santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add tests for SSL and and trial versions

Browse source
This commit is contained in:
pemontto 2019-10-18 17:56:55 +01:00
parent 3707af1488
commit ab70e6f11d
No known key found for this signature in database
GPG key ID: EDCB93C3DA1B5DA9
11 changed files with 257 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
test/integration/helpers/serverspec/spec_helper.rb
View file

@ -22,6 +22,7 @@ def curl_json(uri, username=nil, password=nil)
res = Net::HTTP.start(
uri.hostname,
uri.port,
:use_ssl => uri.scheme == 'https',
:verify_mode => OpenSSL::SSL::VERIFY_NONE
) {|http|
http.request(req)

14
test/integration/helpers/serverspec/xpack_upgrade_spec.rb
View file

@ -5,7 +5,11 @@ vars = JSON.parse(File.read('/tmp/vars.json'))
es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}"
username = vars['es_api_basic_auth_username']
password = vars['es_api_basic_auth_password']
es_security_api = "#{vars['es_security_api']}"
if vars['es_major_version'] == '7.x'
es_security_api = "_security"
else
es_security_api = "_xpack/security"
end
shared_examples 'xpack_upgrade::init' do |vars|
#Test users file, users_roles and roles.yml
@ -52,9 +56,7 @@ shared_examples 'xpack_upgrade::init' do |vars|
#check accounts are correct i.e. we can auth and they have the correct roles
describe 'kibana4_server access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u kibana4_server:changeMe | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
expect(curl_json(es_api_url, username='kibana4_server', password='changeMe')['version']['number']).to eq(vars['es_version'])
end
end
@ -84,9 +86,7 @@ shared_examples 'xpack_upgrade::init' do |vars|
describe 'logstash_system access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
expect(curl_json(es_api_url, username='logstash_system', password='aNewLogstashPassword')['version']['number']).to eq(vars['es_version'])
end
end
end

1
test/integration/issue-test-trial Symbolic link
View file

@ -0,0 +1 @@
issue-test

46
test/integration/issue-test-trial.yml Normal file
View file

@ -0,0 +1,46 @@
#This file is for users to test issues and reproduce them using the test framework.
#Modify the playbook below and test with kitchen i.e. `kitchen test issue-test`
#To add custom tests modify the serverspec file ./helpers/serverspec/issue_test_spec.rb
#Idempot test is enabled for this test
- name: Simple Example
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_xpack_license: ""
es_xpack_trial: true
es_config:
xpack.security.authc.realms.file.file1.order: 1
xpack.security.authc.realms.native.native1.type: "native"
es_heap_size: "1g"
es_plugins:
- plugin: ingest-attachment
es_xpack_features:
- security
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_users:
file:
test_user:
password: changeme
roles:
- kibana_system
native:
kibana:
password: changeme
roles:
- kibana_system
elastic:
password: aNewPassWord
es_roles:
native:
logstash:
cluster:
- manage_index_templates
logstash_system:
cluster:
- manage_index_templates

1
test/integration/xpack-upgrade-trial Symbolic link
View file

@ -0,0 +1 @@
xpack-upgrade

177
test/integration/xpack-upgrade-trial.yml Normal file
View file

@ -0,0 +1,177 @@
---
- name: Elasticsearch Xpack HTTP different keystore and truststore with password
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_config_6x:
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.file1.type: file
xpack.security.authc.realms.native1.order: 1
xpack.security.authc.realms.native1.type: native
es_config_7x:
xpack.security.authc.realms.file.file1.order: 0
xpack.security.authc.realms.native.native1.order: 1
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_heap_size: "1g"
es_templates: true
es_major_version: "7.x"
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
es_xpack_license: ""
es_xpack_trial: true
es_plugins:
- plugin: ingest-attachment
es_xpack_features:
- security
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_enable_http_ssl: false
es_enable_transport_ssl: true
es_ssl_keystore: "files/certs/keystore-password.p12"
es_ssl_truststore: "files/certs/truststore-password.p12"
es_ssl_keystore_password: password1
es_ssl_truststore_password: password2
es_validate_certs: no
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
user:
- "cn=users,dc=example,dc=com"
- "cn=admins,dc=example,dc=com"
es_users:
native:
kibana4_server:
password: changeMe
roles:
- kibana4_server
logstash_system:
#this should be successfully modified
password: aNewLogstashPassword
#this will be ignored
roles:
- kibana4_server
elastic:
password: elasticChanged
file:
es_admin:
password: changeMe
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user
es_roles:
file:
admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all
power_user:
cluster:
- monitor
indices:
- names: '*'
privileges:
- all
user:
indices:
- names: '*'
privileges:
- read
kibana4_server:
cluster:
- monitor
indices:
- names: '.kibana'
privileges:
- all
native:
logstash:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index
#this will be ignored - its reserved
logstash_system:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
- name: Elasticsearch Xpack HTTP SSL and shared keystore without password
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_config_6x:
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.file1.type: file
xpack.security.authc.realms.native1.order: 1
xpack.security.authc.realms.native1.type: native
es_config_7x:
xpack.security.authc.realms.file.file1.order: 0
xpack.security.authc.realms.native.native1.order: 1
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_heap_size: "1g"
es_templates: true
es_xpack_license: ""
es_xpack_trial: false
es_plugins:
- plugin: ingest-attachment
es_xpack_features:
- security
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: elasticChanged
es_enable_http_ssl: true
es_enable_transport_ssl: true
es_ssl_keystore: "files/certs/shared-store-no-password.p12"
es_ssl_truststore: "files/certs/shared-store-no-password.p12"
es_ssl_keystore_password: ""
es_ssl_truststore_password: ""
es_validate_certs: no
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
user:
- "cn=users,dc=example,dc=com"
- "cn=admins,dc=example,dc=com"
es_users:
native:
kibana4_server:
password: changeMe
roles:
- kibana4_server
logstash_system:
#this will be ignored
roles:
- kibana4_server
file:
es_admin:
password: changeMeAgain
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user

18
test/integration/xpack-upgrade.yml
View file

@ -1,5 +1,5 @@
---
- name: Elasticsearch Xpack tests initial
- name: Elasticsearch Xpack HTTP different keystore and truststore with password
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
@ -27,6 +27,13 @@
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_enable_http_ssl: false
es_enable_transport_ssl: true
es_ssl_keystore: "files/certs/keystore-password.p12"
es_ssl_truststore: "files/certs/truststore-password.p12"
es_ssl_keystore_password: password1
es_ssl_truststore_password: password2
es_validate_certs: no
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
@ -107,7 +114,7 @@
- create_index
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
- name: Elasticsearch Xpack modify
- name: Elasticsearch Xpack HTTP SSL and shared keystore without password
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
@ -133,6 +140,13 @@
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: elasticChanged
es_enable_http_ssl: true
es_enable_transport_ssl: true
es_ssl_keystore: "files/certs/shared-store-no-password.p12"
es_ssl_truststore: "files/certs/shared-store-no-password.p12"
es_ssl_keystore_password: ""
es_ssl_truststore_password: ""
es_validate_certs: no
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"