From 9c5ef71bc870d62843af2283f7a02a32932f55d7 Mon Sep 17 00:00:00 2001 From: David Turner Date: Fri, 4 Apr 2025 16:27:28 +0100 Subject: [PATCH] Replace `region` with `regionSupplier` in all AWS tests (#126285) Rather than hard-coding a region name we should always auto-generate it randomly during test execution. This commit replaces the remaining fixed `String` arguments with a `Supplier` argument to enable this. --- .../RepositoryS3BasicCredentialsRestIT.java | 3 +- .../RepositoryS3RestReloadCredentialsIT.java | 3 +- .../RepositoryS3SessionCredentialsRestIT.java | 3 +- .../s3/RepositoryS3ClientYamlTestSuiteIT.java | 3 +- ...ryEc2EnvironmentVariableCredentialsIT.java | 8 +++-- .../DiscoveryEc2KeystoreCredentialsIT.java | 8 +++-- ...coveryEc2KeystoreSessionCredentialsIT.java | 8 +++-- ...scoveryEc2SystemPropertyCredentialsIT.java | 8 +++-- .../java/fixture/aws/AwsCredentialsUtils.java | 30 +++++++++++++------ .../main/java/fixture/s3/S3HttpFixture.java | 3 +- ...earchableSnapshotsCredentialsReloadIT.java | 3 +- 11 files changed, 53 insertions(+), 27 deletions(-) diff --git a/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3BasicCredentialsRestIT.java b/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3BasicCredentialsRestIT.java index cd17138a16fea..5d82892cd3d71 100644 --- a/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3BasicCredentialsRestIT.java +++ b/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3BasicCredentialsRestIT.java @@ -20,6 +20,7 @@ import org.junit.rules.RuleChain; import org.junit.rules.TestRule; +import static fixture.aws.AwsCredentialsUtils.ANY_REGION; import static fixture.aws.AwsCredentialsUtils.fixedAccessKey; @ThreadLeakFilters(filters = { TestContainersThreadFilter.class }) @@ -33,7 +34,7 @@ public class RepositoryS3BasicCredentialsRestIT extends AbstractRepositoryS3Rest private static final String SECRET_KEY = PREFIX + "secret-key"; private static final String CLIENT = "basic_credentials_client"; - private static final S3HttpFixture s3Fixture = new S3HttpFixture(true, BUCKET, BASE_PATH, fixedAccessKey(ACCESS_KEY, "*", "s3")); + private static final S3HttpFixture s3Fixture = new S3HttpFixture(true, BUCKET, BASE_PATH, fixedAccessKey(ACCESS_KEY, ANY_REGION, "s3")); public static ElasticsearchCluster cluster = ElasticsearchCluster.local() .module("repository-s3") diff --git a/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3RestReloadCredentialsIT.java b/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3RestReloadCredentialsIT.java index 0d133b30b5e39..1d79e730f4c18 100644 --- a/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3RestReloadCredentialsIT.java +++ b/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3RestReloadCredentialsIT.java @@ -26,6 +26,7 @@ import java.io.IOException; +import static fixture.aws.AwsCredentialsUtils.ANY_REGION; import static fixture.aws.AwsCredentialsUtils.mutableAccessKey; import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.Matchers.allOf; @@ -43,7 +44,7 @@ public class RepositoryS3RestReloadCredentialsIT extends ESRestTestCase { true, BUCKET, BASE_PATH, - mutableAccessKey(() -> repositoryAccessKey, "*", "s3") + mutableAccessKey(() -> repositoryAccessKey, ANY_REGION, "s3") ); private static final MutableSettingsProvider keystoreSettings = new MutableSettingsProvider(); diff --git a/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3SessionCredentialsRestIT.java b/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3SessionCredentialsRestIT.java index c0b5aa989281c..50e4cd4a00490 100644 --- a/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3SessionCredentialsRestIT.java +++ b/modules/repository-s3/src/javaRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3SessionCredentialsRestIT.java @@ -20,6 +20,7 @@ import org.junit.rules.RuleChain; import org.junit.rules.TestRule; +import static fixture.aws.AwsCredentialsUtils.ANY_REGION; import static