ansible-role-elasticsearch/test/integration/helpers/serverspec/xpack_upgrade_spec.rb

require 'spec_helper'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))

shared_examples 'xpack_upgrade::init' do |vars|
  describe file("/etc/elasticsearch/#{vars['es_instance_name']}/elasticsearch.yml") do
    it { should contain "node.name: localhost-#{vars['es_instance_name']}" }
    it { should contain 'cluster.name: elasticsearch' }
    it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
    it { should contain "path.data: /var/lib/elasticsearch/localhost-#{vars['es_instance_name']}" }
    it { should contain "path.logs: /var/log/elasticsearch/localhost-#{vars['es_instance_name']}" }
  end

  #Test users file, users_roles and roles.yml
  describe file("/etc/elasticsearch/#{vars['es_instance_name']}#{vars['es_xpack_conf_subdir']}/users_roles") do
    it { should be_owned_by 'elasticsearch' }
    it { should contain 'admin:es_admin' }
    it { should contain 'power_user:testUser' }
  end

  describe file("/etc/elasticsearch/#{vars['es_instance_name']}#{vars['es_xpack_conf_subdir']}/users") do
    it { should be_owned_by 'elasticsearch' }
    it { should contain 'testUser:' }
    it { should contain 'es_admin:' }
  end

  describe 'security roles' do
    it 'should list the security roles' do
      roles = curl_json('http://localhost:9200/_xpack/security/role', username='es_admin', password='changeMeAgain')
      expect(roles.key?('superuser'))
    end
  end

  describe file("/etc/elasticsearch/#{vars['es_instance_name']}/elasticsearch.yml") do
    if vars['es_major_version'] == '7.x'
      it { should contain 'security.authc.realms.file.file1.order: 0' }
      it { should contain 'security.authc.realms.native.native1.order: 1' }
    else
      it { should contain 'security.authc.realms.file1.order: 0' }
      it { should contain 'security.authc.realms.file1.type: file' }
      it { should contain 'security.authc.realms.native1.order: 1' }
      it { should contain 'security.authc.realms.native1.type: native' } 
    end
  end

  #Test contents of role_mapping.yml
  describe file("/etc/elasticsearch/#{vars['es_instance_name']}#{vars['es_xpack_conf_subdir']}/role_mapping.yml") do
    it { should be_owned_by 'elasticsearch' }
    it { should contain 'power_user:' }
    it { should contain '- cn=admins,dc=example,dc=com' }
    it { should contain 'user:' }
    it { should contain '- cn=admins,dc=example,dc=com' }
  end

  #check accounts are correct i.e. we can auth and they have the correct roles
  describe 'kibana4_server access check' do
    it 'should be reported as version '+vars['es_version'] do
      command = command('curl -s localhost:9200/ -u kibana4_server:changeMe | grep number')
      expect(command.stdout).to match(vars['es_version'])
      expect(command.exit_status).to eq(0)
    end
  end

  describe 'security users' do
    result = curl_json('http://localhost:9200/_xpack/security/user', username='elastic', password='elasticChanged')
    it 'should have the elastic user' do
      expect(result['elastic']['username']).to eq('elastic')
      expect(result['elastic']['roles']).to eq(['superuser'])
      expect(result['elastic']['enabled']).to eq(true)
    end
    it 'should have the kibana user' do
      expect(result['kibana']['username']).to eq('kibana')
      expect(result['kibana']['roles']).to eq(['kibana_system'])
      expect(result['kibana']['enabled']).to eq(true)
    end
    it 'should have the kibana_server user' do
      expect(result['kibana4_server']['username']).to eq('kibana4_server')
      expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])
      expect(result['kibana4_server']['enabled']).to eq(true)
    end
    it 'should have the logstash user' do
      expect(result['logstash_system']['username']).to eq('logstash_system')
      expect(result['logstash_system']['roles']).to eq(['logstash_system'])
      expect(result['logstash_system']['enabled']).to eq(true)
    end
  end

  describe 'logstash_system access check' do
    it 'should be reported as version '+vars['es_version'] do
      command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword | grep number')
      expect(command.stdout).to match(vars['es_version'])
      expect(command.exit_status).to eq(0)
    end
  end
end
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`require 'spec_helper'`
			`require 'json'`
			`vars = JSON.parse(File.read('/tmp/vars.json'))`

