Tests that create data in ES fails with security

[lukas-vlcek]

If test needs to create a new ES client, such as when the test needs to create data in ES, then it uses the default ES client settings (i.e. non-secured http://localhost:9200). Once the security (see #1) is implemented we will need to fix such tests to be able to create correctly configured ES client.

As of writing this concerns about 2-3 tests out of all.

[richm]

The problem is that searchguard generates its certificates with the X509v3 Subject Alternative Name extension with the value Registered ID:1.2.3.4.5.5. python ssl doesn't like this. origin-aggregated-logging had to disable this extension in externally facing certs: https://github.com/openshift/origin-aggregated-logging/blob/master/deployer/scripts/util.sh#L17 I think we have to do the same.

[richm]

openssl bug: https://bugzilla.redhat.com/show_bug.cgi?id=1402153

[richm]

python bug: https://bugzilla.redhat.com/show_bug.cgi?id=1402154

[lukas-vlcek]

This is not related, the security has been finally fixed (thanks @richm !). The issue here is that some tests are still failing because they are creating their own ES client to create data in ES first (like for example here). And the clients are not passed any security certs options in case ES is secured.

I need to fix this, in fact all the tests are not really unit tests but more like integration tests. I need to rework how the ES client is created so that it can be reused by both the code logic AND the tests. It shouldn't be hard. I am on it now...