src/test/java/com/google/gerrit/opensearch/OpenSearchTestUtils.java - modules/index-opensearch - Git at Google

 // Copyright (C) 2026 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package com.google.gerrit.opensearch;

 import static com.google.common.truth.Truth.assertWithMessage;

 import com.google.gerrit.index.IndexDefinition;
 import com.google.gerrit.server.LibModuleType;
 import com.google.gerrit.testing.GerritTestName;
 import com.google.gerrit.testing.InMemoryModule;
 import com.google.gerrit.testing.IndexConfig;
 import com.google.inject.AbstractModule;
 import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.Key;
 import com.google.inject.TypeLiteral;
 import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
 import java.util.UUID;
 import javax.net.ssl.SSLContext;
 import org.apache.hc.client5.http.auth.AuthScope;
 import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
 import org.apache.hc.client5.http.classic.methods.HttpPost;
 import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
 import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
 import org.apache.hc.client5.http.impl.classic.HttpClients;
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
 import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
 import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
 import org.apache.hc.core5.http.ClassicHttpResponse;
 import org.apache.hc.core5.http.HttpStatus;
 import org.apache.hc.core5.http.io.entity.EntityUtils;
 import org.apache.hc.core5.ssl.SSLContextBuilder;
 import org.eclipse.jgit.lib.Config;

 public final class OpenSearchTestUtils {
   private static final String OPENSEARCH_USERNAME = "admin";

   public static void configure(Config config, Container container, String prefix) {
     config.setString("index", null, "type", "opensearch");
     config.setString("opensearch", null, "server", container.getHttpHost().toURI());
     config.setString("opensearch", null, "prefix", prefix);
     config.setInt("index", null, "maxLimit", 10000);
     if (container.isSecurityEnabled()) {
       config.setString("opensearch", null, "username", OPENSEARCH_USERNAME);
       config.setString("opensearch", null, "password", container.getPassword());
     }
   }

   public static void createAllIndexes(Injector injector) {
     Collection<IndexDefinition<?, ?, ?>> indexDefs =
         injector.getInstance(Key.get(new TypeLiteral<Collection<IndexDefinition<?, ?, ?>>>() {}));
     for (IndexDefinition<?, ?, ?> indexDef : indexDefs) {
       indexDef.getIndexCollection().getSearchIndex().deleteAll();
     }
   }

   public static Config getConfig(OpenSearchVersion version) {
     Container container = Container.createAndStart(version);
     String indicesPrefix = UUID.randomUUID().toString();
     Config cfg = new Config();
     configure(cfg, container, indicesPrefix);
     return cfg;
   }

   public static Config createConfig() {
     Config cfg = IndexConfig.create();
     return cfg;
   }

   public static void configureOpenSearchModule(Config openSearchConfig) {
     openSearchConfig.setString(
         "index",
         null,
         "install" + LibModuleType.INDEX_MODULE_TYPE.getConfigKey(),
         "com.google.gerrit.opensearch.OpenSearchIndexModule");
   }

   public static class ContainerTestModule extends AbstractModule {
     private final Container container;

     ContainerTestModule(Container container) {
       this.container = container;
     }

     @Override
     protected void configure() {
       bind(RestClientProvider.class).to(ContainerRestClientProvider.class);
       bind(Container.class).toInstance(container);
     }
   }

   public static Injector createInjector(
       Config config, GerritTestName testName, Container container) {
     Config opensearchConfig = new Config(config);
     OpenSearchTestUtils.configureOpenSearchModule(opensearchConfig);
     InMemoryModule.setDefaults(opensearchConfig);
     String indicesPrefix = testName.getSanitizedMethodName();
     OpenSearchTestUtils.configure(opensearchConfig, container, indicesPrefix);
     return Guice.createInjector(
         new ContainerTestModule(container), new InMemoryModule(opensearchConfig));
   }

