Add support to run tests with admin for security

Signed-off-by: Vacha Shah <vachshah@amazon.com>

yaml_test_runner/skip_with_security.yml

@@ -0,0 +1,196 @@
+# Skip file of features and tests to skip when running with a secure OpenSearch cluster.
+# This is used at compilation time, when compiling tests from the YAML tests, to not generate tests that match
+# on name or features defined below that should be skipped. Accordingly, changing values in this file requires
+# recompiling tests in order for the changes to take effect.
+
+# tests to skip generating and compiling a test for
+features:
+  - node_selector
+  - stash_path_replace
+  - embedded_stash_key
+
+# tests to skip generating and compiling a test for
+tests:
+
+  free/cat.aliases/10_basic.yml:
+    # this test fails as the regex needs a \n before the ending $
+    - "Multiple alias names"
+
+  free/cat.indices/10_basic.yml:
+    # this test fails as the regex needs a \n before the ending $
+    - "Test cat indices using health status"
+
+  free/cat.templates/10_basic.yml:
+    # Regex do not account for hidden templates returned by the request
+    - "Multiple template"
+    - "No templates"
+    - "Sort templates"
+
+  free/indices.flush/10_basic.yml:
+    # uses number as a key into object. serde_json::Value expects a string key
+    - "Index synced flush rest test"
+
+  free/indices.segments/10_basic.yml:
+    # uses number as a key into object. serde_json::Value expects a string key
+    - "basic segments test"
+
+  free/indices.shard_stores/10_basic.yml:
+    # uses number as a key into object. serde_json::Value expects a string key
+    - "basic index test"
+    - "multiple indices test"
+
+  free/indices.stats/12_level.yml:
+    # uses number as a key into object. serde_json::Value expects a string key
+    - "Level - shards"
+
+  free/nodes.info/10_basic.yml:
+    # node has a lot more roles than those checked in the test (expects "ingest", finds "data_cold")
+    - "node_info role test"
+
+  free/search.aggregation/250_moving_fn.yml:
+    # The use of an invalid window interval results in a 400 response which looks like
+    # it suppresses the sending of deprecation headers
+    - "Bad window deprecated interval"
+
+  free/indices.put_mapping/10_basic.yml:
+    # The type parameter is removed in 2.0
+    - "Put mappings with explicit _doc type"
+    - "Put mappings with explicit _doc type bwc"
+
+  free/cat.health/10_basic.yml:
+    # Should be fixed after inclusive naming changes - master -> cluster_manager
+    - "Help"
+
+  free/cat.nodes/10_basic.yml:
+    # Should be fixed after inclusive naming changes - master -> cluster_manager
+    - "Test cat nodes output"
+
+  free/cluster.health/10_basic.yml:
+    # Should be fixed after inclusive naming changes - master -> cluster_manager
+    - "Get cluster health has same value for discovered_master and discovered_cluster_manager"
+    - "cluster health with closed index (pre 7.2.0)"
+    - "cluster health basic test, one index"
+    - "cluster health basic test, one index with wait for active shards"
+    - "cluster health basic test, one index with wait for all active shards"
+
+  free/cluster.reroute/10_basic.yml:
+    # Should be fixed after inclusive naming changes - master -> cluster_manager
+    - "Cluster reroute returns cluster_manager_node"
+
+  free/cluster.reroute/20_response_filtering.yml:
+    # Should be fixed after inclusive naming changes - master -> cluster_manager
+    - "Filter the cluster reroute by cluster_manager_node only should work"
+
+  free/cluster.state/10_basic.yml:
+    # Should be fixed after inclusive naming changes - master -> cluster_manager
+    - "Get cluster state returns cluster_manager_node"
+
+  free/cluster.state/20_filtering.yml:
+    # Should be fixed after inclusive naming changes - master -> cluster_manager
+    - "Filter the cluster state by cluster_manager_node only should work"
+
+  free/cluster.stats/10_basic.yml:
+    # Should be fixed after inclusive naming changes - master -> cluster_manager
+    - "get cluster stats nodes count with both master and cluster_manager"
+
+  free/search/230_interval_query.yml:
+    - "*"
+
+  free/cat.allocation/10_basic.yml:
+    - "Node ID"
+
+  free/cat.count/10_basic.yml:
+    - "Test cat count output"
+
+  free/cat.recovery/10_basic.yml:
+    - "Test cat recovery output"
+
+  free/cat.segments/10_basic.yml:
+    - "Test cat segments output"
+
+  free/cat.shards/10_basic.yml:
+    - "Test cat shards output"
+    - "Test cat shards sort"
+
+  free/cat.snapshots/10_basic.yml:
+    - "Test cat snapshots output"
+
+  free/cluster.allocation_explain/10_basic.yml:
+    - "cluster shard allocation explanation test with empty request"
+
+  free/indices.refresh/10_basic.yml:
+    - "Indices refresh test _all"
+    - "Indices refresh test empty array"
+
+  free/indices.stats/10_index.yml:
+    - "Index - all"
+    - "Index - blank"
+    - "Index - pattern"
+    - "Index - star"
+
+  free/msearch/10_basic.yml:
+    - "Basic multi-search"
+    - "Least impact smoke test"
+
+  free/search/10_source_filtering.yml:
+    - "*"
+
+  free/search/120_batch_reduce_size.yml:
+    - "batched_reduce_size 2 with 5 shards"
+
+  free/search/140_pre_filter_search_shards:
+    - "pre_filter_shard_size with shards that have no hit"
+
+  free/search/20_default_values.yml:
+    - "Search with new response format"
+
+  free/search/40_indices_boost.yml:
+    - "*"
+
+  free/search/140_pre_filter_search_shards.yml:
+    - "pre_filter_shard_size with shards that have no hit"
+
+  free/search.aggregation/100_avg_metric.yml:
+    - "Aggregating wrong datatype test"
+
+  free/search.aggregation/10_histogram.yml:
+    - "Basic test"
+    - "Format test"
+
+  free/search.aggregation/110_max_metric.yml:
+    - "Aggregating wrong datatype test"
+
+  free/search.aggregation/120_min_metric.yml:
+    - "Aggregating wrong datatype test"
+
+  free/search.aggregation/130_sum_metric.yml:
+    - "Aggregating wrong datatype test"
+
+  free/search.aggregation/180_percentiles_tdigest_metric.yml:
+    - "Invalid params test"
+
+  free/search.aggregation/190_percentiles_hdr_metric.yml:
+    - "Basic test"
+    - "Invalid params test"
+
+  free/search.aggregation/20_terms.yml:
+    - "*"
+
+  free/search.aggregation/260_weighted_avg.yml:
+    - "Basic test"
+
+  free/search.aggregation/280_rare_terms.yml:
+    - "*"
+
+  free/search.aggregation/40_range.yml:
+    - "*"
+
+  free/search.aggregation/50_filter.yml:
+    - "As a child of terms"
+
+  free/snapshot.create/10_basic.yml:
+    - "Create a snapshot"
+
+  free/snapshot.restore/10_basic.yml:
+    - "Create a snapshot and then restore it"
+

