Fix bwc tests by configuring admin client

bwc-test/build.gradle

@@ -142,7 +142,7 @@ def String extractVersion(versionStr) {
                 node.setting("plugins.security.ssl.http.pemtrustedcas_filepath", "root-ca.pem")
                 node.setting("plugins.security.allow_unsafe_democertificates", "true")
                 node.setting("plugins.security.allow_default_init_securityindex", "true")
-                node.setting("plugins.security.authcz.admin_dn", "CN=kirk,OU=client,O=client,L=test,C=de")
+                node.setting("plugins.security.authcz.admin_dn", "\n - CN=kirk,OU=client,O=client,L=test,C=de")
                 node.setting("plugins.security.audit.type", "internal_opensearch")
                 node.setting("plugins.security.enable_snapshot_restore_privilege", "true")
                 node.setting("plugins.security.check_snapshot_restore_write_privileges", "true")

bwc-test/src/test/java/org/opensearch/security/bwc/SecurityBackwardsCompatibilityIT.java

@@ -8,10 +8,14 @@
 package org.opensearch.security.bwc;
 
 import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.nio.file.Path;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -38,10 +42,12 @@
 import org.opensearch.client.RestClient;
 import org.opensearch.client.RestClientBuilder;
 import org.opensearch.common.Randomness;
+import org.opensearch.common.io.PathUtils;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.common.util.concurrent.ThreadContext;
 import org.opensearch.common.util.io.IOUtils;
 import org.opensearch.common.xcontent.support.XContentMapValues;
+import org.opensearch.commons.rest.SecureRestClientBuilder;
 import org.opensearch.security.bwc.helper.RestHelper;
 import org.opensearch.test.rest.OpenSearchRestTestCase;
 
@@ -51,6 +57,7 @@
 import static org.hamcrest.Matchers.hasKey;
 import static org.hamcrest.Matchers.is;
 
+
 public class SecurityBackwardsCompatibilityIT extends OpenSearchRestTestCase {
 
     private ClusterType CLUSTER_TYPE;
@@ -113,6 +120,19 @@ protected final Settings restClientSettings() {
             .build();
     }
 
+    @Override
+    protected Settings restAdminSettings() {
+        return Settings.builder()
+                .put("http.port", 9200)
+                .put("plugins.security.ssl.http.enabled", true)
+                // this is incorrect on common-utils side. It should be using `pemtrustedcas_filepath`
+                .put("plugins.security.ssl.http.pemcert_filepath", "sample.pem")
+                .put("plugins.security.ssl.http.keystore_filepath", "test-kirk.jks")
+                .put("plugins.security.ssl.http.keystore_password", "changeit")
+                .put("plugins.security.ssl.http.keystore_keypassword", "changeit")
+                .build();
+    }
+
     protected RestClient buildClient(Settings settings, HttpHost[] hosts, String username, String password) {
         RestClientBuilder builder = RestClient.builder(hosts);
         configureHttpsClient(builder, settings, username, password);
@@ -122,7 +142,18 @@ protected RestClient buildClient(Settings settings, HttpHost[] hosts, String use
     }
 
     @Override
-    protected RestClient buildClient(Settings settings, HttpHost[] hosts) {
+    protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException {
+        String keystore = settings.get("plugins.security.ssl.http.keystore_filepath");
+        if (Objects.nonNull(keystore)) {
+            URI uri = null;
+            try {
+                uri = this.getClass().getClassLoader().getResource("security/test-kirk.jks").toURI();
+            } catch (URISyntaxException e) {
+                throw new RuntimeException(e);
+            }
+            Path configPath = PathUtils.get(uri).getParent().toAbsolutePath();
+            return new SecureRestClientBuilder(settings, configPath, hosts).build();
+        }
         String username = Optional.ofNullable(System.getProperty("tests.opensearch.username"))
             .orElseThrow(() -> new RuntimeException("user name is missing"));
         String password = Optional.ofNullable(System.getProperty("tests.opensearch.password"))
@@ -185,6 +216,16 @@ public void testDataIngestionAndSearchBackwardsCompatibility() throws Exception
         searchMatchAll(index);
     }
 
+    public void testDebugCertInfo() throws Exception {
+        Response response = RestHelper.makeRequest(
+                adminClient(),
+                "GET",
+                "_plugins/_security/api/certificates",
+                null
+        );
+        assertEquals("SSL certs info endpoint should return 200", 200, response.getStatusLine().getStatusCode());
+    }
+
     public void testNodeStats() throws IOException {
         List<Response> responses = RestHelper.requestAgainstAllNodes(client(), "GET", "_nodes/stats", null);
         responses.forEach(r -> assertThat(r.getStatusLine().getStatusCode(), is(200)));

settings.gradle

@@ -5,3 +5,6 @@
  */
 
 rootProject.name = 'opensearch-security'
+
+include "bwc-test"
+project(":bwc-test").name = rootProject.name + "-bwc-test"