Support for message auth + test

tasks/xpack/shield/elasticsearch-shield.yml

@@ -21,6 +21,12 @@
   template: src=shield/role_mapping.yml.j2 dest={{conf_dir}}/shield/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
   when: es_role_mapping is defined
 
+#-----------------------------AUTH FILE----------------------------------------
+
+- name: Copy message auth key to elasticsearch
+  copy: src={{ es_message_auth_file }} dest={{conf_dir}}/shield/system_key owner={{ es_user }} group={{ es_group }} mode=0600 force=yes
+  when: es_message_auth_file is defined
+
 #------------------------------------------------------------------------------------
 
 #Ensure shield conf directory is created

test/integration/helpers/serverspec/xpack_spec.rb

@@ -220,5 +220,16 @@ shared_examples 'xpack::init' do |es_version|
     it { should contain '- cn=admins,dc=example,dc=com' }
   end
 
+
+  describe file('/etc/elasticsearch/shield_node/shield/system_key') do
+    it { should be_owned_by 'elasticsearch' }
+    it { should be_writable.by('owner') }
+    it { should be_writable.by_user('elasticsearch') }
+    it { should be_readable.by('owner') }
+    it { should be_readable.by_user('elasticsearch') }
+    it { should_not be_executable }
+    #Test contents as expected
+    its(:md5sum) { should eq '6ff0e6c4380a6ac0f6e04d871c0ca5e8' }
+  end
 end
 

test/integration/xpack.yml

@@ -16,6 +16,7 @@
       - watcher
     es_api_basic_auth_username: es_admin
     es_api_basic_auth_password: changeMe
+    es_message_auth_file: system_key
     es_role_mapping:
       power_user:
         - "cn=admins,dc=example,dc=com"