Run IT tests with security plugin #335
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Yury-Fridlyand
requested review from
MaxKsyunz,
forestmvey,
acarbonetto and
GumpacG
as code owners
MitchellGale
reviewed
Aug 8, 2023
peternied
reviewed
Aug 9, 2023
| @@ -57,6 +60,20 @@ ext { | |||
| projectSubstitutions = [:] | |||
| licenseFile = rootProject.file('LICENSE.TXT') | |||
| noticeFile = rootProject.file('NOTICE') | |||
|
|
|||
| getSecurityPluginDownloadLink = { -> | |||
| var repo = "https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/" + | |||
There was a problem hiding this comment.
The Security Plugin maintainers (myself included) have had trouble with build breaks and fixing them in a timely manner - it would be unfortunate for your integration tests to be flaky due to downstream issues. This isn't an issue with release builds with the trade-off of longer time between updates.
integ-test/build.gradle
Outdated
| setting 'plugins.security.ssl.transport.enforce_hostname_verification', 'false' | ||
| // https is disabled, because `OpenSearchCluster` is hardcoded to validate cluster health by http | ||
| // refer how IT framework implemented in security plugin and reuse/copy to activate https | ||
| setting 'plugins.security.ssl.http.enabled', 'false' |
There was a problem hiding this comment.
There are some features of the security plugin - such as being able to make changes to the security configuration dynamically that will not be possible with this setting disabled. Depends if your tests will ever need to exercise that kind of functionality.
There was a problem hiding this comment.
This issue was raised because Release testing runs IT tests with the security plugin. If we can catch errors early, we can avoid blocking release.
acarbonetto
reviewed
Aug 9, 2023
integ-test/build.gradle
Outdated
| setting 'plugins.security.ssl.transport.enforce_hostname_verification', 'false' | ||
| // https is disabled, because `OpenSearchCluster` is hardcoded to validate cluster health by http | ||
| // refer how IT framework implemented in security plugin and reuse/copy to activate https | ||
| setting 'plugins.security.ssl.http.enabled', 'false' |
There was a problem hiding this comment.
This issue was raised because Release testing runs IT tests with the security plugin. If we can catch errors early, we can avoid blocking release.
integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java
Show resolved
Hide resolved
Yury-Fridlyand
force-pushed
the
dev-IT-with-security
branch
from
58c5c1f to
90f2873
Compare
GumpacG
approved these changes
Aug 14, 2023
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com>
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com>
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
Yury-Fridlyand
force-pushed
the
dev-IT-with-security
branch
from
9277659 to
e25e7af
Compare
acarbonetto
approved these changes
Aug 16, 2023
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
acarbonetto
approved these changes
Aug 17, 2023
integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java
Show resolved
Hide resolved
integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java
Show resolved
Hide resolved
integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java
Show resolved
Hide resolved
Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
Codecov Report
@@ Coverage Diff @@
## integ-IT-with-security #335 +/- ##
=========================================================
Coverage 97.51% 97.51%
Complexity 4657 4657
=========================================================
Files 408 408
Lines 11933 11933
Branches 829 829
=========================================================
Hits 11637 11637
Misses 289 289
Partials 7 7
Flags with carried forward coverage won't be shown. Click here to find out more. 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
6 tasks
6 tasks
MitchellGale
pushed a commit
that referenced
this pull request
Aug 21, 2023
* Run IT tests with security plugin (#335) * Add extra IT flow. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Remove unneeded files. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Typo fix. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Fix GHA matrix syntax. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Fix GHA matrix syntax. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Code clean up. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Optimize downloading. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Apply suggestions from code review Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com> * Update integ-test/build.gradle Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com> * Typo fix. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Rework implementation. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Address PR review. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Address PR feedback + some fixes. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> --------- Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com> * Minor fix. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Address PR feedback. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Typo fix. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> --------- Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com>
Yury-Fridlyand
added a commit
that referenced
this pull request
Aug 23, 2023
