Hacking together BWC tests that use SSL, doesn't work

Signed-off-by: Peter Nied <petern@amazon.com>
peternied · Jul 26, 2023 · a12171a · a12171a
1 parent 8063e1b
commit a12171a
Show file tree

Hide file tree

Showing 5 changed files with 528 additions and 9 deletions.
diff --git a/bwc-test/build.gradle b/bwc-test/build.gradle
@@ -125,7 +125,7 @@ def String extractVersion(versionStr) {
                 node.extraConfigFile("esnode.pem", file("src/test/resources/security/esnode.pem"))
                 node.extraConfigFile("esnode-key.pem", file("src/test/resources/security/esnode-key.pem"))
                 node.extraConfigFile("root-ca.pem", file("src/test/resources/security/root-ca.pem"))
-                node.setting("plugins.security.disabled", "true")
+                node.setting("plugins.security.disabled", "false")
                 node.setting("plugins.security.ssl.transport.pemcert_filepath", "esnode.pem")
                 node.setting("plugins.security.ssl.transport.pemkey_filepath", "esnode-key.pem")
                 node.setting("plugins.security.ssl.transport.pemtrustedcas_filepath", "root-ca.pem")
@@ -137,7 +137,7 @@ def String extractVersion(versionStr) {
                 node.setting("plugins.security.allow_unsafe_democertificates", "true")
                 node.setting("plugins.security.allow_default_init_securityindex", "true")
                 node.setting("plugins.security.authcz.admin_dn", "CN=kirk,OU=client,O=client,L=test,C=de")
-                node.setting("plugins.security.audit.type", "internal_elasticsearch")
+                node.setting("plugins.security.audit.type", "internal_opensearch")
                 node.setting("plugins.security.enable_snapshot_restore_privilege", "true")
                 node.setting("plugins.security.check_snapshot_restore_write_privileges", "true")
                 node.setting("plugins.security.restapi.roles_enabled", "[\"all_access\", \"security_rest_api_access\"]")

diff --git a/bwc-test/src/test/java/ConfigConstants.java b/bwc-test/src/test/java/ConfigConstants.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.opensearch.commons;
+
+import org.opensearch.common.settings.SecureSetting;
+import org.opensearch.common.settings.Setting;
+import org.opensearch.core.common.settings.SecureString;
+
+public class ConfigConstants {
+
+    public static final String HTTPS = "https";
+    public static final String HTTP = "http";
+    public static final String HOST_DEFAULT = "localhost";
+    public static final String HTTP_PORT = "http.port";
+    public static final int HTTP_PORT_DEFAULT = 9200;
+    public static final String CONTENT_TYPE = "content-type";
+    public static final String CONTENT_TYPE_DEFAULT = "application/json";
+    public static final String AUTHORIZATION = "Authorization";
+
+    // These reside in security plugin.
+    public static final String OPENSEARCH_SECURITY_SSL_HTTP_PEMCERT_FILEPATH = "plugins.security.ssl.http.pemcert_filepath";
+    public static final String OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_FILEPATH = "plugins.security.ssl.http.keystore_filepath";
+    /**
+     * @deprecated in favor of the {@link #OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_PASSWORD_SETTING} secure setting
+     */
+    @Deprecated
+    public static final String OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_PASSWORD = "plugins.security.ssl.http.keystore_password";
+
+    /**
+     * @deprecated in favor of the {@link #OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_KEYPASSWORD_SETTING} secure setting
+     */
+    @Deprecated
+    public static final String OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_KEYPASSWORD = "plugins.security.ssl.http.keystore_keypassword";
+    private static final String SECURE_SUFFIX = "_secure";
+
+    private static Setting<SecureString> createFallbackInsecureSetting(String key) {
+        return new Setting<>(key, (settings) -> "", (strValue) -> new SecureString(strValue.toCharArray()));
+    }
+
+    public static final Setting<SecureString> OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_PASSWORD_SETTING = SecureSetting
+        .secureString(
+            OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_PASSWORD + SECURE_SUFFIX,
+            createFallbackInsecureSetting(OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_PASSWORD)
+        );
+    public static final Setting<SecureString> OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_KEYPASSWORD_SETTING = SecureSetting
+        .secureString(
+            OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_KEYPASSWORD + SECURE_SUFFIX,
+            createFallbackInsecureSetting(OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_KEYPASSWORD)
+        );
+    public static final String OPENSEARCH_SECURITY_INJECTED_ROLES = "opendistro_security_injected_roles";
+    public static final String INJECTED_USER = "injected_user";
+    public static final String OPENSEARCH_SECURITY_USE_INJECTED_USER_FOR_PLUGINS = "plugins.security_use_injected_user_for_plugins";
+    public static final String OPENSEARCH_SECURITY_SSL_HTTP_ENABLED = "plugins.security.ssl.http.enabled";
+    public static final String OPENSEARCH_SECURITY_USER_INFO_THREAD_CONTEXT = "_opendistro_security_user_info";
+}