Shield to Security and other X-Pack clear up
This commit is contained in:
Dale McDiarmid
parent
86bc009b60
commit
197cf05a0e
18 changed files with 112 additions and 113 deletions
|
|
@ -6,7 +6,7 @@ shared_examples 'xpack::init' do |es_version|
|
|||
it { should exist }
|
||||
end
|
||||
|
||||
describe service('shield_node_elasticsearch') do
|
||||
describe service('security_node_elasticsearch') do
|
||||
it { should be_running }
|
||||
end
|
||||
|
||||
|
|
@ -14,23 +14,23 @@ shared_examples 'xpack::init' do |es_version|
|
|||
it { should be_installed }
|
||||
end
|
||||
|
||||
describe file('/etc/elasticsearch/shield_node/elasticsearch.yml') do
|
||||
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
|
||||
it { should be_file }
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
end
|
||||
|
||||
describe file('/etc/elasticsearch/shield_node/logging.yml') do
|
||||
describe file('/etc/elasticsearch/security_node/logging.yml') do
|
||||
it { should be_file }
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
end
|
||||
|
||||
describe file('/etc/elasticsearch/shield_node/elasticsearch.yml') do
|
||||
it { should contain 'node.name: localhost-shield_node' }
|
||||
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
|
||||
it { should contain 'node.name: localhost-security_node' }
|
||||
it { should contain 'cluster.name: elasticsearch' }
|
||||
it { should contain 'path.conf: /etc/elasticsearch/shield_node' }
|
||||
it { should contain 'path.data: /var/lib/elasticsearch/localhost-shield_node' }
|
||||
it { should contain 'path.work: /tmp/elasticsearch/localhost-shield_node' }
|
||||
it { should contain 'path.logs: /var/log/elasticsearch/localhost-shield_node' }
|
||||
it { should contain 'path.conf: /etc/elasticsearch/security_node' }
|
||||
it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' }
|
||||
it { should contain 'path.work: /tmp/elasticsearch/localhost-security_node' }
|
||||
it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' }
|
||||
end
|
||||
|
||||
describe 'Node listening' do
|
||||
|
|
@ -78,7 +78,7 @@ shared_examples 'xpack::init' do |es_version|
|
|||
end
|
||||
|
||||
|
||||
#Check shield,watcher and license plugins are installed
|
||||
#Check security,watcher and license plugins are installed
|
||||
describe file('/usr/share/elasticsearch/plugins/license') do
|
||||
it { should be_directory }
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
|
|
@ -97,16 +97,16 @@ shared_examples 'xpack::init' do |es_version|
|
|||
end
|
||||
end
|
||||
|
||||
describe file('/usr/share/elasticsearch/plugins/shield') do
|
||||
describe file('/usr/share/elasticsearch/plugins/security') do
|
||||
it { should be_directory }
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
end
|
||||
|
||||
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep shield') do
|
||||
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep security') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe file('/etc/elasticsearch/shield_node/shield') do
|
||||
describe file('/etc/elasticsearch/security_node/security') do
|
||||
it { should be_directory }
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
end
|
||||
|
|
@ -149,20 +149,20 @@ shared_examples 'xpack::init' do |es_version|
|
|||
|
||||
|
||||
#Test users file, users_roles and roles.yml
|
||||
describe file('/etc/elasticsearch/shield_node/shield/users_roles') do
|
||||
describe file('/etc/elasticsearch/security_node/x-pack/users_roles') do
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
it { should contain 'admin:es_admin' }
|
||||
it { should contain 'power_user:testUser' }
|
||||
end
|
||||
|
||||
describe file('/etc/elasticsearch/shield_node/shield/users') do
|
||||
describe file('/etc/elasticsearch/security_node/x-pack/users') do
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
it { should contain 'testUser:' }
|
||||
it { should contain 'es_admin:' }
|
||||
end
|
||||
|
||||
|
||||
describe file('/etc/elasticsearch/shield_node/shield/roles.yml') do
|
||||
describe file('/etc/elasticsearch/security_node/x-pack/roles.yml') do
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
#Test contents as expected
|
||||
its(:md5sum) { should eq '7800182547287abd480c8b095bf26e9e' }
|
||||
|
|
@ -170,19 +170,19 @@ shared_examples 'xpack::init' do |es_version|
|
|||
|
||||
|
||||
#Test native roles and users are loaded
|
||||
