Rework implementation.

Signed-off-by: Yury-Fridlyand <[email protected]>

Author: Yury-Fridlyand

integ-test/build.gradle

@@ -24,12 +24,12 @@
 
 import org.opensearch.gradle.test.RestIntegTestTask
 import org.opensearch.gradle.testclusters.StandaloneRestIntegTestTask
+import org.opensearch.gradle.testclusters.OpenSearchCluster
 
+import groovy.xml.XmlParser
 import java.nio.file.Paths
-import java.time.LocalDateTime
 import java.util.concurrent.Callable
 import java.util.stream.Collectors
-import groovy.xml.XmlParser
 
 plugins {
     id "de.undercouch.download" version "5.3.0"
@@ -74,6 +74,63 @@ ext {
 
         return repo + "opensearch-security-${securitySnapshotVersion}.zip"
     }
+
+    File downloadedSecurityPlugin = null
+
+    configureSecurityPlugin = { OpenSearchCluster cluster ->
+
+        cluster.getNodes().forEach { node ->
+            node.getCredentials().add(Map.of('useradd', 'admin', '-p', 'admin'))
+        }
+
+        var projectAbsPath = projectDir.getAbsolutePath()
+
+        // add a check to avoid re-downloading multiple times during single test run
+        if (downloadedSecurityPlugin == null) {
+            downloadedSecurityPlugin = Paths.get(projectAbsPath, 'bin', 'opensearch-security-snapshot.zip').toFile()
+            download.run {
+                src getSecurityPluginDownloadLink()
+                dest downloadedSecurityPlugin
+            }
+        }
+
+        // Config below including files are copied from security demo configuration
+        ['esnode.pem', 'esnode-key.pem', 'root-ca.pem'].forEach { file ->
+            File local = Paths.get(projectAbsPath, 'bin', file).toFile()
+            download.run {
+                src "https://raw.githubusercontent.com/opensearch-project/security/main/bwc-test/src/test/resources/security/" + file
+                dest local
+                overwrite false
+            }
+            cluster.extraConfigFile file, local
+        }
+        [
+            'plugins.security.ssl.transport.pemcert_filepath' : 'esnode.pem',
+            'plugins.security.ssl.transport.pemkey_filepath' : 'esnode-key.pem',
+            'plugins.security.ssl.transport.pemtrustedcas_filepath' : 'root-ca.pem',
+            'plugins.security.ssl.transport.enforce_hostname_verification' : 'false',
+            // https is disabled : because `OpenSearchCluster` is hardcoded to validate cluster health by http
+            // refer how IT framework implemented in security plugin and reuse/copy to activate https
+            'plugins.security.ssl.http.enabled' : 'false',
+            'plugins.security.ssl.http.pemcert_filepath' : 'esnode.pem',
+            'plugins.security.ssl.http.pemkey_filepath' : 'esnode-key.pem',
+            'plugins.security.ssl.http.pemtrustedcas_filepath' : 'root-ca.pem',
+            'plugins.security.allow_unsafe_democertificates' : 'true',
+
+            'plugins.security.allow_default_init_securityindex' : 'true',
+            //'plugins.security.authcz.admin_dn' : 'CN=kirk,OU=client,O=client,L=test,C=de',
+            'plugins.security.authcz.admin_dn' : 'CN=admin,OU=SSL,O=Test,L=Test,C=DE',
+            'plugins.security.audit.type' : 'internal_opensearch',
+            'plugins.security.enable_snapshot_restore_privilege' : 'true',
+            'plugins.security.check_snapshot_restore_write_privileges' : 'true',
+            'plugins.security.restapi.roles_enabled' : '["all_access", "security_rest_api_access"]',
+            'plugins.security.system_indices.enabled' : 'true'
+        ].forEach { name, value ->
+            cluster.setting name, value
+        }
+
+        cluster.plugin provider((Callable<RegularFile>) (() -> (RegularFile) (() -> downloadedSecurityPlugin)))
+    }
 }
 
 tasks.withType(licenseHeaders.class) {
@@ -142,73 +199,23 @@ compileTestJava {
 
 testClusters.all {
     testDistribution = 'archive'
+    plugin ":opensearch-sql-plugin"
 
