santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update SSL/TLS tests

Browse source
This commit is contained in:
pemontto 2019-10-25 10:18:00 +01:00
parent 7fd243827c
commit 49e36125a5
No known key found for this signature in database
GPG key ID: EDCB93C3DA1B5DA9
3 changed files with 28 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

12
test/integration/helpers/serverspec/xpack_upgrade_spec.rb
View file

@ -6,8 +6,8 @@ vars = JSON.parse(File.read('/tmp/vars.json'))
es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}" es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}"
username = vars['es_api_basic_auth_username'] username = vars['es_api_basic_auth_username']
password = vars['es_api_basic_auth_password'] password = vars['es_api_basic_auth_password']
es_keystore_path = "#{vars['es_ssl_certificate_path']}/#{Pathname.new(vars['es_ssl_keystore']).basename}" es_keystore = Pathname.new(vars['es_ssl_keystore']).basename.to_s
es_truststore_path = "#{vars['es_ssl_certificate_path']}/#{Pathname.new(vars['es_ssl_truststore']).basename}" es_truststore = Pathname.new(vars['es_ssl_truststore']).basename.to_s
if vars['es_major_version'] == '7.x' if vars['es_major_version'] == '7.x'
es_security_api = "_security" es_security_api = "_security"
@ -46,6 +46,10 @@ shared_examples 'xpack_upgrade::init' do |vars|
it { should contain 'security.authc.realms.native1.order: 1' } it { should contain 'security.authc.realms.native1.order: 1' }
it { should contain 'security.authc.realms.native1.type: native' } it { should contain 'security.authc.realms.native1.type: native' }
end end
it { should contain 'xpack.security.transport.ssl.enabled: true' }
it { should contain 'xpack.security.http.ssl.enabled: true' }
it { should contain es_keystore }
it { should contain es_truststore }
end end
#Test contents of role_mapping.yml #Test contents of role_mapping.yml
@ -97,10 +101,10 @@ shared_examples 'xpack_upgrade::init' do |vars|
describe 'SSL certificate check' do describe 'SSL certificate check' do
certificates = curl_json("#{es_api_url}/_ssl/certificates", username=username, password=password) certificates = curl_json("#{es_api_url}/_ssl/certificates", username=username, password=password)
it 'should list the keystore file' do it 'should list the keystore file' do
expect(certificates.any? { |cert| cert['path'] == es_keystore_path }).to be true expect(certificates.any? { |cert| cert['path'].include? es_keystore }).to be true
end end
it 'should list the truststore file' do it 'should list the truststore file' do
expect(certificates.any? { |cert| cert['path'] == es_truststore_path }).to be true expect(certificates.any? { |cert| cert['path'].include? es_truststore }).to be true
end end
end end
end end

18
test/integration/xpack-upgrade-trial.yml
View file

@ -28,12 +28,13 @@
- alerting - alerting
es_api_basic_auth_username: elastic es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme es_api_basic_auth_password: changeme
es_api_sleep: 5
es_enable_http_ssl: false es_enable_http_ssl: false
es_enable_transport_ssl: true es_enable_transport_ssl: true
es_ssl_keystore: "files/certs/shared-store-no-password.p12" es_ssl_keystore: "files/certs/keystore-password.p12"
es_ssl_truststore: "files/certs/shared-store-no-password.p12" es_ssl_truststore: "files/certs/truststore-password.p12"
es_ssl_keystore_password: "" es_ssl_keystore_password: password1
es_ssl_truststore_password: "" es_ssl_truststore_password: password2
es_validate_certs: no es_validate_certs: no
es_role_mapping: es_role_mapping:
power_user: power_user:
@ -142,12 +143,13 @@
- alerting - alerting
es_api_basic_auth_username: elastic es_api_basic_auth_username: elastic
es_api_basic_auth_password: elasticChanged es_api_basic_auth_password: elasticChanged
es_api_sleep: 5
es_enable_http_ssl: true es_enable_http_ssl: true
es_enable_transport_ssl: true es_enable_transport_ssl: true
es_ssl_keystore: "files/certs/keystore-password.p12" es_ssl_keystore: "files/certs/shared-store-no-password.p12"
es_ssl_truststore: "files/certs/truststore-password.p12" es_ssl_truststore: "files/certs/shared-store-no-password.p12"
es_ssl_keystore_password: password1 es_ssl_keystore_password: ""
es_ssl_truststore_password: password2 es_ssl_truststore_password: ""
es_validate_certs: no es_validate_certs: no
es_role_mapping: es_role_mapping:
power_user: power_user:

18
test/integration/xpack-upgrade.yml
View file

@ -27,12 +27,13 @@
- alerting - alerting
es_api_basic_auth_username: elastic es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme es_api_basic_auth_password: changeme
es_api_sleep: 5
es_enable_http_ssl: false es_enable_http_ssl: false
es_enable_transport_ssl: true es_enable_transport_ssl: true
es_ssl_keystore: "files/certs/shared-store-no-password.p12" es_ssl_keystore: "files/certs/keystore-password.p12"
es_ssl_truststore: "files/certs/shared-store-no-password.p12" es_ssl_truststore: "files/certs/truststore-password.p12"
es_ssl_keystore_password: "" es_ssl_keystore_password: password1
es_ssl_truststore_password: "" es_ssl_truststore_password: password2
es_validate_certs: no es_validate_certs: no
es_role_mapping: es_role_mapping:
power_user: power_user:
@ -140,12 +141,13 @@
- alerting - alerting
es_api_basic_auth_username: elastic es_api_basic_auth_username: elastic
es_api_basic_auth_password: elasticChanged es_api_basic_auth_password: elasticChanged
es_api_sleep: 5
es_enable_http_ssl: true es_enable_http_ssl: true
es_enable_transport_ssl: true es_enable_transport_ssl: true
es_ssl_keystore: "files/certs/keystore-password.p12" es_ssl_keystore: "files/certs/shared-store-no-password.p12"
es_ssl_truststore: "files/certs/truststore-password.p12" es_ssl_truststore: "files/certs/shared-store-no-password.p12"
es_ssl_keystore_password: password1 es_ssl_keystore_password: ""
es_ssl_truststore_password: password2 es_ssl_truststore_password: ""
es_validate_certs: no es_validate_certs: no
es_role_mapping: es_role_mapping:
power_user: power_user: