Decoupled OpenSearchSinkIT from the OpenSearch Core test cases #1325
Conversation
… OpenSearchIntegrationHelper to clean up some of the changes to OpenSearchSinkIT. Also clean out templates and wait for tasks to complete in between tests. Signed-off-by: David Venable <dlv@amazon.com>
| @@ -0,0 +1,254 @@ | |||
| /* | |||
There was a problem hiding this comment.
Why is the long format license needed here?
There was a problem hiding this comment.
I copied this code from OpenSearchRestTestCase.java. As copied code it must have the long-form header and the headers from the original file.
There was a problem hiding this comment.
"I copied this code" hits me like nails on a chalkboard. :) Would other projects have this same issue and benefit from a reliable test client that doesn't bring in the OpenSearch core? I am wondering if we can standardize this for the community and make something usable rather than copying code.
| .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) | ||
| .setSSLContext(SSLContextBuilder.create().loadTrustMaterial(null, (chains, authType) -> true).build()); | ||
| } catch (Exception e) { | ||
| throw new RuntimeException(e); |
There was a problem hiding this comment.
Why catch an exception only to throw a generic runtime exception?
There was a problem hiding this comment.
This was already part of OpenSearchSinkIT and I moved this method. There is little value here since these are all tests.
| MetricsTestUtil.initMetrics(); | ||
|
|
||
| client = createOpenSearchClient(); |
There was a problem hiding this comment.
Thanks for cleaning up all the client() calls!
| if (keystorePath != null) { | ||
| final String keystorePass = settings.get(TRUSTSTORE_PASSWORD); | ||
| if (keystorePass == null) { | ||
| throw new IllegalStateException(TRUSTSTORE_PATH + " is provided but not " + TRUSTSTORE_PASSWORD); | ||
| } | ||
| Path path = PathUtils.get(keystorePath); | ||
| if (!Files.exists(path)) { | ||
| throw new IllegalStateException(TRUSTSTORE_PATH + " is set but points to a non-existing file"); | ||
| } | ||
| try { | ||
| final String keyStoreType = keystorePath.endsWith(".p12") ? "PKCS12" : "jks"; | ||
| KeyStore keyStore = KeyStore.getInstance(keyStoreType); | ||
| try (InputStream is = Files.newInputStream(path)) { | ||
| keyStore.load(is, keystorePass.toCharArray()); | ||
| } | ||
| SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(keyStore, null).build(); | ||
| SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sslcontext); | ||
| builder.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy)); | ||
| } catch (KeyStoreException | NoSuchAlgorithmException | KeyManagementException | CertificateException e) { | ||
| throw new RuntimeException("Error setting up ssl", e); | ||
| } | ||
| } |
There was a problem hiding this comment.
I am worried we are copying over dead code that we won't use here. configureHttpsClient and configureClient are poorly named and both functions support HTTPS. The clients themselves really differentiate themselves based on the os system.property being set to true. The protocol used is based on this property as well.
Do we need this code block?
There was a problem hiding this comment.
I'm unsure if we need this. It does seem that all of our tests are using HTTPS, but I was unable to verify this.
There was a problem hiding this comment.
I validated that even OpenDistro 1.0.0 runs with HTTPS enabled by default.
docker run -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" -d amazon/opendistro-for-elasticsearch:1.0.0
curl https://localhost:9200 --insecure --user admin:admin [14:26:06]
{
"name" : "5ac8a4703ed1",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "2AdDi7uSQ-mpHH1j00u40A",
"version" : {
"number" : "7.0.1",
"build_flavor" : "oss",
"build_type" : "tar",
"build_hash" : "e4efcb5",
"build_date" : "2019-04-29T12:56:03.145736Z",
"build_snapshot" : false,
"lucene_version" : "8.0.0",
"minimum_wire_compatibility_version" : "6.7.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
I'm unsure presently what the minimum supported OpenDistro/Elasticsearch version Data Prepper supports, but I believe it is in the OpenDistro 1.x/Elasticsearch 7.x series. So I removed any support for testing against HTTP plaintext.
There was a problem hiding this comment.
I had to revert that change. The current build does run an OpenSearch cluster with HTTP. When we remove the OpenSearch build-tools plugin entirely we can remove this.
| @@ -0,0 +1,254 @@ | |||
| /* | |||
There was a problem hiding this comment.
"I copied this code" hits me like nails on a chalkboard. :) Would other projects have this same issue and benefit from a reliable test client that doesn't bring in the OpenSearch core? I am wondering if we can standardize this for the community and make something usable rather than copying code.
| } | ||
| } | ||
|
|
||
| private static void configureClient(RestClientBuilder builder, Settings settings) throws IOException { |
There was a problem hiding this comment.
Is this the only copied piece of code we are leveraging? Let's call this out for the maintainers.
There was a problem hiding this comment.
Yes, I think that the best solution would be to refactor the OpenSearch tests. This would likely be a significant change and will take some time to implement. I'd like to fix these tests in Data Prepper to support OpenSearch 2.0. As a follow-up we can best determine how to best refactor the tests for OpenSearch.
There was a problem hiding this comment.
I'd also like to see if we can improve our tests - maybe we will need fewer of these components. But, I'd like to do this in a more phased approach. This phase is currently removing the inheritance model which is imposing OpenSearch internal requirements.
There was a problem hiding this comment.
I just removed the configureClient in favor of always using HTTPS.
…r came from. Include TODO comments for future clean-up. Signed-off-by: David Venable <dlv@amazon.com>
Signed-off-by: David Venable <dlv@amazon.com>
dlvenable
force-pushed
the
decoupling-opensearch-it
branch
from
88e5d8a to
35b7a72
Compare
|
I made a few comment changes and added some |
Description
The
OpenSearchSinkITfile currently inherits fromOpenSearchRestTestCase. This class comes from the OpenSearch Core test framework. It brings in a number of requirements and assumptions, including some validations internal to OpenSearch. Our integration tests should treat OpenSearch as a black box, but that inheritance treats it as a white box.This change copies some methods from
OpenSearchRestTestCaseinto a new classOpenSearchIntegrationHelper. By doing this,OpenSearchSinkITno longer needs to inherit fromOpenSearchRestTestCaseand I have removed that inheritance.There may be future approaches to simplify this even more. But, this was a minimally intrusive solution.
Issues Resolved
Contributes to #593 by moving the
opensearchplugin toward being able to remove the OpenSearch build-tools plugins. It also contributes to #1311 by decoupling our tests from internal specifics that are causing problems with OpenSearch 2.0.Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.