ansible-role-elasticsearch/test/integration/helpers/serverspec/xpack_upgrade_spec.rb

require 'spec_helper'
require 'json'
require 'pathname'
vars = JSON.parse(File.read('/tmp/vars.json'))

es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}"
username = vars['es_api_basic_auth_username']
password = vars['es_api_basic_auth_password']
es_keystore = Pathname.new(vars['es_ssl_keystore']).basename.to_s
es_truststore = Pathname.new(vars['es_ssl_truststore']).basename.to_s

if vars['es_major_version'] == '7.x'
  es_security_api = "_security"
else
  es_security_api = "_xpack/security"
end

shared_examples 'xpack_upgrade::init' do |vars|
  #Test users file, users_roles and roles.yml
  describe file("/etc/elasticsearch/users_roles") do
    it { should be_owned_by 'root' }
    it { should contain 'admin:es_admin' }
    it { should contain 'power_user:testUser' }
  end

  describe file("/etc/elasticsearch/users") do
    it { should be_owned_by 'root' }
    it { should contain 'testUser:' }
    it { should contain 'es_admin:' }
  end

  describe 'security roles' do
    it 'should list the security roles' do
      roles = curl_json("#{es_api_url}/#{es_security_api}/role", username='es_admin', password='changeMeAgain')
      expect(roles.key?('superuser'))
    end
  end

  describe file("/etc/elasticsearch/elasticsearch.yml") do
    if vars['es_major_version'] == '7.x'
      it { should contain 'security.authc.realms.file.file1.order: 0' }
      it { should contain 'security.authc.realms.native.native1.order: 1' }
    else
      it { should contain 'security.authc.realms.file1.order: 0' }
      it { should contain 'security.authc.realms.file1.type: file' }
      it { should contain 'security.authc.realms.native1.order: 1' }
      it { should contain 'security.authc.realms.native1.type: native' }
    end
    it { should contain 'xpack.security.transport.ssl.enabled: true' }
    it { should contain 'xpack.security.http.ssl.enabled: true' }
    it { should contain es_keystore }
    it { should contain es_truststore }
  end

  #Test contents of role_mapping.yml
  describe file("/etc/elasticsearch/role_mapping.yml") do
    it { should be_owned_by 'root' }
    it { should contain 'power_user:' }
    it { should contain '- cn=admins,dc=example,dc=com' }
    it { should contain 'user:' }
    it { should contain '- cn=admins,dc=example,dc=com' }
  end

  #check accounts are correct i.e. we can auth and they have the correct roles
  describe 'kibana4_server access check' do
    it 'should be reported as version '+vars['es_version'] do
      expect(curl_json(es_api_url, username='kibana4_server', password='changeMe')['version']['number']).to eq(vars['es_version'])
    end
  end

  describe 'security users' do
    result = curl_json("#{es_api_url}/#{es_security_api}/user", username=username, password=password)
    it 'should have the elastic user' do
      expect(result['elastic']['username']).to eq('elastic')
      expect(result['elastic']['roles']).to eq(['superuser'])
      expect(result['elastic']['enabled']).to eq(true)
    end
    it 'should have the kibana user' do
      expect(result['kibana']['username']).to eq('kibana')
      expect(result['kibana']['roles']).to eq(['kibana_system'])
      expect(result['kibana']['enabled']).to eq(true)
    end
    it 'should have the kibana_server user' do
      expect(result['kibana4_server']['username']).to eq('kibana4_server')
      expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])
      expect(result['kibana4_server']['enabled']).to eq(true)
    end
    it 'should have the logstash user' do
      expect(result['logstash_system']['username']).to eq('logstash_system')
      expect(result['logstash_system']['roles']).to eq(['logstash_system'])
      expect(result['logstash_system']['enabled']).to eq(true)
    end
  end

  describe 'logstash_system access check' do
    it 'should be reported as version '+vars['es_version'] do
      expect(curl_json(es_api_url, username='logstash_system', password='aNewLogstashPassword')['version']['number']).to eq(vars['es_version'])
    end
  end

  describe 'SSL certificate check' do
    certificates = curl_json("#{es_api_url}/_ssl/certificates", username=username, password=password)
    it 'should list the keystore file' do
      expect(certificates.any? { |cert| cert['path'].include? es_keystore }).to be true
    end
    it 'should list the truststore file' do
      expect(certificates.any? { |cert| cert['path'].include? es_truststore }).to be true
    end
  end
end
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`require 'spec_helper'`
			`require 'json'`
Add tests specifically for SSL certificates 2019-10-22 13:04:56 +01:00			`require 'pathname'`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`vars = JSON.parse(File.read('/tmp/vars.json'))`