describe command('curl -s localhost:9200/_shield/user -u es_admin:changeMe | md5sum | grep 557a730df7136694131b5b7012a5ffad') do
|
||||
describe command('curl -s localhost:9200/_xpack/security/user -u es_admin:changeMe | md5sum | grep 557a730df7136694131b5b7012a5ffad') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe command('curl -s localhost:9200/_shield/user -u es_admin:changeMe | grep "{\"kibana4_server\":{\"username\":\"kibana4_server\",\"roles\":\[\"kibana4_server\"\],\"full_name\":null,\"email\":null,\"metadata\":{}}}"') do
|
||||
describe command('curl -s localhost:9200/_xpack/security/user -u es_admin:changeMe | grep "{\"kibana4_server\":{\"username\":\"kibana4_server\",\"roles\":\[\"kibana4_server\"\],\"full_name\":null,\"email\":null,\"metadata\":{}}}"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe command('curl -s localhost:9200/_shield/role -u es_admin:changeMe | grep "{\"logstash\":{\"cluster\":\[\"manage_index_templates\"\],\"indices\":\[{\"names\":\[\"logstash-\*\"\],\"privileges\":\[\"write\",\"delete\",\"create_index\"\]}\],\"run_as\":\[\]}}"') do
|
||||
describe command('curl -s localhost:9200/_xpack/security/role -u es_admin:changeMe | grep "{\"logstash\":{\"cluster\":\[\"manage_index_templates\"\],\"indices\":\[{\"names\":\[\"logstash-\*\"\],\"privileges\":\[\"write\",\"delete\",\"create_index\"\]}\],\"run_as\":\[\]}}"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe command('curl -s localhost:9200/_shield/role -u es_admin:changeMe | md5sum | grep 6d14f09ef1eea64adf4d4a9c04229629') do
|
||||
describe command('curl -s localhost:9200/_xpack/security/role -u es_admin:changeMe | md5sum | grep 6d14f09ef1eea64adf4d4a9c04229629') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
|
|
@ -213,15 +213,15 @@ shared_examples 'xpack::init' do |es_version|
|
|||
end
|
||||
|
||||
#Test contents of Elasticsearch.yml file
|
||||
describe file('/etc/elasticsearch/shield_node/elasticsearch.yml') do
|
||||
it { should contain 'shield.authc.realms.file1.order: 0' }
|
||||
it { should contain 'shield.authc.realms.file1.type: file' }
|
||||
it { should contain 'shield.authc.realms.native1.order: 1' }
|
||||
it { should contain 'shield.authc.realms.native1.type: native' }
|
||||
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
|
||||
it { should contain 'security.authc.realms.file1.order: 0' }
|
||||
it { should contain 'security.authc.realms.file1.type: file' }
|
||||
it { should contain 'security.authc.realms.native1.order: 1' }
|
||||
it { should contain 'security.authc.realms.native1.type: native' }
|
||||
end
|
||||
|
||||
#Test contents of role_mapping.yml
|
||||
describe file('/etc/elasticsearch/shield_node/shield/role_mapping.yml') do
|
||||
describe file('/etc/elasticsearch/security_node/x-pack/role_mapping.yml') do
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
it { should contain 'power_user:' }
|
||||
it { should contain '- cn=admins,dc=example,dc=com' }
|
||||
|
|
@ -230,7 +230,7 @@ shared_examples 'xpack::init' do |es_version|
|
|||
end
|
||||
|
||||
|
||||
describe file('/etc/elasticsearch/shield_node/shield/system_key') do
|
||||
describe file('/etc/elasticsearch/security_node/x-pack/system_key') do
|
||||
it { should be_owned_by 'elasticsearch' }
|
||||
it { should be_writable.by('owner') }
|
||||
it { should be_writable.by_user('elasticsearch') }
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
hosts: localhost
|
||||
roles:
|
||||
- { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300",
|
||||
"shield.authc.realms.file1.type": "file","shield.authc.realms.file1.order": 0, "shield.authc.realms.native1.type": "native","shield.authc.realms.native1.order": 1 },
|
||||
es_instance_name: "shield_node" }
|
||||
"xpack.security.authc.realms.file1.type": "file","xpack.security.authc.realms.file1.order": 0, "xpack.security.authc.realms.native1.type": "native","xpack.security.authc.realms.native1.order": 1 },
|
||||
es_instance_name: "security_node" }
|
||||
vars:
|
||||
es_templates: true
|
||||
es_enable_xpack: true
|
||||
|
|
@ -13,8 +13,8 @@
|
|||
- plugin: lmenezes/elasticsearch-kopf
|
||||
version: master
|
||||
es_xpack_features:
|
||||
- shield
|
||||
- watcher
|
||||
- security
|
||||
- alerting
|
||||
es_api_basic_auth_username: es_admin
|
||||
es_api_basic_auth_password: changeMe
|
||||
es_message_auth_file: system_key
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue