Fetch certs from security repo and remove locally checked in demo cer…

…ts (#713) Signed-off-by: Craig Perkins <[email protected]>
opensearch-project · Jan 22, 2025 · a659592 · a659592
1 parent 543cec3
commit a659592
Show file tree

Hide file tree

Showing 11 changed files with 21 additions and 169 deletions.
diff --git a/.github/workflows/test-with-security.yml b/.github/workflows/test-with-security.yml
@@ -1,4 +1,4 @@
-name: BWC Test Workflow
+name: Integ tests with Security
 # This workflow is triggered on pull requests and pushes to main or an OpenSearch release branch
 on:
   pull_request:

diff --git a/build.gradle b/build.gradle
@@ -33,6 +33,7 @@ buildscript {
 }
 
 plugins {
+    id "de.undercouch.download" version "5.3.0"
     id 'com.netflix.nebula.ospackage' version "11.10.1"
     id 'java-library'
     id "com.diffplug.spotless" version "6.25.0"
@@ -49,6 +50,18 @@ ext {
     projectSubstitutions = [:]
     licenseFile = rootProject.file('LICENSE.txt')
     noticeFile = rootProject.file('NOTICE')
+
+    ['esnode.pem', 'esnode-key.pem', 'kirk.pem', 'kirk-key.pem', 'root-ca.pem', 'sample.pem', 'test-kirk.jks'].forEach { file ->
+        File local = getLayout().getBuildDirectory().file(file).get().getAsFile()
+        download.run {
+            src "https://raw.githubusercontent.com/opensearch-project/security/refs/heads/main/bwc-test/src/test/resources/security/" + file
+            dest local
+            overwrite false
+        }
+        processResources {
+            from(local)
+        }
+    }
 }
 
 licenseHeaders.enabled = true
@@ -276,11 +289,11 @@ afterEvaluate {
         }
 
         if (securityEnabled) {
-            node.extraConfigFile("kirk.pem", file("src/test/resources/security/kirk.pem"))
-            node.extraConfigFile("kirk-key.pem", file("src/test/resources/security/kirk-key.pem"))
-            node.extraConfigFile("esnode.pem", file("src/test/resources/security/esnode.pem"))
-            node.extraConfigFile("esnode-key.pem", file("src/test/resources/security/esnode-key.pem"))
-            node.extraConfigFile("root-ca.pem", file("src/test/resources/security/root-ca.pem"))
+            node.extraConfigFile("kirk.pem", file("build/resources/main/kirk.pem"))
+            node.extraConfigFile("kirk-key.pem", file("build/resources/main/kirk-key.pem"))
+            node.extraConfigFile("esnode.pem", file("build/resources/main/esnode.pem"))
+            node.extraConfigFile("esnode-key.pem", file("build/resources/main/esnode-key.pem"))
+            node.extraConfigFile("root-ca.pem", file("build/resources/main/root-ca.pem"))
             node.setting("network.bind_host", "127.0.0.1")
             node.setting("network.publish_host", "127.0.0.1")
             node.setting("plugins.security.ssl.transport.pemcert_filepath", "esnode.pem")

diff --git a/...c/test/java/org/opensearch/jobscheduler/sampleextension/SampleExtensionIntegTestCase.java b/...c/test/java/org/opensearch/jobscheduler/sampleextension/SampleExtensionIntegTestCase.java
@@ -100,7 +100,7 @@ protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOE
             if (Objects.nonNull(keystore)) {
                 URI uri = null;
                 try {
-                    uri = this.getClass().getClassLoader().getResource("security/sample.pem").toURI();
+                    uri = this.getClass().getClassLoader().getResource("sample.pem").toURI();
                 } catch (URISyntaxException e) {
                     throw new RuntimeException(e);
                 }

diff --git a/src/test/java/org/opensearch/jobscheduler/ODFERestTestCase.java b/src/test/java/org/opensearch/jobscheduler/ODFERestTestCase.java
@@ -90,7 +90,7 @@ protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOE
             if (Objects.nonNull(keystore)) {
                 URI uri = null;
                 try {
-                    uri = this.getClass().getClassLoader().getResource("security/sample.pem").toURI();
+                    uri = this.getClass().getClassLoader().getResource("sample.pem").toURI();
                 } catch (URISyntaxException e) {
                     throw new RuntimeException(e);
                 }

diff --git a/src/test/resources/security/esnode-key.pem b/src/test/resources/security/esnode-key.pem
diff --git a/src/test/resources/security/esnode.pem b/src/test/resources/security/esnode.pem
diff --git a/src/test/resources/security/kirk-key.pem b/src/test/resources/security/kirk-key.pem
diff --git a/src/test/resources/security/kirk.pem b/src/test/resources/security/kirk.pem
diff --git a/src/test/resources/security/root-ca.pem b/src/test/resources/security/root-ca.pem
diff --git a/src/test/resources/security/sample.pem b/src/test/resources/security/sample.pem
diff --git a/src/test/resources/security/test-kirk.jks b/src/test/resources/security/test-kirk.jks