Skip to content

Commit

Permalink
[Backport 2.x] Integration tests framework
Browse files Browse the repository at this point in the history
Test framework that allows for declaring within the test class all
related users, roles, and other security primatives.  Empahsis on
hamcrest assertMatchers for straight forward to read, author, and
troubleshoot test cases.

Signed-off-by: Peter Nied <[email protected]>
  • Loading branch information
peternied committed Sep 21, 2023
1 parent a2daf9f commit 3d1825c
Show file tree
Hide file tree
Showing 193 changed files with 21,444 additions and 89 deletions.
161 changes: 96 additions & 65 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
name: CI

on: [push, pull_request]
on:
push:
branches:
- main
- 1.*
- 2.*
pull_request:

env:
GRADLE_OPTS: -Dhttp.keepAlive=false
Expand All @@ -18,7 +24,7 @@ jobs:
java-version: 17

- name: Checkout security
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Generate list of tasks
id: set-matrix
Expand All @@ -44,15 +50,14 @@ jobs:
java-version: ${{ matrix.jdk }}

- name: Checkout security
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Build and Test
uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: |
${{ matrix.gradle_task }} -Dbuild.snapshot=false
-x test
- name: Coverage
uses: Wandalen/[email protected]
Expand All @@ -76,7 +81,8 @@ jobs:
if: always()
run: echo "Check the artifact ${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports for detailed test results"

backward-compatibility:
integration-tests:
name: integration-tests
strategy:
fail-fast: false
matrix:
Expand All @@ -85,80 +91,105 @@ jobs:
runs-on: ${{ matrix.platform }}

steps:
- uses: actions/setup-java@v3
- name: Set up JDK for build and test
uses: actions/setup-java@v3
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: ${{ matrix.jdk }}

- name: Checkout Security Repo
uses: actions/checkout@v2
- name: Checkout security
uses: actions/checkout@v4

- id: build-previous
uses: ./.github/actions/run-bwc-suite
- name: Build and Test
uses: gradle/gradle-build-action@v2
with:
plugin-previous-branch: "2.10"
plugin-next-branch: "current_branch"
report-artifact-name: bwc-${{ matrix.platform }}-jdk${{ matrix.jdk }}
username: admin
password: admin
cache-disabled: true
arguments: |
integrationTest -Dbuild.snapshot=false
# backward-compatibility:
# strategy:
# fail-fast: false
# matrix:
# jdk: [11, 17]
# platform: [ubuntu-latest, windows-latest]
# runs-on: ${{ matrix.platform }}

# steps:
# - uses: actions/setup-java@v3
# with:
# distribution: temurin # Temurin is a distribution of adoptium
# java-version: ${{ matrix.jdk }}

# - name: Checkout Security Repo
# uses: actions/checkout@v4

# - id: build-previous
# uses: ./.github/actions/run-bwc-suite
# with:
# plugin-previous-branch: "2.10"
# plugin-next-branch: "current_branch"
# report-artifact-name: bwc-${{ matrix.platform }}-jdk${{ matrix.jdk }}
# username: admin
# password: admin

code-ql:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 11
- uses: github/codeql-action/init@v1
- uses: github/codeql-action/init@v2
with:
languages: java
- run: ./gradlew clean build -Dbuild.snapshot=false -x test
- uses: github/codeql-action/analyze@v1

build-artifact-names:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2

- uses: actions/setup-java@v3
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 11

- run: |
security_plugin_version=$(./gradlew properties -q | grep -E '^version:' | awk '{print $2}')
security_plugin_version_no_snapshot=$(echo $security_plugin_version | sed 's/-SNAPSHOT//g')
security_plugin_version_only_number=$(echo $security_plugin_version_no_snapshot | cut -d- -f1)
test_qualifier=alpha2
echo "SECURITY_PLUGIN_VERSION=$security_plugin_version" >> $GITHUB_ENV
echo "SECURITY_PLUGIN_VERSION_NO_SNAPSHOT=$security_plugin_version_no_snapshot" >> $GITHUB_ENV
echo "SECURITY_PLUGIN_VERSION_ONLY_NUMBER=$security_plugin_version_only_number" >> $GITHUB_ENV
echo "TEST_QUALIFIER=$test_qualifier" >> $GITHUB_ENV
- run: |
echo ${{ env.SECURITY_PLUGIN_VERSION }}
echo ${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}
echo ${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}
echo ${{ env.TEST_QUALIFIER }}
- run: ./gradlew clean assemble && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip

- run: ./gradlew clean assemble -Dbuild.snapshot=false && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}.zip

- run: ./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}.zip

- run: ./gradlew clean assemble -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}-SNAPSHOT.zip

- run: |
## EXISTING_OS_VERSION outputs the major version, example as 2
EXISTING_OS_VERSION=$(./gradlew properties | grep opensearch.version | cut -d':' -f2- | awk '{$1=$1};1' | cut -d '-' -f1 | cut -d '.' -f1)
## INCREMENT_OS_VERSION in an increment of 1, example if EXISTING_OS_VERSION is 2, INCREMENT_OS_VERSION is 3
INCREMENT_OS_VERSION=$((++EXISTING_OS_VERSION))
./gradlew clean updateVersion -DnewVersion=$INCREMENT_OS_VERSION.0.0-SNAPSHOT
test `./gradlew properties | grep opensearch.version | cut -d':' -f2- | awk '{$1=$1};1'` = $INCREMENT_OS_VERSION.0.0-SNAPSHOT
- name: List files in the build directory if there was an error
run: ls -al ./build/distributions/
if: failure()
- uses: github/codeql-action/analyze@v2

# build-artifact-names:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4

# - uses: actions/setup-java@v3
# with:
# distribution: temurin # Temurin is a distribution of adoptium
# java-version: 11

# - run: |
# security_plugin_version=$(./gradlew properties -q | grep -E '^version:' | awk '{print $2}')
# security_plugin_version_no_snapshot=$(echo $security_plugin_version | sed 's/-SNAPSHOT//g')
# security_plugin_version_only_number=$(echo $security_plugin_version_no_snapshot | cut -d- -f1)
# test_qualifier=alpha2

# echo "SECURITY_PLUGIN_VERSION=$security_plugin_version" >> $GITHUB_ENV
# echo "SECURITY_PLUGIN_VERSION_NO_SNAPSHOT=$security_plugin_version_no_snapshot" >> $GITHUB_ENV
# echo "SECURITY_PLUGIN_VERSION_ONLY_NUMBER=$security_plugin_version_only_number" >> $GITHUB_ENV
# echo "TEST_QUALIFIER=$test_qualifier" >> $GITHUB_ENV

# - run: |
# echo ${{ env.SECURITY_PLUGIN_VERSION }}
# echo ${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}
# echo ${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}
# echo ${{ env.TEST_QUALIFIER }}

# - run: ./gradlew clean assemble && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip

# - run: ./gradlew clean assemble -Dbuild.snapshot=false && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}.zip

# - run: ./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}.zip

# - run: ./gradlew clean assemble -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}-SNAPSHOT.zip

# - run: |
# ## EXISTING_OS_VERSION outputs the major version, example as 2
# EXISTING_OS_VERSION=$(./gradlew properties | grep opensearch.version | cut -d':' -f2- | awk '{$1=$1};1' | cut -d '-' -f1 | cut -d '.' -f1)
# ## INCREMENT_OS_VERSION in an increment of 1, example if EXISTING_OS_VERSION is 2, INCREMENT_OS_VERSION is 3
# INCREMENT_OS_VERSION=$((++EXISTING_OS_VERSION))
# ./gradlew clean updateVersion -DnewVersion=$INCREMENT_OS_VERSION.0.0-SNAPSHOT
# test `./gradlew properties | grep opensearch.version | cut -d':' -f2- | awk '{$1=$1};1'` = $INCREMENT_OS_VERSION.0.0-SNAPSHOT

# - name: List files in the build directory if there was an error
# run: ls -al ./build/distributions/
# if: failure()
13 changes: 13 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -434,6 +434,14 @@ configurations {
force "com.github.luben:zstd-jni:${versions.zstd}"
force "org.xerial.snappy:snappy-java:1.1.10.3"
force "com.google.guava:guava:${guava_version}"

// TODO: Seems like this should be removable
force "org.apache.httpcomponents:httpclient-cache:4.5.13"
force "org.apache.httpcomponents:httpclient:4.5.13"
force "org.apache.httpcomponents:fluent-hc:4.5.13"
force "org.apache.httpcomponents:httpcore:4.4.16"
force "org.apache.httpcomponents:httpcore-nio:4.4.16"
force "org.apache.httpcomponents:httpasyncclient:4.1.5"
}
}

Expand Down Expand Up @@ -639,6 +647,11 @@ dependencies {
exclude(group: 'org.hamcrest', module: 'hamcrest')
}
integrationTestImplementation 'com.unboundid:unboundid-ldapsdk:4.0.14'
integrationTestImplementation "org.apache.httpcomponents:httpclient-cache:4.5.13"
integrationTestImplementation "org.apache.httpcomponents:httpclient:4.5.13"
integrationTestImplementation "org.apache.httpcomponents:fluent-hc:4.5.13"
integrationTestImplementation "org.apache.httpcomponents:httpcore:4.4.13"
integrationTestImplementation "org.apache.httpcomponents:httpasyncclient:4.1.5"

//Checkstyle
checkstyle 'com.puppycrawl.tools:checkstyle:10.12.1'
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
*/
package org.opensearch.common.logging;

/**
* Class uses to override OpenSearch NodeAndClusterIdConverter Log4j2 plugin in order to disable plugin and limit number of
* warn messages like "...ApplierService#updateTask][T#1] WARN ClusterApplierService:628 - failed to notify ClusterStateListener..."
* during tests execution.
*
* The class is rather a temporary solution and the real one should be developed in scope of:
* https://github.com/opensearch-project/OpenSearch/pull/4322
*/
import org.apache.logging.log4j.core.LogEvent;

class NodeAndClusterIdConverter {

public NodeAndClusterIdConverter() {}

public static void setNodeIdAndClusterId(String nodeId, String clusterUUID) {}

public void format(LogEvent event, StringBuilder toAppendTo) {}
}
52 changes: 52 additions & 0 deletions src/integrationTest/java/org/opensearch/node/PluginAwareNode.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
* Copyright 2015-2018 _floragunn_ GmbH
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/

package org.opensearch.node;

import java.util.Arrays;
import java.util.Collections;

import org.opensearch.common.settings.Settings;
import org.opensearch.plugins.Plugin;

public class PluginAwareNode extends Node {

private final boolean clusterManagerEligible;

@SafeVarargs
public PluginAwareNode(boolean clusterManagerEligible, final Settings preparedSettings, final Class<? extends Plugin>... plugins) {
super(
InternalSettingsPreparer.prepareEnvironment(preparedSettings, Collections.emptyMap(), null, () -> System.getenv("HOSTNAME")),
Arrays.asList(plugins),
true
);
this.clusterManagerEligible = clusterManagerEligible;
}

public boolean isClusterManagerEligible() {
return clusterManagerEligible;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
*/
package org.opensearch.security;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Objects;

class ConfigurationFiles {

public static void createRoleMappingFile(File destination) {
String resource = "roles_mapping.yml";
copyResourceToFile(resource, destination);
}

public static Path createConfigurationDirectory() {
try {
Path tempDirectory = Files.createTempDirectory("test-security-config");
String[] configurationFiles = {
"config.yml",
"action_groups.yml",
"config.yml",
"internal_users.yml",
"roles.yml",
"roles_mapping.yml",
"security_tenants.yml",
"tenants.yml" };
for (String fileName : configurationFiles) {
Path configFileDestination = tempDirectory.resolve(fileName);
copyResourceToFile(fileName, configFileDestination.toFile());
}
return tempDirectory.toAbsolutePath();
} catch (IOException ex) {
throw new RuntimeException("Cannot create directory with security plugin configuration.", ex);
}
}

private static void copyResourceToFile(String resource, File destination) {
try (InputStream input = ConfigurationFiles.class.getClassLoader().getResourceAsStream(resource)) {
Objects.requireNonNull(input, "Cannot find source resource " + resource);
try (OutputStream output = new FileOutputStream(destination)) {
input.transferTo(output);
}
} catch (IOException e) {
throw new RuntimeException("Cannot create file with security plugin configuration", e);
}
}
}
Loading

0 comments on commit 3d1825c

Please sign in to comment.