Update tests 2019-10-13 16:18:55 +01:00			`es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}"`
			`username = vars['es_api_basic_auth_username']`
			`password = vars['es_api_basic_auth_password']`
Update SSL/TLS tests 2019-10-25 10:18:00 +01:00			`es_keystore = Pathname.new(vars['es_ssl_keystore']).basename.to_s`
			`es_truststore = Pathname.new(vars['es_ssl_truststore']).basename.to_s`
Add tests specifically for SSL certificates 2019-10-22 13:04:56 +01:00
Add tests for SSL and and trial versions 2019-10-18 17:56:55 +01:00			`if vars['es_major_version'] == '7.x'`
			`es_security_api = "_security"`
			`else`
			`es_security_api = "_xpack/security"`
			`end`
Update tests 2019-10-13 16:18:55 +01:00
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`shared_examples 'xpack_upgrade::init' do \|vars\|`
			`#Test users file, users_roles and roles.yml`
clean es_xpack_conf_subdir variable This variable was added to manage specific x-pack dir with version < 6.3 2019-09-05 10:06:26 +02:00			`describe file("/etc/elasticsearch/users_roles") do`
use files permissions from official package 2019-09-18 10:57:07 +02:00			`it { should be_owned_by 'root' }`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`it { should contain 'admin:es_admin' }`
			`it { should contain 'power_user:testUser' }`
			`end`

clean es_xpack_conf_subdir variable This variable was added to manage specific x-pack dir with version < 6.3 2019-09-05 10:06:26 +02:00			`describe file("/etc/elasticsearch/users") do`
use files permissions from official package 2019-09-18 10:57:07 +02:00			`it { should be_owned_by 'root' }`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`it { should contain 'testUser:' }`
			`it { should contain 'es_admin:' }`
			`end`

			`describe 'security roles' do`
			`it 'should list the security roles' do`
Update tests 2019-10-13 16:18:55 +01:00			`roles = curl_json("#{es_api_url}/#{es_security_api}/role", username='es_admin', password='changeMeAgain')`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`expect(roles.key?('superuser'))`
			`end`
			`end`

Remove multi instances support (#566) * remove multi instances support The goal is to stop supporting installation of more than one node in the same host. This commit update the Ansible role README documentation and remove the multi instances kitchen test. * remove systemd and init.d templates As we no more need to support more than one node on the same host, we no more need to override init files provided by elasticsearch official packages. * remove file script feature File scripts have been removed since elasticsearch 6.0 (https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking_60_scripting_changes.html#_file_scripts_removed) * remove custom user and custom group ES_USER and ES_GROUP settings are no longer supported (https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking_60_packaging_changes.html#_configuring_custom_user_and_group_for_package_is_no_longer_allowed) * add upgrade procedure * use same task for license activation with and without authentication 2019-06-03 14:18:09 +02:00			`describe file("/etc/elasticsearch/elasticsearch.yml") do`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`if vars['es_major_version'] == '7.x'`
			`it { should contain 'security.authc.realms.file.file1.order: 0' }`
			`it { should contain 'security.authc.realms.native.native1.order: 1' }`
			`else`
			`it { should contain 'security.authc.realms.file1.order: 0' }`
			`it { should contain 'security.authc.realms.file1.type: file' }`
			`it { should contain 'security.authc.realms.native1.order: 1' }`
[xpack] use elasticsearch default xpack features (#560) - Stop forcing es_xpack_features variable in order to let elasticsearch install default features described in http://localhost:9200/_xpack - Change xpack test scope to be able to test default xpack install - xpack scenario will test xpack install with default features - xpack upgrade scenario will fully test security feature - oss-to-xpack-upgrade will test installing only other specific features - Cleanup some duplicate serverspec tests - Remove `system_key`feature (deprecated in 5.6 and removed in 6.0 - [Breaking Changes 6.0.0](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-6.0.0-xes.html)) - Cleanup some ansible code (especially in `when` conditions) 2019-05-29 12:10:11 +02:00			`it { should contain 'security.authc.realms.native1.type: native' }`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`end`
Update SSL/TLS tests 2019-10-25 10:18:00 +01:00			`it { should contain 'xpack.security.transport.ssl.enabled: true' }`
			`it { should contain 'xpack.security.http.ssl.enabled: true' }`
			`it { should contain es_keystore }`
			`it { should contain es_truststore }`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`end`