     // debug with command, ./gradlew opensearch-sql:run -DdebugJVM. --debug-jvm does not work with keystore.
     if (System.getProperty("debugJVM") != null) {
         jvmArgs '-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005'
     }
 }
 
-testClusters.integTest {
-    plugin ":opensearch-sql-plugin"
-    setting "plugins.query.datasources.encryption.masterkey", "1234567812345678"
-}
-
-File downloadedSecurityPlugin = null
-
 testClusters {
+    integTest {
+        setting "plugins.query.datasources.encryption.masterkey", "1234567812345678"
+    }
     remoteCluster {
-        plugin ":opensearch-sql-plugin"
     }
-    integTestWithSecurity { // OpenSearchCluster
-
-        getNodes().forEach { node ->
-            node.getCredentials().add(Map.of('useradd', 'admin', '-p', 'admin'))
-        }
-
-        var projectAbsPath = projectDir.getAbsolutePath()
-
-        // add a check to avoid re-downloading multiple times during single test run
-        if (downloadedSecurityPlugin == null) {
-            downloadedSecurityPlugin = Paths.get(projectAbsPath, 'bin', 'opensearch-security-snapshot.zip').toFile()
-            download.run {
-                src getSecurityPluginDownloadLink()
-                dest downloadedSecurityPlugin
-            }
-        }
-
-        // Config below including files are copied from security demo configuration
-        ['esnode.pem', 'esnode-key.pem', 'root-ca.pem'].forEach { file ->
-            File local = Paths.get(projectAbsPath, 'bin', file).toFile()
-            download.run {
-                src "https://raw.githubusercontent.com/opensearch-project/security/main/bwc-test/src/test/resources/security/" + file
-                dest local
-                overwrite false
-            }
-            extraConfigFile file, local
-        }
-        setting 'plugins.security.ssl.transport.pemcert_filepath', 'esnode.pem'
-        setting 'plugins.security.ssl.transport.pemkey_filepath', 'esnode-key.pem'
-        setting 'plugins.security.ssl.transport.pemtrustedcas_filepath', 'root-ca.pem'
-        setting 'plugins.security.ssl.transport.enforce_hostname_verification', 'false'
-        // https is disabled, because `OpenSearchCluster` is hardcoded to validate cluster health by http
-        // refer how IT framework implemented in security plugin and reuse/copy to activate https
-        setting 'plugins.security.ssl.http.enabled', 'false'
-        setting 'plugins.security.ssl.http.pemcert_filepath', 'esnode.pem'
-        setting 'plugins.security.ssl.http.pemkey_filepath', 'esnode-key.pem'
-        setting 'plugins.security.ssl.http.pemtrustedcas_filepath', 'root-ca.pem'
-        setting 'plugins.security.allow_unsafe_democertificates', 'true'
-
-        setting 'plugins.security.allow_default_init_securityindex', 'true'
-        setting 'plugins.security.authcz.admin_dn', 'CN=admin,OU=SSL,O=Test,L=Test,C=DE'//'CN=kirk,OU=client,O=client,L=test, C=de'
-        setting 'plugins.security.audit.type', 'internal_opensearch'
-        setting 'plugins.security.enable_snapshot_restore_privilege', 'true'
-        setting 'plugins.security.check_snapshot_restore_write_privileges', 'true'
-        setting 'plugins.security.restapi.roles_enabled', '["all_access", "security_rest_api_access"]'
-        setting 'plugins.security.system_indices.enabled', 'true'
-
-        plugin ":opensearch-sql-plugin"
-        plugin provider((Callable<RegularFile>) (() -> (RegularFile) (() -> downloadedSecurityPlugin)))
+    integTestWithSecurity {
+    }
+    anotherintegTestWithSecurity {
     }
 }
 