fixture.aws.AwsCredentialsUtils.fixedAccessKeyAndToken; @ThreadLeakFilters(filters = { TestContainersThreadFilter.class }) @@ -38,7 +39,7 @@ public class RepositoryS3SessionCredentialsRestIT extends AbstractRepositoryS3Re true, BUCKET, BASE_PATH, - fixedAccessKeyAndToken(ACCESS_KEY, SESSION_TOKEN, "*", "s3") + fixedAccessKeyAndToken(ACCESS_KEY, SESSION_TOKEN, ANY_REGION, "s3") ); public static ElasticsearchCluster cluster = ElasticsearchCluster.local() diff --git a/modules/repository-s3/src/yamlRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3ClientYamlTestSuiteIT.java b/modules/repository-s3/src/yamlRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3ClientYamlTestSuiteIT.java index c0b7b447f8860..a3210868ec245 100644 --- a/modules/repository-s3/src/yamlRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3ClientYamlTestSuiteIT.java +++ b/modules/repository-s3/src/yamlRestTest/java/org/elasticsearch/repositories/s3/RepositoryS3ClientYamlTestSuiteIT.java @@ -23,6 +23,7 @@ import org.junit.rules.RuleChain; import org.junit.rules.TestRule; +import static fixture.aws.AwsCredentialsUtils.ANY_REGION; import static fixture.aws.AwsCredentialsUtils.fixedAccessKey; @ThreadLeakFilters(filters = { TestContainersThreadFilter.class }) @@ -36,7 +37,7 @@ public class RepositoryS3ClientYamlTestSuiteIT extends AbstractRepositoryS3Clien true, "bucket", "base_path_integration_tests", - fixedAccessKey(ACCESS_KEY, "*", "s3") + fixedAccessKey(ACCESS_KEY, ANY_REGION, "s3") ); public static ElasticsearchCluster cluster = ElasticsearchCluster.local() diff --git a/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2EnvironmentVariableCredentialsIT.java b/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2EnvironmentVariableCredentialsIT.java index 620aa3d9b7282..f3bb4a821008f 100644 --- a/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2EnvironmentVariableCredentialsIT.java +++ b/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2EnvironmentVariableCredentialsIT.java @@ -9,6 +9,7 @@ package org.elasticsearch.discovery.ec2; +import fixture.aws.DynamicRegionSupplier; import fixture.aws.ec2.AwsEc2HttpFixture; import org.elasticsearch.discovery.DiscoveryModule; @@ -19,17 +20,18 @@ import org.junit.rules.TestRule; import java.util.List; +import java.util.function.Supplier; import static fixture.aws.AwsCredentialsUtils.fixedAccessKey; public class DiscoveryEc2EnvironmentVariableCredentialsIT extends DiscoveryEc2ClusterFormationTestCase { private static final String PREFIX = getIdentifierPrefix("DiscoveryEc2EnvironmentVariableCredentialsIT"); - private static final String REGION = PREFIX + "-region"; private static final String ACCESS_KEY = PREFIX + "-access-key"; + private static final Supplier regionSupplier = new DynamicRegionSupplier(); private static final AwsEc2HttpFixture ec2ApiFixture = new AwsEc2HttpFixture( - fixedAccessKey(ACCESS_KEY, REGION, "ec2"), + fixedAccessKey(ACCESS_KEY, regionSupplier, "ec2"), DiscoveryEc2EnvironmentVariableCredentialsIT::getAvailableTransportEndpoints ); @@ -39,7 +41,7 @@ public class DiscoveryEc2EnvironmentVariableCredentialsIT extends DiscoveryEc2Cl .setting(DiscoveryModule.DISCOVERY_SEED_PROVIDERS_SETTING.getKey(), Ec2DiscoveryPlugin.EC2_SEED_HOSTS_PROVIDER_NAME) .setting("logger." + AwsEc2SeedHostsProvider.class.getCanonicalName(), "DEBUG") .setting(Ec2ClientSettings.ENDPOINT_SETTING.getKey(), ec2ApiFixture::getAddress) - .environment("AWS_REGION", REGION) + .environment("AWS_REGION", regionSupplier) .environment("AWS_ACCESS_KEY_ID", ACCESS_KEY) .environment("AWS_SECRET_ACCESS_KEY", ESTestCase::randomSecretKey) .build(); diff --git a/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2KeystoreCredentialsIT.java b/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2KeystoreCredentialsIT.java index 8721b944d87de..843537152a016 100644 --- a/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2KeystoreCredentialsIT.java +++ b/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2KeystoreCredentialsIT.java @@ -9,6 +9,7 @@ package org.elasticsearch.discovery.ec2; +import fixture.aws.DynamicRegionSupplier; import fixture.aws.ec2.AwsEc2HttpFixture; import org.elasticsearch.discovery.DiscoveryModule; @@ -19,17 +20,18 @@ import org.junit.rules.TestRule; import java.util.List; +import java.util.function.Supplier; import static fixture.aws.AwsCredentialsUtils.fixedAccessKey; public class DiscoveryEc2KeystoreCredentialsIT extends DiscoveryEc2ClusterFormationTestCase { private static final String PREFIX = getIdentifierPrefix("DiscoveryEc2KeystoreCredentialsIT"); - private static final String REGION = PREFIX + "-region"; private static final String ACCESS_KEY = PREFIX + "-access-key"; + private static final Supplier regionSupplier = new DynamicRegionSupplier(); private static final AwsEc2HttpFixture ec2ApiFixture = new AwsEc2HttpFixture( - fixedAccessKey(ACCESS_KEY, REGION, "ec2"), + fixedAccessKey(ACCESS_KEY, regionSupplier, "ec2"), DiscoveryEc2KeystoreCredentialsIT::getAvailableTransportEndpoints ); @@ -39,7 +41,7 @@ public class DiscoveryEc2KeystoreCredentialsIT extends DiscoveryEc2ClusterFormat .setting(DiscoveryModule.DISCOVERY_SEED_PROVIDERS_SETTING.getKey(), Ec2DiscoveryPlugin.EC2_SEED_HOSTS_PROVIDER_NAME) .setting("logger." + AwsEc2SeedHostsProvider.class.getCanonicalName(), "DEBUG") .setting(Ec2ClientSettings.ENDPOINT_SETTING.getKey(), ec2ApiFixture::getAddress) - .environment("AWS_REGION", REGION) + .environment("AWS_REGION", regionSupplier) .keystore("discovery.ec2.access_key", ACCESS_KEY) .keystore("discovery.ec2.secret_key", ESTestCase::randomSecretKey) .build(); diff --git a/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2KeystoreSessionCredentialsIT.java b/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2KeystoreSessionCredentialsIT.java index 5e38f80d22611..058ff3ee629a2 100644 --- a/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2KeystoreSessionCredentialsIT.java +++ b/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2KeystoreSessionCredentialsIT.java @@ -9,6 +9,7 @@ package org.elasticsearch.discovery.ec2; +import fixture.aws.DynamicRegionSupplier; import fixture.aws.ec2.AwsEc2HttpFixture; import org.elasticsearch.discovery.DiscoveryModule; @@ -19,18 +20,19 @@ import org.junit.rules.TestRule; import java.util.List; +import java.util.function.Supplier; import static fixture.aws.AwsCredentialsUtils.fixedAccessKeyAndToken; public class DiscoveryEc2KeystoreSessionCredentialsIT extends DiscoveryEc2ClusterFormationTestCase { private static final String PREFIX = getIdentifierPrefix("DiscoveryEc2KeystoreSessionCredentialsIT"); - private static final String REGION = PREFIX + "-region"; private static final String ACCESS_KEY = PREFIX + "-access-key"; private static final String SESSION_TOKEN = PREFIX + "-session-token"; + private static final Supplier regionSupplier = new DynamicRegionSupplier(); private static final AwsEc2HttpFixture ec2ApiFixture = new AwsEc2HttpFixture( - fixedAccessKeyAndToken(ACCESS_KEY, SESSION_TOKEN, REGION, "ec2"), + fixedAccessKeyAndToken(ACCESS_KEY, SESSION_TOKEN, regionSupplier, "ec2"), DiscoveryEc2KeystoreSessionCredentialsIT::getAvailableTransportEndpoints ); @@ -40,7 +42,7 @@ public class DiscoveryEc2KeystoreSessionCredentialsIT extends DiscoveryEc2Cluste .setting(DiscoveryModule.DISCOVERY_SEED_PROVIDERS_SETTING.getKey(), Ec2DiscoveryPlugin.EC2_SEED_HOSTS_PROVIDER_NAME) .setting("logger." + AwsEc2SeedHostsProvider.class.getCanonicalName(), "DEBUG") .setting(Ec2ClientSettings.ENDPOINT_SETTING.getKey(), ec2ApiFixture::getAddress) - .environment("AWS_REGION", REGION) + .environment("AWS_REGION", regionSupplier) .keystore("discovery.ec2.access_key", ACCESS_KEY) .keystore("discovery.ec2.secret_key", ESTestCase::randomSecretKey) .keystore("discovery.ec2.session_token", SESSION_TOKEN) diff --git a/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2SystemPropertyCredentialsIT.java