			`#Test contents of role_mapping.yml`
clean es_xpack_conf_subdir variable This variable was added to manage specific x-pack dir with version < 6.3 2019-09-05 10:06:26 +02:00			`describe file("/etc/elasticsearch/role_mapping.yml") do`
use files permissions from official package 2019-09-18 10:57:07 +02:00			`it { should be_owned_by 'root' }`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`it { should contain 'power_user:' }`
			`it { should contain '- cn=admins,dc=example,dc=com' }`
			`it { should contain 'user:' }`
			`it { should contain '- cn=admins,dc=example,dc=com' }`
			`end`

			`#check accounts are correct i.e. we can auth and they have the correct roles`
			`describe 'kibana4_server access check' do`
			`it 'should be reported as version '+vars['es_version'] do`
Add tests for SSL and and trial versions 2019-10-18 17:56:55 +01:00			`expect(curl_json(es_api_url, username='kibana4_server', password='changeMe')['version']['number']).to eq(vars['es_version'])`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`end`
			`end`

			`describe 'security users' do`
Add tests specifically for SSL certificates 2019-10-22 13:04:56 +01:00			`result = curl_json("#{es_api_url}/#{es_security_api}/user", username=username, password=password)`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`it 'should have the elastic user' do`
			`expect(result['elastic']['username']).to eq('elastic')`
			`expect(result['elastic']['roles']).to eq(['superuser'])`
			`expect(result['elastic']['enabled']).to eq(true)`
			`end`
			`it 'should have the kibana user' do`
			`expect(result['kibana']['username']).to eq('kibana')`
			`expect(result['kibana']['roles']).to eq(['kibana_system'])`
			`expect(result['kibana']['enabled']).to eq(true)`
			`end`
			`it 'should have the kibana_server user' do`
			`expect(result['kibana4_server']['username']).to eq('kibana4_server')`
			`expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])`
			`expect(result['kibana4_server']['enabled']).to eq(true)`
			`end`
			`it 'should have the logstash user' do`
			`expect(result['logstash_system']['username']).to eq('logstash_system')`
			`expect(result['logstash_system']['roles']).to eq(['logstash_system'])`
			`expect(result['logstash_system']['enabled']).to eq(true)`
			`end`
			`end`

			`describe 'logstash_system access check' do`
			`it 'should be reported as version '+vars['es_version'] do`
Add tests for SSL and and trial versions 2019-10-18 17:56:55 +01:00			`expect(curl_json(es_api_url, username='logstash_system', password='aNewLogstashPassword')['version']['number']).to eq(vars['es_version'])`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`end`
			`end`
Add tests specifically for SSL certificates 2019-10-22 13:04:56 +01:00
			`describe 'SSL certificate check' do`
			`certificates = curl_json("#{es_api_url}/_ssl/certificates", username=username, password=password)`
			`it 'should list the keystore file' do`
Update SSL/TLS tests 2019-10-25 10:18:00 +01:00			`expect(certificates.any? { \|cert\| cert['path'].include? es_keystore }).to be true`
Add tests specifically for SSL certificates 2019-10-22 13:04:56 +01:00			`end`
			`it 'should list the truststore file' do`
Update SSL/TLS tests 2019-10-25 10:18:00 +01:00			`expect(certificates.any? { \|cert\| cert['path'].include? es_truststore }).to be true`
Add tests specifically for SSL certificates 2019-10-22 13:04:56 +01:00			`end`
			`end`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`end`