			`shared_examples 'xpack_upgrade::init' do \|vars\|`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`describe file("/etc/elasticsearch/#{vars['es_instance_name']}/elasticsearch.yml") do`
			`it { should contain "node.name: localhost-#{vars['es_instance_name']}" }`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`it { should contain 'cluster.name: elasticsearch' }`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`it { should contain "path.data: /var/lib/elasticsearch/localhost-#{vars['es_instance_name']}" }`
			`it { should contain "path.logs: /var/log/elasticsearch/localhost-#{vars['es_instance_name']}" }`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`end`

			`#Test users file, users_roles and roles.yml`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`describe file("/etc/elasticsearch/#{vars['es_instance_name']}#{vars['es_xpack_conf_subdir']}/users_roles") do`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`it { should be_owned_by 'elasticsearch' }`
			`it { should contain 'admin:es_admin' }`
			`it { should contain 'power_user:testUser' }`
			`end`

Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`describe file("/etc/elasticsearch/#{vars['es_instance_name']}#{vars['es_xpack_conf_subdir']}/users") do`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`it { should be_owned_by 'elasticsearch' }`
			`it { should contain 'testUser:' }`
			`it { should contain 'es_admin:' }`
			`end`

			`describe 'security roles' do`
			`it 'should list the security roles' do`
			`roles = curl_json('http://localhost:9200/_xpack/security/role', username='es_admin', password='changeMeAgain')`
			`expect(roles.key?('superuser'))`
			`end`
			`end`

Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`describe file("/etc/elasticsearch/#{vars['es_instance_name']}/elasticsearch.yml") do`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`if vars['es_major_version'] == '7.x'`
			`it { should contain 'security.authc.realms.file.file1.order: 0' }`
			`it { should contain 'security.authc.realms.native.native1.order: 1' }`
			`else`
			`it { should contain 'security.authc.realms.file1.order: 0' }`
			`it { should contain 'security.authc.realms.file1.type: file' }`
			`it { should contain 'security.authc.realms.native1.order: 1' }`
			`it { should contain 'security.authc.realms.native1.type: native' }`
			`end`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`end`

			`#Test contents of role_mapping.yml`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`describe file("/etc/elasticsearch/#{vars['es_instance_name']}#{vars['es_xpack_conf_subdir']}/role_mapping.yml") do`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`it { should be_owned_by 'elasticsearch' }`
			`it { should contain 'power_user:' }`
			`it { should contain '- cn=admins,dc=example,dc=com' }`
			`it { should contain 'user:' }`
			`it { should contain '- cn=admins,dc=example,dc=com' }`
			`end`

			`#check accounts are correct i.e. we can auth and they have the correct roles`
			`describe 'kibana4_server access check' do`
			`it 'should be reported as version '+vars['es_version'] do`
			`command = command('curl -s localhost:9200/ -u kibana4_server:changeMe \| grep number')`
			`expect(command.stdout).to match(vars['es_version'])`
			`expect(command.exit_status).to eq(0)`
			`end`
			`end`

			`describe 'security users' do`
			`result = curl_json('http://localhost:9200/_xpack/security/user', username='elastic', password='elasticChanged')`
			`it 'should have the elastic user' do`
			`expect(result['elastic']['username']).to eq('elastic')`
			`expect(result['elastic']['roles']).to eq(['superuser'])`
			`expect(result['elastic']['enabled']).to eq(true)`
			`end`
			`it 'should have the kibana user' do`
			`expect(result['kibana']['username']).to eq('kibana')`
			`expect(result['kibana']['roles']).to eq(['kibana_system'])`
			`expect(result['kibana']['enabled']).to eq(true)`
			`end`
			`it 'should have the kibana_server user' do`
			`expect(result['kibana4_server']['username']).to eq('kibana4_server')`
			`expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])`
			`expect(result['kibana4_server']['enabled']).to eq(true)`
			`end`
			`it 'should have the logstash user' do`
			`expect(result['logstash_system']['username']).to eq('logstash_system')`
			`expect(result['logstash_system']['roles']).to eq(['logstash_system'])`
			`expect(result['logstash_system']['enabled']).to eq(true)`
			`end`
			`end`

			`describe 'logstash_system access check' do`
			`it 'should be reported as version '+vars['es_version'] do`
			`command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword \| grep number')`
			`expect(command.stdout).to match(vars['es_version'])`
			`expect(command.exit_status).to eq(0)`
			`end`
			`end`
			`end`