@@ -290,6 +297,15 @@ task integJdbcTest(type: RestIntegTestTask) {
 
 task integTestWithSecurity(type: RestIntegTestTask) {
     useCluster testClusters.integTestWithSecurity
+    useCluster testClusters.anotherintegTestWithSecurity
+
+    // Don't use `getClusters`: cluster order is important. IT framework adds/uses a cluster
+    // named as the task as default and uses it to init default REST client
+    systemProperty "cluster.names", "integTestWithSecurity,anotherintegTestWithSecurity"
+
+    getClusters().forEach { cluster ->
+        configureSecurityPlugin(cluster)
+    }
 
     useJUnitPlatform()
     dependsOn ':opensearch-sql-plugin:bundlePlugin'
@@ -311,6 +327,7 @@ task integTestWithSecurity(type: RestIntegTestTask) {
     doFirst {
         systemProperty 'cluster.debug', getDebug()
         getClusters().forEach { cluster ->
+
             String allTransportSocketURI = cluster.nodes.stream().flatMap { node ->
                 node.getAllTransportPortURI().stream()
             }.collect(Collectors.joining(","))
@@ -320,13 +337,11 @@ task integTestWithSecurity(type: RestIntegTestTask) {
 
             systemProperty "tests.rest.${cluster.name}.http_hosts", "${-> allHttpSocketURI}"
             systemProperty "tests.rest.${cluster.name}.transport_hosts", "${-> allTransportSocketURI}"
-            systemProperty "tests.rest.remoteCluster.http_hosts", "${-> allHttpSocketURI}"
-            systemProperty "tests.rest.remoteCluster.transport_hosts", "${-> allTransportSocketURI}"
-
-            systemProperty "https", "false"
-            systemProperty "user", "admin"
-            systemProperty "password", "admin"
         }
+
+        systemProperty "https", "false"
+        systemProperty "user", "admin"
+        systemProperty "password", "admin"
     }
 
     if (System.getProperty("test.debug") != null) {

integ-test/src/test/java/org/opensearch/sql/legacy/OpenSearchSQLRestTestCase.java

@@ -105,27 +105,25 @@ protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOE
   }
 
   // Modified from initClient in OpenSearchRestTestCase
-  public void initRemoteClient() throws IOException {
-    if (remoteClient == null) {
-      assert remoteAdminClient == null;
-      String cluster = getTestRestCluster(REMOTE_CLUSTER);
-      String[] stringUrls = cluster.split(",");
-      List<HttpHost> hosts = new ArrayList<>(stringUrls.length);
-      for (String stringUrl : stringUrls) {
-        int portSeparator = stringUrl.lastIndexOf(':');
-        if (portSeparator < 0) {
-          throw new IllegalArgumentException("Illegal cluster url [" + stringUrl + "]");
-        }
-        String host = stringUrl.substring(0, portSeparator);
-        int port = Integer.valueOf(stringUrl.substring(portSeparator + 1));
-        hosts.add(buildHttpHost(host, port));
+  public void initRemoteClient(String clusterName) throws IOException {
+    remoteClient = remoteAdminClient = initClient(clusterName);
+  }
+
+  public RestClient initClient(String clusterName) throws IOException {
+    String cluster = getTestRestCluster(clusterName);
+    String[] stringUrls = cluster.split(",");
+    List<HttpHost> hosts = new ArrayList<>(stringUrls.length);
+    for (String stringUrl : stringUrls) {
+      int portSeparator = stringUrl.lastIndexOf(':');
+      if (portSeparator < 0) {
+        throw new IllegalArgumentException("Illegal cluster url [" + stringUrl + "]");
       }
-      final List<HttpHost> clusterHosts = unmodifiableList(hosts);
-      remoteClient = buildClient(restClientSettings(), clusterHosts.toArray(new HttpHost[0]));
-      remoteAdminClient = buildClient(restAdminSettings(), clusterHosts.toArray(new HttpHost[0]));
+      String host = stringUrl.substring(0, portSeparator);
+      int port = Integer.valueOf(stringUrl.substring(portSeparator + 1));
+      hosts.add(buildHttpHost(host, port));
     }
-    assert remoteClient != null;
-    assert remoteAdminClient != null;
+    final List<HttpHost> clusterHosts = unmodifiableList(hosts);
+    return buildClient(restClientSettings(), clusterHosts.toArray(new HttpHost[0]));
   }
 