   public static CloseableHttpClient createHttpClient(Container container) {
     if (container.isSecurityEnabled()) {
       try {
         KeyStore trustStore = extractTrustStore(container);
         SSLContext sslContext =
             SSLContextBuilder.create().loadTrustMaterial(trustStore, null).build();
         SSLConnectionSocketFactory sslSocketFactory =
             SSLConnectionSocketFactoryBuilder.create()
                 .setSslContext(sslContext)
                 .setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
                 .build();
         PoolingHttpClientConnectionManager connectionManager =
             PoolingHttpClientConnectionManagerBuilder.create()
                 .setSSLSocketFactory(sslSocketFactory)
                 .build();
         BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
         credentialsProvider.setCredentials(
             new AuthScope(null, -1),
             new UsernamePasswordCredentials(
                 container.getUsername(), container.getPassword().toCharArray()));
         return HttpClients.custom()
             .setConnectionManager(connectionManager)
             .setDefaultCredentialsProvider(credentialsProvider)
             .build();
       } catch (Exception e) {
         throw new RuntimeException("Failed to create SSL HTTP client", e);
       }
     }
     return HttpClients.custom().build();
   }

   public static void closeIndex(
       CloseableHttpClient client, Container container, GerritTestName testName) throws Exception {
     ClassicHttpResponse response =
         client.execute(
             new HttpPost(
                 String.format(
                     "%s/%s*/_close",
                     container.getHttpHost().toURI(), testName.getSanitizedMethodName())));
     int statusCode = response.getCode();
     assertWithMessage(
             "response status code should be %s, but was %s. Full response was %s",
             HttpStatus.SC_OK, statusCode, EntityUtils.toString(response.getEntity()))
         .that(statusCode)
         .isEqualTo(HttpStatus.SC_OK);
   }

   public static KeyStore extractTrustStore(Container container) throws Exception {
     Path certFile = Files.createTempFile("opensearch-cert", ".pem");
     container.copyFileFromContainer("/usr/share/opensearch/config/esnode.pem", certFile.toString());

     CertificateFactory cf = CertificateFactory.getInstance("X.509");
     X509Certificate cert;
     try (InputStream is = Files.newInputStream(certFile)) {
       cert = (X509Certificate) cf.generateCertificate(is);
     }

     KeyStore trustStore = KeyStore.getInstance("JKS");
     trustStore.load(null, null);
     trustStore.setCertificateEntry("opensearch", cert);
     return trustStore;
   }

   private OpenSearchTestUtils() {
     // hide default constructor
   }
 }
	// Copyright (C) 2026 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package com.google.gerrit.opensearch;

	import static com.google.common.truth.Truth.assertWithMessage;

	import com.google.gerrit.index.IndexDefinition;
	import com.google.gerrit.server.LibModuleType;
	import com.google.gerrit.testing.GerritTestName;
	import com.google.gerrit.testing.InMemoryModule;
	import com.google.gerrit.testing.IndexConfig;
	import com.google.inject.AbstractModule;
	import com.google.inject.Guice;
	import com.google.inject.Injector;
	import com.google.inject.Key;
	import com.google.inject.TypeLiteral;
	import java.io.InputStream;
	import java.nio.file.Files;
	import java.nio.file.Path;
	import java.security.KeyStore;
	import java.security.cert.CertificateFactory;
	import java.security.cert.X509Certificate;
	import java.util.Collection;
	import java.util.UUID;
	import javax.net.ssl.SSLContext;
	import org.apache.hc.client5.http.auth.AuthScope;
	import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
	import org.apache.hc.client5.http.classic.methods.HttpPost;
	import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
	import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
	import org.apache.hc.client5.http.impl.classic.HttpClients;
	import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
	import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
	import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
	import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
	import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
	import org.apache.hc.core5.http.ClassicHttpResponse;
	import org.apache.hc.core5.http.HttpStatus;
	import org.apache.hc.core5.http.io.entity.EntityUtils;
	import org.apache.hc.core5.ssl.SSLContextBuilder;
	import org.eclipse.jgit.lib.Config;

	public final class OpenSearchTestUtils {
	private static final String OPENSEARCH_USERNAME = "admin";

	public static void configure(Config config, Container container, String prefix) {
	config.setString("index", null, "type", "opensearch");
	config.setString("opensearch", null, "server", container.getHttpHost().toURI());
	config.setString("opensearch", null, "prefix", prefix);
	config.setInt("index", null, "maxLimit", 10000);
	if (container.isSecurityEnabled()) {
	config.setString("opensearch", null, "username", OPENSEARCH_USERNAME);
	config.setString("opensearch", null, "password", container.getPassword());
	}
	}