b/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2SystemPropertyCredentialsIT.java index 745cd0a76b4ff..bd84ffc1655ff 100644 --- a/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2SystemPropertyCredentialsIT.java +++ b/plugins/discovery-ec2/src/javaRestTest/java/org/elasticsearch/discovery/ec2/DiscoveryEc2SystemPropertyCredentialsIT.java @@ -9,6 +9,7 @@ package org.elasticsearch.discovery.ec2; +import fixture.aws.DynamicRegionSupplier; import fixture.aws.ec2.AwsEc2HttpFixture; import org.elasticsearch.discovery.DiscoveryModule; @@ -19,17 +20,18 @@ import org.junit.rules.TestRule; import java.util.List; +import java.util.function.Supplier; import static fixture.aws.AwsCredentialsUtils.fixedAccessKey; public class DiscoveryEc2SystemPropertyCredentialsIT extends DiscoveryEc2ClusterFormationTestCase { private static final String PREFIX = getIdentifierPrefix("DiscoveryEc2SystemPropertyCredentialsIT"); - private static final String REGION = PREFIX + "-region"; private static final String ACCESS_KEY = PREFIX + "-access-key"; + private static final Supplier regionSupplier = new DynamicRegionSupplier(); private static final AwsEc2HttpFixture ec2ApiFixture = new AwsEc2HttpFixture( - fixedAccessKey(ACCESS_KEY, REGION, "ec2"), + fixedAccessKey(ACCESS_KEY, regionSupplier, "ec2"), DiscoveryEc2SystemPropertyCredentialsIT::getAvailableTransportEndpoints ); @@ -39,7 +41,7 @@ public class DiscoveryEc2SystemPropertyCredentialsIT extends DiscoveryEc2Cluster .setting(DiscoveryModule.DISCOVERY_SEED_PROVIDERS_SETTING.getKey(), Ec2DiscoveryPlugin.EC2_SEED_HOSTS_PROVIDER_NAME) .setting("logger." + AwsEc2SeedHostsProvider.class.getCanonicalName(), "DEBUG") .setting(Ec2ClientSettings.ENDPOINT_SETTING.getKey(), ec2ApiFixture::getAddress) - .environment("AWS_REGION", REGION) + .environment("AWS_REGION", regionSupplier) .systemProperty("aws.accessKeyId", ACCESS_KEY) .systemProperty("aws.secretAccessKey", ESTestCase::randomSecretKey) .build(); diff --git a/test/fixtures/aws-fixture-utils/src/main/java/fixture/aws/AwsCredentialsUtils.java b/test/fixtures/aws-fixture-utils/src/main/java/fixture/aws/AwsCredentialsUtils.java index b48398d0719b1..06dac967dff1a 100644 --- a/test/fixtures/aws-fixture-utils/src/main/java/fixture/aws/AwsCredentialsUtils.java +++ b/test/fixtures/aws-fixture-utils/src/main/java/fixture/aws/AwsCredentialsUtils.java @@ -23,24 +23,35 @@ public enum AwsCredentialsUtils { ; + /** + * Region supplier which matches any region. + */ + public static final Supplier ANY_REGION = () -> "*"; + /** * @return an authorization predicate that ensures the authorization header matches the given access key, region and service name. * @see AWS v4 Signatures - * @param region the name of the AWS region used to sign the request, or {@code *} to skip validation of the region parameter + * @param regionSupplier supplies the name of the AWS region used to sign the request, or {@code *} to skip validation of the region + * parameter */ - public static BiPredicate fixedAccessKey(String accessKey, String region, String serviceName) { - return mutableAccessKey(() -> accessKey, region, serviceName); + public static BiPredicate fixedAccessKey(String accessKey, Supplier regionSupplier, String serviceName) { + return mutableAccessKey(() -> accessKey, regionSupplier, serviceName); } /** * @return an authorization predicate that ensures the authorization header matches the access key supplied by the given supplier, * and also matches the given region and service name. * @see AWS v4 Signatures - * @param region the name of the AWS region used to sign the request, or {@code *} to skip validation of the region parameter + * @param regionSupplier supplies the name of the AWS region used to sign the request, or {@code *} to skip validation of the region + * parameter */ - public static BiPredicate mutableAccessKey(Supplier accessKeySupplier, String region, String serviceName) { + public static BiPredicate mutableAccessKey( + Supplier