From d867f9b509979b0d061969e8e53389d79e4c800c Mon Sep 17 00:00:00 2001
From: bowenlan-amzn <bowenlan23@gmail.com>
Date: Wed, 16 Nov 2022 18:38:58 -0800
Subject: [PATCH] add more settings

Signed-off-by: bowenlan-amzn <bowenlan23@gmail.com>
---
 .gitignore                                    |  1 +
 build.gradle                                  | 51 ++++++++++++++++++-
 .../indexmanagement/ODFERestTestCase.kt       | 24 +++++++--
 src/test/resources/test-security.policy       |  3 --
 4 files changed, 70 insertions(+), 9 deletions(-)
 delete mode 100644 src/test/resources/test-security.policy

diff --git a/.gitignore b/.gitignore
index 67a223b7a..3ea494d86 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@ build/
 out/
 .idea/*
 !.idea/copyright
+.vscode
 *.ipr
 *.iws
 .DS_Store
diff --git a/build.gradle b/build.gradle
index cca99aa5f..d77eb1ba0 100644
--- a/build.gradle
+++ b/build.gradle
@@ -3,9 +3,13 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+
+import org.opensearch.gradle.testclusters.OpenSearchCluster
 import org.opensearch.gradle.testclusters.TestClusterConfiguration
 import org.opensearch.gradle.testclusters.StandaloneRestIntegTestTask
 
+import java.nio.charset.StandardCharsets
+import java.nio.file.Files
 import java.util.concurrent.Callable
 import java.util.concurrent.TimeUnit
 import java.util.function.Predicate
@@ -395,11 +399,42 @@ testClusters.integTest {
     setting 'path.repo', repo.absolutePath
 }
 
+def configureCluster(OpenSearchCluster cluster, Boolean securityEnabled) {
+    // clear existing health checks as we will need custom handling based on
+    // security plugin installation
+    cluster.@waitConditions.clear()
+    String unicastUris = cluster.nodes.stream().flatMap { node ->
+        node.getAllTransportPortURI().stream()
+    }.collect(Collectors.joining("\n"))
+    cluster.nodes.forEach {node ->
+        try {
+            // Manually write the unicast hosts as we are not depending on the internal method
+            Files.write(node.getConfigDir().resolve("unicast_hosts.txt"), unicastUris.getBytes(StandardCharsets.UTF_8));
+        } catch (IOException e) {
+            throw new java.io.UncheckedIOException("Failed to write configuation files for " + this, e);
+        }
+    }
+
+    // Health check based on security plugin installation
+    // Predicate pred = { OpenSearchCluster c ->
+    //     String protocol = "http"
+    //     if(securityEnabled && !c.name.equalsIgnoreCase("integTest")) {
+    //         protocol = "https"
+    //     }
+    //     CrossClusterWaitForHttpResource wait = new CrossClusterWaitForHttpResource(protocol, cluster.getFirstNode().getHttpSocketURI(), cluster.nodes.size())
+    //     wait.setUsername("admin")
+    //     wait.setPassword("admin")
+    //     return wait.wait(500)
+    // }
+    //
+    // cluster.@waitConditions.put("cluster health yellow", pred)
+    // cluster.waitForAllConditions()
+}
+
 integTest {
     systemProperty 'tests.security.manager', 'false'
     systemProperty 'java.io.tmpdir', opensearch_tmp_dir.absolutePath
     systemProperty 'buildDir', buildDir.path
-    systemProperty "java.security.policy", "file://${projectDir}/src/test/resources/test-security.policy"
     systemProperty "https", System.getProperty("https")
     systemProperty "security", System.getProperty("security")
     systemProperty "user", System.getProperty("user", "admin")
@@ -413,7 +448,17 @@ integTest {
         // There seems to be an issue when running multi node run or integ tasks with unicast_hosts
         // not being written, the waitForAllConditions ensures it's written
         getClusters().forEach { cluster ->
-            cluster.waitForAllConditions()
+            String alltransportSocketURI = cluster.nodes.stream().flatMap { node ->
+                node.getAllTransportPortURI().stream()
+            }.collect(Collectors.joining(","))
+            String allHttpSocketURI = cluster.nodes.stream().flatMap { node ->
+                node.getAllHttpSocketURI().stream()
+            }.collect(Collectors.joining(","))
+
+            println("transport socket uri: ${alltransportSocketURI}")
+            println("http socket uri: ${allHttpSocketURI}")
+            // cluster.waitForAllConditions()
+            configureCluster(cluster, securityEnabled)
         }
     }
 