* Run IT tests with security plugin (#335) * Add extra IT flow. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Remove unneeded files. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Typo fix. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Fix GHA matrix syntax. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Fix GHA matrix syntax. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Code clean up. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Optimize downloading. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Apply suggestions from code review Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com> * Update integ-test/build.gradle Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com> * Typo fix. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Rework implementation. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Address PR review. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Address PR feedback + some fixes. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> --------- Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com> * Minor fix. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Address PR feedback. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Typo fix. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> --------- Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com> (cherry picked from commit 7e3a718) Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
5 tasks
normanj-bitquill
pushed a commit
that referenced
this pull request
Oct 25, 2024
…pensearch-project#2022) * Run IT tests with security plugin (#335) * Add extra IT flow. * Remove unneeded files. * Typo fix. * Fix GHA matrix syntax. * Fix GHA matrix syntax. * Code clean up. * Optimize downloading. * Apply suggestions from code review * Update integ-test/build.gradle * Typo fix. * Rework implementation. * Address PR review. * Address PR feedback + some fixes. --------- * Minor fix. * Address PR feedback. * Typo fix. --------- (cherry picked from commit 7e3a718) Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Andrew Carbonetto <andrewc@bitquilltech.com>
andy-k-improving
pushed a commit
that referenced
this pull request
Nov 16, 2024
* Implement creation of ip2geo feature (#257) * Update gradle version to 7.6 (#265) Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> * Implement creation of ip2geo feature * Implementation of ip2geo datasource creation * Implementation of ip2geo processor creation Signed-off-by: Heemin Kim <heemin@amazon.com> --------- Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> Signed-off-by: Heemin Kim <heemin@amazon.com> Co-authored-by: Vijayan Balasubramanian <balasvij@amazon.com> * Added unit tests with some refactoring of codes (#271) * Add Unit tests * Set cache true for search query * Remove in memory cache implementation (Two way door decision) * Relying on search cache without custom cache * Renamed datasource state from FAILED to CREATE_FAILED * Renamed class name from *Helper to *Facade * Changed updateIntervalInDays to updateInterval * Changed value type of default update_interval from TimeValue to Long * Read setting value from cluster settings directly Signed-off-by: Heemin Kim <heemin@amazon.com> * Sync from main (#280) * Update gradle version to 7.6 (#265) Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> * Exclude lombok generated code from jacoco coverage report (#268) Signed-off-by: Heemin Kim <heemin@amazon.com> * Make jacoco report to be generated faster in local (#267) Signed-off-by: Heemin Kim <heemin@amazon.com> * Update dependency org.json:json to v20230227 (#273) Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com> * Baseline owners and maintainers (#275) Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> --------- Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> Signed-off-by: Heemin Kim <heemin@amazon.com> Co-authored-by: Vijayan Balasubramanian <balasvij@amazon.com> Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com> * Add datasource name validation (#281) Signed-off-by: Heemin Kim <heemin@amazon.com> * Refactoring of code (#282) 1. Change variable name from datasourceName to name 2. Change variable name from id to name 3. Added helper methods in test code Signed-off-by: Heemin Kim <heemin@amazon.com> * Change field name from md5 to sha256 (#285) Signed-off-by: Heemin Kim <heemin@amazon.com> * Implement get datasource api (#279) Signed-off-by: Heemin Kim <heemin@amazon.com> * Update index option (#284) 1. Make geodata index as hidden 2. Make geodata index as read only allow delete after creation is done 3. Refresh datasource index immediately after update Signed-off-by: Heemin Kim <heemin@amazon.com> * Make some fields in manifest file as mandatory (#289) Signed-off-by: Heemin Kim <heemin@amazon.com> * Create datasource index explicitly (#283) Signed-off-by: Heemin Kim <heemin@amazon.com> * Add wrapper class of job scheduler lock service (#290) Signed-off-by: Heemin Kim <heemin@amazon.com> * Remove all unused client attributes (#293) Signed-off-by: Heemin Kim <heemin@amazon.com> * Update copyright header (#298) Signed-off-by: Heemin Kim <heemin@amazon.com> * Run system index handling code with stashed thread context (#297) Signed-off-by: Heemin Kim <heemin@amazon.com> * Reduce lock duration and renew the lock during update (#299) Signed-off-by: Heemin Kim <heemin@amazon.com> * Implements delete datasource API (#291) Signed-off-by: Heemin Kim <heemin@amazon.com> * Set User-Agent in http request (#300) Signed-off-by: Heemin Kim <heemin@amazon.com> * Implement datasource update API (#292) Signed-off-by: Heemin Kim <heemin@amazon.com> * Refactoring test code (#302) Make buildGeoJSONFeatureProcessorConfig method to be more general Signed-off-by: Heemin Kim <heemin@amazon.com> * Add ip2geo processor integ test for failure case (#303) Signed-off-by: Heemin Kim <heemin@amazon.com> * Bug fix and refactoring of code (#305) 1. Bugfix: Ingest metadata can be null if there is no processor created 2. Refactoring: Moved private method to another class for better testing support 3. Refactoring: Set some private static final variable as public so that unit test can use it 4. Refactoring: Changed string value to static variable Signed-off-by: Heemin Kim <heemin@amazon.com> * Add integration test for Ip2GeoProcessor (#306) Signed-off-by: Heemin Kim <heemin@amazon.com> * Add