	public static void createAllIndexes(Injector injector) {
	Collection<IndexDefinition<?, ?, ?>> indexDefs =
	injector.getInstance(Key.get(new TypeLiteral<Collection<IndexDefinition<?, ?, ?>>>() {}));
	for (IndexDefinition<?, ?, ?> indexDef : indexDefs) {
	indexDef.getIndexCollection().getSearchIndex().deleteAll();
	}
	}

	public static Config getConfig(OpenSearchVersion version) {
	Container container = Container.createAndStart(version);
	String indicesPrefix = UUID.randomUUID().toString();
	Config cfg = new Config();
	configure(cfg, container, indicesPrefix);
	return cfg;
	}

	public static Config createConfig() {
	Config cfg = IndexConfig.create();
	return cfg;
	}

	public static void configureOpenSearchModule(Config openSearchConfig) {
	openSearchConfig.setString(
	"index",
	null,
	"install" + LibModuleType.INDEX_MODULE_TYPE.getConfigKey(),
	"com.google.gerrit.opensearch.OpenSearchIndexModule");
	}

	public static class ContainerTestModule extends AbstractModule {
	private final Container container;

	ContainerTestModule(Container container) {
	this.container = container;
	}

	@Override
	protected void configure() {
	bind(RestClientProvider.class).to(ContainerRestClientProvider.class);
	bind(Container.class).toInstance(container);
	}
	}

	public static Injector createInjector(
	Config config, GerritTestName testName, Container container) {
	Config opensearchConfig = new Config(config);
	OpenSearchTestUtils.configureOpenSearchModule(opensearchConfig);
	InMemoryModule.setDefaults(opensearchConfig);
	String indicesPrefix = testName.getSanitizedMethodName();
	OpenSearchTestUtils.configure(opensearchConfig, container, indicesPrefix);
	return Guice.createInjector(
	new ContainerTestModule(container), new InMemoryModule(opensearchConfig));
	}

	public static CloseableHttpClient createHttpClient(Container container) {
	if (container.isSecurityEnabled()) {
	try {
	KeyStore trustStore = extractTrustStore(container);
	SSLContext sslContext =
	SSLContextBuilder.create().loadTrustMaterial(trustStore, null).build();
	SSLConnectionSocketFactory sslSocketFactory =
	SSLConnectionSocketFactoryBuilder.create()
	.setSslContext(sslContext)
	.setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
	.build();
	PoolingHttpClientConnectionManager connectionManager =
	PoolingHttpClientConnectionManagerBuilder.create()
	.setSSLSocketFactory(sslSocketFactory)
	.build();
	BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
	credentialsProvider.setCredentials(
	new AuthScope(null, -1),
	new UsernamePasswordCredentials(
	container.getUsername(), container.getPassword().toCharArray()));
	return HttpClients.custom()
	.setConnectionManager(connectionManager)
	.setDefaultCredentialsProvider(credentialsProvider)
	.build();
	} catch (Exception e) {
	throw new RuntimeException("Failed to create SSL HTTP client", e);
	}
	}
	return HttpClients.custom().build();
	}

	public static void closeIndex(
	CloseableHttpClient client, Container container, GerritTestName testName) throws Exception {
	ClassicHttpResponse response =
	client.execute(
	new HttpPost(
	String.format(
	"%s/%s*/_close",
	container.getHttpHost().toURI(), testName.getSanitizedMethodName())));
	int statusCode = response.getCode();
	assertWithMessage(
	"response status code should be %s, but was %s. Full response was %s",
	HttpStatus.SC_OK, statusCode, EntityUtils.toString(response.getEntity()))
	.that(statusCode)
	.isEqualTo(HttpStatus.SC_OK);
	}

	public static KeyStore extractTrustStore(Container container) throws Exception {
	Path certFile = Files.createTempFile("opensearch-cert", ".pem");
	container.copyFileFromContainer("/usr/share/opensearch/config/esnode.pem", certFile.toString());

	CertificateFactory cf = CertificateFactory.getInstance("X.509");
	X509Certificate cert;
	try (InputStream is = Files.newInputStream(certFile)) {
	cert = (X509Certificate) cf.generateCertificate(is);
	}

	KeyStore trustStore = KeyStore.getInstance("JKS");
	trustStore.load(null, null);
	trustStore.setCertificateEntry("opensearch", cert);
	return trustStore;
	}

	private OpenSearchTestUtils() {
	// hide default constructor
	}
	}