-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable SSL in reindex with security QA tests #37600
Conversation
Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface.
Pinging @elastic/es-security |
This test will fail until #37527 is merged, as reindex doesn't support SSL yet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
// Check whether the cluster has started | ||
URL url = new URL("https://${node.httpUri()}/_cluster/health?wait_for_nodes=${numNodes}&wait_for_status=yellow"); | ||
for (int i = 0; i < 20; i++) { | ||
// we use custom wait logic here for HTTPS |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be awesome to unify this wait logic with that in smoke-test-plugins-ssl
, potentially as a followup. Maybe @atorok has some guidance on the best way to do that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I think we probably want to replace the existing Ant task we use for this with our own task that can read from a custom truststore (or perhaps PEM so it can run on a FIPS JVM).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
logger.info("HTTP response was [{}]", httpURLConnection.getResponseCode()); | ||
} | ||
} catch (IOException e) { | ||
logger.info("Failed to call cluster health - " + e) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this will be too verbose in CI , would only log the last one.
* master: (100 commits) Push primary term to replication tracker (elastic#38044) Introduce ability to minimize round-trips in CCS (elastic#37828) Don't Assert Ack on when Publish Timeout is 0 in Test (elastic#38077) Reduce object creation in Rounding class (elastic#38061) Treat put-mapping calls with `_doc` as a top-level key as typed calls. (elastic#38032) Fix test bug when testing the merging of mappings and templates. (elastic#38021) spelling: java script -- not JavaScript (elastic#37057) Enable SSL in reindex with security QA tests (elastic#37600) Disable BWC tests during backport (elastic#38074) SQL: Added SSL configuration options tests (elastic#37875) Minor fixes in the release notes script. (elastic#37967) Fix typo in docs. (elastic#38018) Update Lucene repo for 7.0.0-alpha2 (elastic#37985) Fix size of rolling-upgrade bootstrap config (elastic#38031) fix DateIndexNameProcessorTests offset pattern (elastic#38069) Speed up converting of temporal accessor to zoned date time (elastic#37915) Work around JDK8 timezone bug in tests (elastic#37968) Correct arg names when update mapping/settings from leader (elastic#38063) Introduce ssl settings to reindex from remote (elastic#37527) Mute testRetentionLeasesSyncOnExpiration ...
Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Backport of: elastic#37600 Relates: elastic#37527
Updates the x-pack/qa/reindex-tests-with-security integration tests to
run with TLS enabled on the Rest interface.
Relates: #37527