accessKeySupplier, + Supplier regionSupplier, + String serviceName + ) { return (authorizationHeader, sessionTokenHeader) -> authorizationHeader != null - && isValidAwsV4SignedAuthorizationHeader(accessKeySupplier.get(), region, serviceName, authorizationHeader); + && isValidAwsV4SignedAuthorizationHeader(accessKeySupplier.get(), regionSupplier.get(), serviceName, authorizationHeader); } /** @@ -72,16 +83,17 @@ public static boolean isValidAwsV4SignedAuthorizationHeader( /** * @return an authorization predicate that ensures the access key, session token, region and service name all match the given values. * @see AWS v4 Signatures - * @param region the name of the AWS region used to sign the request, or {@code *} to skip validation of the region parameter + * @param regionSupplier supplies the name of the AWS region used to sign the request, or {@code *} to skip validation of the region + * parameter */ public static BiPredicate fixedAccessKeyAndToken( String accessKey, String sessionToken, - String region, + Supplier regionSupplier, String serviceName ) { Objects.requireNonNull(sessionToken); - final var accessKeyPredicate = fixedAccessKey(accessKey, region, serviceName); + final var accessKeyPredicate = fixedAccessKey(accessKey, regionSupplier, serviceName); return (authorizationHeader, sessionTokenHeader) -> accessKeyPredicate.test(authorizationHeader, sessionTokenHeader) && sessionToken.equals(sessionTokenHeader); } diff --git a/test/fixtures/s3-fixture/src/main/java/fixture/s3/S3HttpFixture.java b/test/fixtures/s3-fixture/src/main/java/fixture/s3/S3HttpFixture.java index 2cb9627d4a087..0f71613d21a29 100644 --- a/test/fixtures/s3-fixture/src/main/java/fixture/s3/S3HttpFixture.java +++ b/test/fixtures/s3-fixture/src/main/java/fixture/s3/S3HttpFixture.java @@ -19,6 +19,7 @@ import java.util.Objects; import java.util.function.BiPredicate; +import static fixture.aws.AwsCredentialsUtils.ANY_REGION; import static fixture.aws.AwsCredentialsUtils.checkAuthorization; import static fixture.aws.AwsCredentialsUtils.fixedAccessKey; import static fixture.aws.AwsFixtureUtils.getLocalFixtureAddress; @@ -33,7 +34,7 @@ public class S3HttpFixture extends ExternalResource { private final BiPredicate authorizationPredicate; public S3HttpFixture(boolean enabled) { - this(enabled, "bucket", "base_path_integration_tests", fixedAccessKey("s3_test_access_key", "*", "s3")); + this(enabled, "bucket", "base_path_integration_tests", fixedAccessKey("s3_test_access_key", ANY_REGION, "s3")); } public S3HttpFixture(boolean enabled, String bucket, String basePath, BiPredicate authorizationPredicate) { diff --git a/x-pack/plugin/searchable-snapshots/qa/s3/src/javaRestTest/java/org/elasticsearch/xpack/searchablesnapshots/s3/S3SearchableSnapshotsCredentialsReloadIT.java b/x-pack/plugin/searchable-snapshots/qa/s3/src/javaRestTest/java/org/elasticsearch/xpack/searchablesnapshots/s3/S3SearchableSnapshotsCredentialsReloadIT.java index 5889140bf2bab..f18c845401fb9 100644 --- a/x-pack/plugin/searchable-snapshots/qa/s3/src/javaRestTest/java/org/elasticsearch/xpack/searchablesnapshots/s3/S3SearchableSnapshotsCredentialsReloadIT.java +++ b/x-pack/plugin/searchable-snapshots/qa/s3/src/javaRestTest/java/org/elasticsearch/xpack/searchablesnapshots/s3/S3SearchableSnapshotsCredentialsReloadIT.java @@ -36,6 +36,7 @@ import java.io.IOException; import java.util.function.UnaryOperator; +import static fixture.aws.AwsCredentialsUtils.ANY_REGION; import static fixture.aws.AwsCredentialsUtils.mutableAccessKey; import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.Matchers.allOf; @@ -51,7 +52,7 @@ public class S3SearchableSnapshotsCredentialsReloadIT extends ESRestTestCase { true, BUCKET, BASE_PATH, - mutableAccessKey(() -> repositoryAccessKey, "*", "s3") + mutableAccessKey(() -> repositoryAccessKey, ANY_REGION, "s3") ); private static final MutableSettingsProvider keystoreSettings = new MutableSettingsProvider();