/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */

apply plugin: 'elasticsearch.legacy-java-rest-test'

dependencies {
  javaRestTestImplementation(testArtifact(project(xpackModule('core'))))
  //TODO: update javaRestTests to not rely on any code that it is testing
  javaRestTestImplementation project(path: xpackModule('identity-provider'))
}

testClusters.configureEach {
  testDistribution = 'DEFAULT'

  setting 'xpack.license.self_generated.type', 'trial'

  setting 'xpack.idp.enabled', 'true'
  setting 'xpack.idp.entity_id', 'https://idp.test.es.elasticsearch.org/'
  setting 'xpack.idp.sso_endpoint.redirect', 'http://idp.test.es.elasticsearch.org/test/saml/redirect'
  setting 'xpack.idp.signing.certificate', 'idp-sign.crt'
  setting 'xpack.idp.signing.key', 'idp-sign.key'
  setting 'xpack.idp.privileges.application', 'elastic-cloud'

  setting 'xpack.security.enabled', 'true'
  setting 'xpack.security.authc.token.enabled', 'true'
  setting 'xpack.security.authc.api_key.enabled', 'true'
  setting 'xpack.security.authc.realms.file.file.order', '0'
  setting 'xpack.security.authc.realms.native.native.order', '1'
  setting 'xpack.security.authc.realms.saml.cloud-saml.order', '2'
  setting 'xpack.security.authc.realms.saml.cloud-saml.idp.entity_id', 'https://idp.test.es.elasticsearch.org/'
  setting 'xpack.security.authc.realms.saml.cloud-saml.idp.metadata.path', 'idp-metadata.xml'
  setting 'xpack.security.authc.realms.saml.cloud-saml.sp.entity_id', 'ec:123456:abcdefg'
  // This is a dummy one, we simulate the browser and a web app in our tests
  setting 'xpack.security.authc.realms.saml.cloud-saml.sp.acs', 'https://sp1.test.es.elasticsearch.org/saml/acs'
  setting 'xpack.security.authc.realms.saml.cloud-saml.attributes.principal', 'https://idp.test.es.elasticsearch.org/attribute/principal'
  setting 'xpack.security.authc.realms.saml.cloud-saml.attributes.name', 'https://idp.test.es.elasticsearch.org/attribute/name'
  setting 'logger.org.elasticsearch.xpack.security.authc.saml', 'TRACE'
  setting 'logger.org.elasticsearch.xpack.idp', 'TRACE'
  rolesFile file('src/javaRestTest/resources/roles.yml')
  extraConfigFile 'idp-sign.crt', file('src/javaRestTest/resources/idp-sign.crt')
  extraConfigFile 'idp-sign.key', file('src/javaRestTest/resources/idp-sign.key')
  extraConfigFile 'wildcard_services.json', file('src/javaRestTest/resources/wildcard_services.json')
  // The SAML SP is preconfigured with the metadata of the IDP
  extraConfigFile 'idp-metadata.xml', file('src/javaRestTest/resources/idp-metadata.xml')

  user username: "admin_user", password: "admin-password"
  user username: "idp_admin", password: "idp-password", role: "idp_admin"
  user username: "idp_user", password: "idp-password", role: "idp_user"
}

// We don't support the IDP in FIPS-140 mode, so no need to run java rest tests
tasks.named("javaRestTest").configure {
  buildParams.withFipsEnabledOnly(it)
}