Test: refactor setup and get all tests passing (#442)

logstash-plugins · Jan 1, 2022 · c646e54 · c646e54
1 parent 157b096
commit c646e54
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 48 deletions.
diff --git a/.ci/Dockerfile b/.ci/Dockerfile
diff --git a/.ci/run.sh b/.ci/run.sh
@@ -5,6 +5,7 @@ env
 
 set -ex
 
-bundle exec rspec spec
-bundle exec rake test:integration:setup
-bundle exec rspec spec --tag integration  -fd
+jruby -rbundler/setup -S rspec -fd
+
+jruby -rbundler/setup -S rake test:integration:setup
+jruby -rbundler/setup -S rspec spec --tag integration  -fd
diff --git a/.ci/setup.sh b/.ci/setup.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ $(command -v apt) ]; then
+    sudo apt install -y openssl
+else
+    sudo yum install -y openssl
+fi
diff --git a/spec/inputs/beats_spec.rb b/spec/inputs/beats_spec.rb
@@ -166,7 +166,14 @@
   end
 
   context "tls meta-data" do
-    let(:config) { super().merge("host" => host, "ssl_peer_metadata" => true, "ssl_certificate_authorities" => [ certificate.ssl_cert ]) }
+    let(:config) do
+      super().merge(
+          "host" => host,
+          "ssl_peer_metadata" => true,
+          "ssl_certificate_authorities" => [ certificate.ssl_cert ],
+          "ecs_compatibility" => 'disabled'
+      )
+    end
     let(:host) { "192.168.1.20" }
     let(:port) { 9002 }
 

diff --git a/spec/integration/filebeat_spec.rb b/spec/integration/filebeat_spec.rb
@@ -177,27 +177,34 @@
         # Refactor this to use Flores's PKI instead of openssl command line
         # see: https://github.com/jordansissel/ruby-flores/issues/7
         context "with a passphrase" do
-          let!(:temporary_directory) { Stud::Temporary.pathname }
-          let(:certificate_key_file) { ::File.join(temporary_directory, "certificate.key") }
-          let(:certificate_key_file_pkcs8) { ::File.join(temporary_directory, "certificate.pkcs8.key") }
-          let(:certificate_file) { ::File.join(temporary_directory, "certificate.crt") }
-          let(:passphrase) { "foobar" }
-          let(:beats) {
-            # Since we are using a shared context, this not obvious to make sure the openssl command
-            # is run before starting beats so we do it just before initializing it.
-            FileUtils.mkdir_p(temporary_directory)
-            openssl_cmd = "openssl req -x509  -batch -newkey rsa:2048 -keyout #{temporary_directory}/certificate.key -out #{temporary_directory}/certificate.crt -subj /CN=localhost -passout pass:#{passphrase}"
-            system(openssl_cmd)
-            convert_key_cmd = "openssl pkcs8 -topk8 -in #{temporary_directory}/certificate.key -out #{certificate_key_file_pkcs8} -passin pass:#{passphrase} -passout pass:#{passphrase}"
-            system(convert_key_cmd)
-
-            LogStash::Inputs::Beats.new(input_config)
-          }
-          let(:input_config) {
-            super().merge({
-            "ssl_key_passphrase" => passphrase,
-            "ssl_key" => certificate_key_file_pkcs8
-          })}
+
+          before(:all) do
+            @passphrase = "foobar".freeze
+
+            FileUtils.mkdir_p temporary_directory = Stud::Temporary.pathname
+
+            cert_key = ::File.join(temporary_directory, "certificate.key")
+            @cert_pub = ::File.join(temporary_directory, "certificate.crt")
+            @cert_key_pkcs8 = ::File.join(temporary_directory, "certificate.key.pkcs8")
+
+            cmd = "openssl req -x509  -batch -newkey rsa:2048 -keyout #{cert_key} -out #{@cert_pub} -passout pass:#{@passphrase} -subj \"/C=EU/O=Logstash/CN=localhost\""
+            unless system(cmd)
+              fail "failed to run openssl command: #{$?} \n#{cmd}"
+            end
+
+            # NOTE: CentOS 7 base image (LS < 7.17) uses OpenSSL 1.0 while later is using Ubuntu 20.04 with OpenSSL 1.1.1
+            # the default algorithm for `openssl pkcs8 -topk8` changed to -v2 which Java does not support (see GH-443)
+            cmd = "openssl pkcs8 -topk8 -in #{cert_key} -out #{@cert_key_pkcs8} -v1 PBE-SHA1-RC2-128 -passin pass:#{@passphrase} -passout pass:#{@passphrase}"
+            unless system(cmd)
+              fail "failed to run openssl command: #{$?} \n#{cmd}"
+            end
+          end
+
+          let(:certificate_authorities) { [ @cert_pub ] }
+
+          let(:input_config) do
+            super().merge("ssl_key_passphrase" => @passphrase, "ssl_key" => @cert_key_pkcs8, "ssl_certificate" => @cert_pub)
+          end
 
           include_examples "send events"
         end

diff --git a/spec/support/integration_shared_context.rb b/spec/support/integration_shared_context.rb
@@ -50,6 +50,7 @@
       begin
         beats.run(queue)
       rescue => e
+        warn e.inspect if $VERBOSE
         retry unless beats.stop?
       end
     end