   /**
@@ -268,15 +266,26 @@ protected static void configureHttpsClient(RestClientBuilder builder, Settings s
    * Initialize rest client to remote cluster,
    * and create a connection to it from the coordinating cluster.
    */
-  public void configureMultiClusters() throws IOException {
-    initRemoteClient();
+  public void configureMultiClusters(String remote)
+      throws IOException {
+    initRemoteClient(remote);
 
     Request connectionRequest = new Request("PUT", "_cluster/settings");
-    String connectionSetting = "{\"persistent\": {\"cluster\": {\"remote\": {\""
-        + REMOTE_CLUSTER
-        + "\": {\"seeds\": [\""
-        + getTestTransportCluster(REMOTE_CLUSTER).split(",")[0]
-        + "\"]}}}}}";
+    String connectionSetting = String.format(
+        "{"
+            + "\"persistent\": {"
+            + "  \"cluster\": {"
+            + "    \"remote\": {"
+            + "      \"%s\": {"
+            + "        \"seeds\": ["
+            + "          \"%s\""
+            + "        ]"
+            + "      }"
+            + "    }"
+            + "  }"
+            + "}"
+            + "}",
+        remote, getTestTransportCluster(remote).split(",")[0]);
     connectionRequest.setJsonEntity(connectionSetting);
     adminClient().performRequest(connectionRequest);
   }

integ-test/src/test/java/org/opensearch/sql/ppl/CrossClusterSearchIT.java

@@ -17,16 +17,19 @@
 import java.io.IOException;
 import lombok.SneakyThrows;
 import org.json.JSONObject;
-import org.junit.Rule;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.rules.ExpectedException;
 import org.opensearch.client.ResponseException;
 
 public class CrossClusterSearchIT extends PPLIntegTestCase {
 
-  @Rule
-  public ExpectedException exceptionRule = ExpectedException.none();
+  // Set second cluster as a remote
+  static {
+    String[] clusterNames = System.getProperty("cluster.names", ",remoteCluster").split(",");
+    REMOTE_CLUSTER = clusterNames[1];
+  }
+
+  public static final String REMOTE_CLUSTER;
 
   private final static String TEST_INDEX_BANK_REMOTE = REMOTE_CLUSTER + ":" + TEST_INDEX_BANK;
   private final static String TEST_INDEX_DOG_REMOTE = REMOTE_CLUSTER + ":" + TEST_INDEX_DOG;
@@ -46,12 +49,12 @@ public void initialize() {
 
   @Override
   protected void init() throws Exception {
-    configureMultiClusters();
+    configureMultiClusters(REMOTE_CLUSTER);
     loadIndex(Index.BANK);
     loadIndex(Index.BANK, remoteClient());
     loadIndex(Index.DOG);
     loadIndex(Index.DOG, remoteClient());
-    loadIndex(Index.ACCOUNT, remoteClient());
+    loadIndex(Index.ACCOUNT);
   }
 
   @Test
@@ -68,11 +71,10 @@ public void testMatchAllCrossClusterSearchAllFields() throws IOException {
 
   @Test
   public void testCrossClusterSearchWithoutLocalFieldMappingShouldFail() throws IOException {
-    exceptionRule.expect(ResponseException.class);
-    exceptionRule.expectMessage("400 Bad Request");
-    exceptionRule.expectMessage("IndexNotFoundException");
-
-    executeQuery(String.format("search source=%s", TEST_INDEX_ACCOUNT_REMOTE));
+    var exception = assertThrows(ResponseException.class, () ->
+        executeQuery(String.format("search source=%s", TEST_INDEX_ACCOUNT_REMOTE)));
+    assertTrue(exception.getMessage().contains("IndexNotFoundException")
+        && exception.getMessage().contains("400 Bad Request"));
   }
 
   @Test