Add support of secure OpenSearch clusters in integration tests (#50)

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>

src/integrationTest/java/org/opensearch/index/codec/rest/CreateIndexWithCodecIT.java

@@ -8,19 +8,49 @@
 
 package org.opensearch.index.codec.rest;
 
+import org.apache.hc.client5.http.auth.AuthScope;
+import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
+import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
+import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
+import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
+import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.core5.function.Factory;
+import org.apache.hc.core5.http.Header;
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.message.BasicHeader;
+import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
+import org.apache.hc.core5.reactor.ssl.TlsDetails;
+import org.apache.hc.core5.ssl.SSLContextBuilder;
+import org.apache.hc.core5.util.Timeout;
+import org.junit.After;
+import org.junit.BeforeClass;
+import org.opensearch.client.RestClient;
+import org.opensearch.client.RestClientBuilder;
 import org.opensearch.cluster.metadata.IndexMetadata;
 import org.opensearch.common.settings.Settings;
+import org.opensearch.common.unit.TimeValue;
+import org.opensearch.common.util.concurrent.ThreadContext;
+import org.opensearch.core.common.Strings;
 import org.opensearch.test.rest.OpenSearchRestTestCase;
 
 import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Map;
+import java.util.Optional;
 
+import javax.net.ssl.SSLEngine;
+
+import static org.opensearch.client.RestClientBuilder.DEFAULT_MAX_CONN_PER_ROUTE;
+import static org.opensearch.client.RestClientBuilder.DEFAULT_MAX_CONN_TOTAL;
 import static org.opensearch.index.codec.customcodecs.CustomCodecService.ZSTD_CODEC;
 import static org.opensearch.index.codec.customcodecs.CustomCodecService.ZSTD_NO_DICT_CODEC;
 
 public class CreateIndexWithCodecIT extends OpenSearchRestTestCase {
-
     public void testCreateIndexWithZstdCodec() throws IOException {
-        final String index = "test-index";
+        final String index = "custom-codecs-test-index";
 
         // creating index
         createIndex(
@@ -33,6 +63,82 @@ public void testCreateIndexWithZstdCodec() throws IOException {
                 .build()
         );
 
-        ensureGreen(index);
+        try {
+            ensureGreen(index);
+        } finally {
+            deleteIndex(index);
+        }
+    }
+
+    @Override
+    protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException {
+        RestClientBuilder builder = RestClient.builder(hosts);
+        configureHttpOrHttpsClient(builder, settings);
+        builder.setStrictDeprecationMode(true);
+        return builder.build();
+    }
+
+    protected void configureHttpOrHttpsClient(RestClientBuilder builder, Settings settings) throws IOException {
+        configureClient(builder, settings);
+
+        if (getProtocol().equalsIgnoreCase("https")) {
+            final String username = System.getProperty("user");
+            if (Strings.isNullOrEmpty(username)) {
+                throw new RuntimeException("user name is missing");
+            }
+
+            final String password = System.getProperty("password");
+            if (Strings.isNullOrEmpty(password)) {
+                throw new RuntimeException("password is missing");
+            }
+
+            final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+            final AuthScope anyScope = new AuthScope(null, -1);
+            credentialsProvider.setCredentials(anyScope, new UsernamePasswordCredentials(username, password.toCharArray()));
+
+            try {
+            final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder
+                .create()
+                .setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
+                .setSslContext(SSLContextBuilder.create().loadTrustMaterial(null, (chains, authType) -> true).build())
+                // See https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+                .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+                    @Override
+                    public TlsDetails create(final SSLEngine sslEngine) {
+                        return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+                    }
+                })
+                .build();
+
+                builder.setHttpClientConfigCallback(httpClientBuilder -> {
+                    final PoolingAsyncClientConnectionManager connectionManager = PoolingAsyncClientConnectionManagerBuilder
+                        .create()
+                        .setMaxConnPerRoute(DEFAULT_MAX_CONN_PER_ROUTE)
+                        .setMaxConnTotal(DEFAULT_MAX_CONN_TOTAL)
+                        .setTlsStrategy(tlsStrategy)
+                        .build();
+
+                    return httpClientBuilder
+                        .setDefaultCredentialsProvider(credentialsProvider)
+                        .setConnectionManager(connectionManager);
+                });
+            } catch (final NoSuchAlgorithmException | KeyManagementException | KeyStoreException ex) {
+                throw new IOException(ex);
+            }
+
+        }
+    }
+
+    @Override
+    protected String getProtocol() {
+        return Strings.isNullOrEmpty(System.getProperty("https")) ? "http" : "https";
+    }
+
+    /**
+     * wipeAllIndices won't work since it cannot delete security index
+     */
+    @Override
+    protected boolean preserveIndicesUponCompletion() {
+        return true;
     }
 }