@@ -692,6 +737,8 @@ apply from: 'build-tools/pkgbuild.gradle'
 // and new version mixed in one cluster
 import org.opensearch.gradle.test.RestIntegTestTask
 
+import java.util.stream.Collectors
+
 def mixedClusterTest = project.tasks.create('mixedCluster', RestIntegTestTask.class)
 def mixedClusterFlag = findProperty('mixed') as Boolean ?: false
 println("mixed cluster flag: $mixedClusterFlag")
diff --git a/src/test/kotlin/org/opensearch/indexmanagement/ODFERestTestCase.kt b/src/test/kotlin/org/opensearch/indexmanagement/ODFERestTestCase.kt
index 59b57b668..62247669c 100644
--- a/src/test/kotlin/org/opensearch/indexmanagement/ODFERestTestCase.kt
+++ b/src/test/kotlin/org/opensearch/indexmanagement/ODFERestTestCase.kt
@@ -108,16 +108,32 @@ abstract class ODFERestTestCase : OpenSearchRestTestCase() {
             val keystore = settings.get(OPENSEARCH_SECURITY_SSL_HTTP_KEYSTORE_FILEPATH)
             return when (keystore != null) {
                 true -> {
+                    println("Build super admin client")
                     // create adminDN (super-admin) client
-                    val uri = javaClass.classLoader.getResource("security/sample.pem").toURI()
-                    val configPath = PathUtils.get(uri).parent.toAbsolutePath()
-                    SecureRestClientBuilder(settings, configPath).setSocketTimeout(60000).build()
+                    // val uri = javaClass.classLoader.getResource("security/sample.pem")?.toURI()
+                    // val configPath = PathUtils.get(uri).parent.toAbsolutePath()
+                    // SecureRestClientBuilder(settings, configPath).setSocketTimeout(60000).build()
+
+                    val userName = System.getProperty("user")
+                    val password = System.getProperty("password")
+                    println("Build client with user:password $userName:$password")
+                    val httpsHosts = hosts.map {
+                        println("Host uri ${it.toURI()}")
+                        HttpHost.create("https://${it.toURI()}")
+                    }
+                    SecureRestClientBuilder(httpsHosts.toTypedArray(), isHttps(), userName, password).setSocketTimeout(60000).build()
                 }
                 false -> {
                     // create client with passed user
+                    println("Build admin client")
                     val userName = System.getProperty("user")
                     val password = System.getProperty("password")
-                    SecureRestClientBuilder(hosts, isHttps(), userName, password).setSocketTimeout(60000).build()
+                    println("Build client with user:password $userName:$password")
+                    val httpsHosts = hosts.map {
+                        println("Host uri ${it.toURI()}")
+                        HttpHost.create("https://${it.toURI()}")
+                    }
+                    SecureRestClientBuilder(httpsHosts.toTypedArray(), isHttps(), userName, password).setSocketTimeout(60000).build()
                 }
             }
         } else {
diff --git a/src/test/resources/test-security.policy b/src/test/resources/test-security.policy
deleted file mode 100644
index 406e90228..000000000
--- a/src/test/resources/test-security.policy
+++ /dev/null
@@ -1,3 +0,0 @@
-grant {
-  permission java.io.FilePermission "${build.dir}/-", "read,write,delete";
-};