yaml_test_runner/src/generator.rs

@@ -43,7 +43,11 @@ use std::{
     io::Write,
     path::{Path, PathBuf},
 };
+use opensearch::{
+    DEFAULT_ADDRESS,
+};
 use yaml_rust::{Yaml, YamlLoader};
+use url::Url;
 
 /// The test suite to compile
 #[derive(Debug, PartialEq)]
@@ -365,6 +369,13 @@ impl TestFn {
     }
 }
 
+fn cluster_addr() -> String {
+    match std::env::var("OPENSEARCH_URL") {
+        Ok(server) => server,
+        Err(_) => DEFAULT_ADDRESS.into(),
+    }
+}
+
 /// Items to globally skip
 #[derive(Deserialize)]
 struct GlobalSkip {
@@ -380,7 +391,12 @@ pub fn generate_tests_from_yaml(
     download_dir: &PathBuf,
     generated_dir: &PathBuf,
 ) -> Result<(), failure::Error> {
-    let skips = serde_yaml::from_str::<GlobalSkip>(include_str!("./../skip.yml"))?;
+    let url = Url::parse(cluster_addr().as_ref()).unwrap();
+    let skips = if url.scheme() == "https" {
+        serde_yaml::from_str::<GlobalSkip>(include_str!("./../skip_with_security.yml"))?
+    } else {
+        serde_yaml::from_str::<GlobalSkip>(include_str!("./../skip.yml"))?
+    };
     let paths = fs::read_dir(download_dir)?;
     for entry in paths {
         if let Ok(entry) = entry {

yaml_test_runner/tests/common/client.rs

@@ -29,10 +29,14 @@
  */
 
 use once_cell::sync::Lazy;
+use std::fs::File;
+use std::io::Read;
 use opensearch::{
-    auth::Credentials,
+    auth::{
+        Credentials,
+        ClientCertificate
+    },
     cert::CertificateValidation,
-    cluster::ClusterHealthParts,
     http::{
         response::Response,
         transport::{SingleNodeConnectionPool, TransportBuilder},
@@ -41,9 +45,8 @@ use opensearch::{
     indices::{
         IndicesDeleteParts,
     },
-    params::{ExpandWildcards, WaitForStatus},
+    params::ExpandWildcards,
     snapshot::{SnapshotDeleteParts, SnapshotDeleteRepositoryParts},
-    tasks::TasksCancelParts,
     Error, OpenSearch, DEFAULT_ADDRESS,
 };
 use serde_json::{Value};
@@ -65,28 +68,15 @@ fn running_proxy() -> bool {
 }
 
 static GLOBAL_CLIENT: Lazy<OpenSearch> = Lazy::new(|| {
-    let mut url = Url::parse(cluster_addr().as_ref()).unwrap();
+    let url = Url::parse(cluster_addr().as_ref()).unwrap();
 
-    // if the url is https and specifies a username and password, remove from the url and set credentials
+    // if the url is https, set credentials
     let credentials = if url.scheme() == "https" {
-        let username = if !url.username().is_empty() {
-            let u = url.username().to_string();
-            url.set_username("").unwrap();
-            u
-        } else {
-            "admin".into()
-        };
-
-        let password = match url.password() {
-            Some(p) => {
-                let pass = p.to_string();
-                url.set_password(None).unwrap();
-                pass
-            }
-            None => "admin".into(),
-        };
-
-        Some(Credentials::Basic(username, password))
+        let mut buf = Vec::new();
+        let mut f = File::open("tests/common/kirk.p12").expect("Unable to open file");
+        f.read_to_end(&mut buf).expect("Unable to read vec");
+        let cert = ClientCertificate::Pkcs12(buf, Some("".to_string()));
+        Some(Credentials::Certificate(cert))
     } else {
         None
     };