ConcurrentModificationException (#308) Signed-off-by: Heemin Kim <heemin@amazon.com> * Add integration test for UpdateDatasource API (#307) Signed-off-by: Heemin Kim <heemin@amazon.com> * Bug fix on lock management and few performance improvements (#310) * Release lock before response back to caller for update/delete API * Release lock in background task for creation API * Change index settings to improve indexing performance Signed-off-by: Heemin Kim <heemin@amazon.com> * Change index setting from read_only_allow_delete to write (#311) read_only_allow_delete does not block write to an index. The disk-based shard allocator may add and remove this block automatically. Therefore, use index.blocks.write instead. Signed-off-by: Heemin Kim <heemin@amazon.com> * Fix bug in get datasource API and improve memory usage (#313) Signed-off-by: Heemin Kim <heemin@amazon.com> * Change package for Strings.hasText (#314) (#317) Signed-off-by: Heemin Kim <heemin@amazon.com> * Remove jitter and move index setting from DatasourceFacade to DatasourceExtension (#319) Signed-off-by: Heemin Kim <heemin@amazon.com> * Do not index blank value and do not enrich null property (#320) Signed-off-by: Heemin Kim <heemin@amazon.com> * Move index setting keys to constants (#321) Signed-off-by: Heemin Kim <heemin@amazon.com> * Return null index name for expired data (#322) Return null index name for expired data so that it can be deleted by clean up process. Clean up process exclude current index from deleting. Signed-off-by: Heemin Kim <heemin@amazon.com> * Add new fields in datasource (#325) Signed-off-by: Heemin Kim <heemin@amazon.com> * Delete index once it is expired (#326) Signed-off-by: Heemin Kim <heemin@amazon.com> * Add restoring event listener (#328) In the listener, we trigger a geoip data update Signed-off-by: Heemin Kim <heemin@amazon.com> * Reverse forcemerge and refresh order (#331) Otherwise, opensearch does not clear old segment files Signed-off-by: Heemin Kim <heemin@amazon.com> * Removed parameter and settings (#332) * Removed first_only parameter * Removed max_concurrency and batch_size setting first_only parameter was added as current geoip processor has it. However, the parameter have no benefit for ip2geo processor as we don't do a sequantial search for array data but use multi search. max_concurrency and batch_size setting is removed as these are only reveal internal implementation and could be a future blocker to improve performance later. Signed-off-by: Heemin Kim <heemin@amazon.com> * Add a field in datasource for current index name (#333) Signed-off-by: Heemin Kim <heemin@amazon.com> * Delete GeoIP data indices after restoring complete (#334) We don't want to use restored GeoIP data indices. Therefore we delete the indices once restoring process complete. When GeoIP metadata index is restored, we create a new GeoIP data index instead. Signed-off-by: Heemin Kim <heemin@amazon.com> * Use bool query for array form of IPs (#335) Signed-off-by: Heemin Kim <heemin@amazon.com> * Run update/delete request in a new thread (#337) This is not to block transport thread Signed-off-by: Heemin Kim <heemin@amazon.com> * Remove IP2Geo processor validation (#336) Cannot query index to get data to validate IP2Geo processor. Will add validation when we decide to store some of data in cluster state metadata. Signed-off-by: Heemin Kim <heemin@amazon.com> * Acquire lock sychronously (#339) By acquiring lock asychronously, the remaining part of the code is being run by transport thread which does not allow blocking code. We want only single update happen in a node using single thread. However, it cannot be acheived if I acquire lock asynchronously and pass the listener. Signed-off-by: Heemin Kim <heemin@amazon.com> * Added a cache to store datasource metadata (#338) Signed-off-by: Heemin Kim <heemin@amazon.com> * Changed class name and package (#341) Signed-off-by: Heemin Kim <heemin@amazon.com> * Refactoring of code (#342) 1. Changed class name from Ip2GeoCache to Ip2GeoCachedDao 2. Moved the Ip2GeoCachedDao from cache to dao package Signed-off-by: Heemin Kim <heemin@amazon.com> * Add geo data cache (#340) Signed-off-by: Heemin Kim <heemin@amazon.com> * Add cache layer to reduce GeoIp data retrieval latency (opensearch-project#343) Signed-off-by: Heemin Kim <heemin@amazon.com> * Use _primary in query preference and few changes (opensearch-project#347) 1. Use _primary preference to get datasource metadata so that it can read the latest data. RefreshPolicy.IMMEDIATE won't refresh replica shards immediately according to #346 2. Update datasource metadata index mapping 3. Move batch size from static value to setting Signed-off-by: Heemin Kim <heemin@amazon.com> * Wait until GeoIP data to be replicated to all data nodes (opensearch-project#348) Signed-off-by: Heemin Kim <heemin@amazon.com> * Update packages according to a change in OpenSearch core (opensearch-project#354) * Update packages according to a change in OpenSearch core Signed-off-by: Heemin Kim <heemin@amazon.com> * Update packages according to a change in OpenSearch core (opensearch-project#353) Signed-off-by: Heemin Kim <heemin@amazon.com> --------- Signed-off-by: Heemin Kim <heemin@amazon.com> --------- Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> Signed-off-by: Heemin Kim <heemin@amazon.com> Co-authored-by: Vijayan Balasubramanian <balasvij@amazon.com> Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds a new IT gradle task:
integTestWithSecurity. It starts a cluster with security plugin installed (it takes latest snapshot), configures cluster, http client for tests and runs one test which required to be run with security plugin.A new GHA is added which runs this test task.
This PR temporary includes files from opensearch-project#1943.
Issues Resolved
opensearch-project#1713
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.