | ||
| */ | ||
| public abstract class OpenSearchSecureRestTestCase extends OpenSearchRestTestCase { | ||
| private static final String PROTOCOL_HTTP = "http"; | ||
| private static final String PROTOCOL_HTTPS = "https"; | ||
| private static final String SYS_PROPERTY_KEY_HTTPS = "https"; | ||
| private static final String SYS_PROPERTY_KEY_CLUSTER_ENDPOINT = "tests.rest.cluster"; | ||
| private static final String SYS_PROPERTY_KEY_USER = "user"; | ||
| private static final String SYS_PROPERTY_KEY_PASSWORD = "password"; | ||
| private static final String DEFAULT_SOCKET_TIMEOUT = "60s"; | ||
| private static final String INTERNAL_INDICES_PREFIX = "."; | ||
| private static String protocol; | ||
|
|
||
| @Override | ||
| protected String getProtocol() { | ||
| if (protocol == null) { | ||
| protocol = readProtocolFromSystemProperty(); | ||
| } | ||
| return protocol; | ||
| } | ||
|
|
||
| private String readProtocolFromSystemProperty() { | ||
| boolean isHttps = Optional.ofNullable(System.getProperty(SYS_PROPERTY_KEY_HTTPS)).map("true"::equalsIgnoreCase).orElse(false); | ||
| if (!isHttps) { | ||
| return PROTOCOL_HTTP; | ||
| } | ||
|
|
||
| // currently only external cluster is supported for security enabled testing | ||
| if (Optional.ofNullable(System.getProperty(SYS_PROPERTY_KEY_CLUSTER_ENDPOINT)).isEmpty()) { | ||
| throw new RuntimeException("cluster url should be provided for security enabled testing"); | ||
| } | ||
| return PROTOCOL_HTTPS; | ||
| } | ||
|
|
||
| @Override | ||
| protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { | ||
| RestClientBuilder builder = RestClient.builder(hosts); | ||
| if (PROTOCOL_HTTPS.equals(getProtocol())) { | ||
| configureHttpsClient(builder, settings); | ||
| } else { | ||
| configureClient(builder, settings); | ||
| } | ||
|
|
||
| return builder.build(); | ||
| } | ||
|
|
||
| private void configureHttpsClient(RestClientBuilder builder, Settings settings) { | ||
| Map<String, String> headers = ThreadContext.buildDefaultHeaders(settings); | ||
| Header[] defaultHeaders = new Header[headers.size()]; | ||
| int i = 0; | ||
| for (Map.Entry<String, String> entry : headers.entrySet()) { | ||
| defaultHeaders[i++] = new BasicHeader(entry.getKey(), entry.getValue()); | ||
| } | ||
| builder.setDefaultHeaders(defaultHeaders); | ||
| builder.setHttpClientConfigCallback(httpClientBuilder -> { | ||
| String userName = Optional.ofNullable(System.getProperty(SYS_PROPERTY_KEY_USER)) | ||
| .orElseThrow(() -> new RuntimeException("user name is missing")); | ||
| String password = Optional.ofNullable(System.getProperty(SYS_PROPERTY_KEY_PASSWORD)) | ||
| .orElseThrow(() -> new RuntimeException("password is missing")); | ||
| CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); | ||
| credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(userName, password)); | ||
| try { | ||
| return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider) | ||
| // disable the certificate since our testing cluster just uses the default security configuration | ||
| .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) | ||
| .setSSLContext(SSLContextBuilder.create().loadTrustMaterial(null, (chains, authType) -> true).build()); | ||
| } catch (Exception e) { | ||
| throw new RuntimeException(e); | ||
| } | ||
| }); | ||
|
|
||
| final String socketTimeoutString = settings.get(CLIENT_SOCKET_TIMEOUT); | ||
| final TimeValue socketTimeout = TimeValue.parseTimeValue( | ||
| socketTimeoutString == null ? DEFAULT_SOCKET_TIMEOUT : socketTimeoutString, | ||
| CLIENT_SOCKET_TIMEOUT | ||
| ); | ||
| builder.setRequestConfigCallback(conf -> conf.setSocketTimeout(Math.toIntExact(socketTimeout.getMillis()))); | ||
| if (settings.hasValue(CLIENT_PATH_PREFIX)) { | ||
| builder.setPathPrefix(settings.get(CLIENT_PATH_PREFIX)); | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * wipeAllIndices won't work since it cannot delete security index. Use deleteExternalIndices instead. | ||
| */ | ||
| @Override | ||
| protected boolean preserveIndicesUponCompletion() { | ||
| return true; | ||
| } | ||
|
|
||
| @After | ||
| public void deleteExternalIndices() throws IOException { | ||
| Response response = client().performRequest(new Request("GET", "/_cat/indices?format=json&expand_wildcards=all")); | ||
| XContentType xContentType = XContentType.fromMediaType(response.getEntity().getContentType().getValue()); | ||
| try ( | ||
| XContentParser parser = xContentType.xContent() | ||
| .createParser( | ||
| NamedXContentRegistry.EMPTY, | ||
| DeprecationHandler.THROW_UNSUPPORTED_OPERATION, | ||
| response.getEntity().getContent() | ||
| ) | ||
| ) { | ||
| XContentParser.Token token = parser.nextToken(); | ||
| List<Map<String, Object>> parserList; | ||
| if (token == XContentParser.Token.START_ARRAY) { | ||
| parserList = parser.listOrderedMap().stream().map(obj -> (Map<String, Object>) obj).collect(Collectors.toList()); | ||
| } else { | ||
| parserList = Collections.singletonList(parser.mapOrdered()); | ||
| } | ||
|
|
||
| List<String> externalIndices = parserList.stream() | ||
| .map(index -> (String) index.get("index")) | ||
| .filter(indexName -> indexName != null) | ||
| .filter(indexName -> !indexName.startsWith(INTERNAL_INDICES_PREFIX)) | ||
| .collect(Collectors.toList()); | ||
|
|
||
| for (String indexName : externalIndices) { | ||
| adminClient().performRequest(new Request("DELETE", "/" + indexName)); | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters