santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[meta] refactor kitchen tests (#765)

Browse source 
* [meta] refactor kitchen tests

This commit update kitchen tests to match important feature to test:
- default: test a deployment with all default values
- license: test a deployment with a license and default values
- trial: test a deployment with security enabled and trial license
- oss: test a deployment with oss version and default values (6.x only)
- upgrade: test an upgrade from a previous version
- oss-upgrade: test an upgrade with oss version (6.x only)
- oss-to-default-upgrade: test an upgrade from previous oss to latest
default version
- custom_config: test a deployment with custom config files
- security: test a deployment with security enabled

* [meta] fix license test
This commit is contained in:
Julien Mailleret 2021-02-04 11:19:00 +01:00 committed by GitHub
parent 78e805e6cb
commit d3e394b071
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
43 changed files with 272 additions and 406 deletions
Download patch file Download diff file Expand all files Collapse all files

38
.kitchen.yml
View file

@ -149,31 +149,39 @@ platforms:
use_sudo: false
suites:
- name: custom-config
provisioner:
idempotency_test: true
playbook: test/integration/custom-config.yml
- name: default
provisioner:
playbook: test/integration/default.yml
idempotency_test: true
- name: license
provisioner:
playbook: test/integration/license.yml
idempotency_test: true
- name: oss
provisioner:
idempotency_test: true
playbook: test/integration/oss.yml
- name: oss-to-default-upgrade
provisioner:
playbook: test/integration/oss-to-default-upgrade.yml
idempotency_test: false
- name: oss-upgrade
provisioner:
playbook: test/integration/oss-upgrade.yml
idempotency_test: false
- name: oss-to-xpack-upgrade
- name: security
provisioner:
playbook: test/integration/oss-to-xpack-upgrade.yml
idempotency_test: false
- name: xpack
provisioner:
playbook: test/integration/xpack.yml
playbook: test/integration/security.yml
idempotency_test: true
- name: xpack-upgrade
- name: trial
provisioner:
playbook: test/integration/xpack-upgrade.yml
idempotency_test: false
- name: issue-test
playbook: test/integration/trial.yml
idempotency_test: false # es_xpack_trial is not idempotent currently
- name: upgrade
provisioner:
playbook: test/integration/issue-test.yml
idempotency_test: false
- name: xpack-upgrade-trial
provisioner:
playbook: test/integration/xpack-upgrade-trial.yml
playbook: test/integration/upgrade.yml
idempotency_test: false

2
Makefile
View file

@ -2,7 +2,7 @@ default: build
SHELL:=/bin/bash -eux
export VERSION := 7.x
PATTERN := xpack-ubuntu-1604
PATTERN := default-ubuntu-1804
.PHONY: converge verify test login destroy list

2
README.md
View file

@ -97,7 +97,7 @@ This playbook uses [Kitchen](https://kitchen.ci/) for CI and local testing.
### Running the tests
* Ensure you have checked out this repository to `elasticsearch`, not `ansible-elasticsearch`.
* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` and `issue-test` suites by appending `-trial` to the `PATTERN` variable.
* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` suites by appending `-trial` to the `PATTERN` variable.
* You may need to explicitly specify `VERSION=7.x` if some suites are failing.
Install the ruby dependencies with bundler

11
test/integration/custom-config.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: Setup Elasticsearch with custom config files
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_config_default: "test/integration/files/custom_config/elasticsearch"
es_config_log4j2: "test/integration/files/custom_config/log4j2.properties"
es_config_jvm: "test/integration/files/custom_config/jvm.options"

0
test/integration/issue-test/issue-test.yml → test/integration/custom-config/custom_config.yml
View file

6
test/integration/xpack-upgrade/serverspec/default_spec.rb → test/integration/custom-config/serverspec/default_spec.rb
View file

@ -1,9 +1,9 @@
require 'xpack_upgrade_spec'
require 'custom_config_spec'
require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'Xpack upgrade Tests' do
describe 'Custom Config Tests' do
include_examples 'custom_config::init', vars
include_examples 'shared::init', vars
include_examples 'xpack_upgrade::init', vars
end

7
test/integration/default.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Setup Elasticsearch using default configuration
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch

0
test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml → test/integration/default/default.yml
View file

2
test/integration/xpack/serverspec/default_spec.rb → test/integration/default/serverspec/default_spec.rb
View file

@ -2,6 +2,6 @@ require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'Xpack upgrade Tests' do
describe 'default tests' do
include_examples 'shared::init', vars
end

2
test/integration/helpers/serverspec/oss_spec.rb → test/integration/helpers/serverspec/custom_config_spec.rb
View file

@ -1,7 +1,7 @@
require 'spec_helper'
require 'shared_spec'
shared_examples 'oss::init' do |vars|
shared_examples 'custom_config::init' do |vars|
describe file("/etc/elasticsearch/log4j2.properties") do
it { should be_file }
it { should be_owned_by 'root' }

10
test/integration/helpers/serverspec/issue_test_spec.rb
View file

@ -1,10 +0,0 @@
require 'spec_helper'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
shared_examples 'issue_test::init' do |vars|
#Add custom tests here for the issue-test.yml test
end

27
test/integration/helpers/serverspec/license_spec.rb Normal file
View file

@ -0,0 +1,27 @@
require 'spec_helper'
require 'json'
require 'pathname'
vars = JSON.parse(File.read('/tmp/vars.json'))
es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}"
username = vars['es_api_basic_auth_username']
password = vars['es_api_basic_auth_password']
es_keystore = Pathname.new(vars['es_ssl_keystore']).basename.to_s
es_truststore = Pathname.new(vars['es_ssl_truststore']).basename.to_s
if vars['es_major_version'] == '7.x'
es_license_api = "_license"
else
es_license_api = "_xpack/license"
end
shared_examples 'license::init' do |vars|
describe 'License check' do
result = curl_json("#{es_api_url}/#{es_license_api}", username=username, password=password)
it 'should list the license issued by Elastic' do
expect(result['license']['status']).to eq('active')
expect(result['license']['type']).to eq('trial')
expect(result['license']['issued_to']).to eq('Elastic - INTERNAL (non-production environments)')
end
end
end

4
test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb
View file

@ -1,4 +0,0 @@
require 'spec_helper'
shared_examples 'oss_to_xpack_upgrade::init' do |vars|
end

4
test/integration/helpers/serverspec/oss_upgrade_spec.rb
View file

@ -1,4 +0,0 @@
require 'spec_helper'
shared_examples 'oss_upgrade::init' do |vars|
end

24
test/integration/helpers/serverspec/xpack_upgrade_spec.rb → test/integration/helpers/serverspec/security_spec.rb
View file

@ -15,7 +15,7 @@ else
es_security_api = "_xpack/security"
end
shared_examples 'xpack_upgrade::init' do |vars|
shared_examples 'security::init' do |vars|
#Test users file, users_roles and roles.yml
describe file("/etc/elasticsearch/users_roles") do
it { should be_owned_by 'root' }
@ -39,12 +39,9 @@ shared_examples 'xpack_upgrade::init' do |vars|
describe file("/etc/elasticsearch/elasticsearch.yml") do
if vars['es_major_version'] == '7.x'
it { should contain 'security.authc.realms.file.file1.order: 0' }
it { should contain 'security.authc.realms.native.native1.order: 1' }
else
it { should contain 'security.authc.realms.file1.order: 0' }
it { should contain 'security.authc.realms.file1.type: file' }
it { should contain 'security.authc.realms.native1.order: 1' }
it { should contain 'security.authc.realms.native1.type: native' }
end
it { should contain 'xpack.security.transport.ssl.enabled: true' }
it { should contain 'xpack.security.http.ssl.enabled: true' }
@ -56,18 +53,10 @@ shared_examples 'xpack_upgrade::init' do |vars|
describe file("/etc/elasticsearch/role_mapping.yml") do
it { should be_owned_by 'root' }
it { should contain 'power_user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
it { should contain 'user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
end
#check accounts are correct i.e. we can auth and they have the correct roles
describe 'kibana4_server access check' do
it 'should be reported as version '+vars['es_version'] do
expect(curl_json(es_api_url, username='kibana4_server', password='changeMe')['version']['number']).to eq(vars['es_version'])
end
end
describe 'security users' do
result = curl_json("#{es_api_url}/#{es_security_api}/user", username=username, password=password)
it 'should have the elastic user' do
@ -80,11 +69,6 @@ shared_examples 'xpack_upgrade::init' do |vars|
expect(result['kibana']['roles']).to eq(['kibana_system'])
expect(result['kibana']['enabled']).to eq(true)
end
it 'should have the kibana_server user' do
expect(result['kibana4_server']['username']).to eq('kibana4_server')
expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])
expect(result['kibana4_server']['enabled']).to eq(true)
end
it 'should have the logstash user' do
expect(result['logstash_system']['username']).to eq('logstash_system')
expect(result['logstash_system']['roles']).to eq(['logstash_system'])
@ -92,12 +76,6 @@ shared_examples 'xpack_upgrade::init' do |vars|
end
end
describe 'logstash_system access check' do
it 'should be reported as version '+vars['es_version'] do
expect(curl_json(es_api_url, username='logstash_system', password='aNewLogstashPassword')['version']['number']).to eq(vars['es_version'])
end
end
describe 'SSL certificate check' do
certificates = curl_json("#{es_api_url}/_ssl/certificates", username=username, password=password)
it 'should list the keystore file' do

42
test/integration/issue-test.yml
View file

@ -1,42 +0,0 @@
#This file is for users to test issues and reproduce them using the test framework.
#Modify the playbook below and test with kitchen i.e. `kitchen test issue-test`
#To add custom tests modify the serverspec file ./helpers/serverspec/issue_test_spec.rb
#Idempot test is enabled for this test
- name: Simple Example
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_config:
xpack.security.authc.realms.file.file1.order: 1
xpack.security.authc.realms.native.native1.type: "native"
es_heap_size: "1g"
es_plugins:
- plugin: ingest-attachment
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_users:
file:
test_user:
password: changeme
roles:
- kibana_system
native:
kibana:
password: changeme
roles:
- kibana_system
elastic:
password: aNewPassWord
es_roles:
native:
logstash:
cluster:
- manage_index_templates
logstash_system:
cluster:
- manage_index_templates

8
test/integration/issue-test/serverspec/default_spec.rb
View file

@ -1,8 +0,0 @@
require 'issue_test_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'Issue Test' do
include_examples 'issue_test::init', vars
end

57
test/integration/license.yml Normal file
View file

@ -0,0 +1,57 @@
---
- name: Elasticsearch Xpack HTTP different keystore and truststore with password
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_config_6x:
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.file1.type: file
es_config_7x:
xpack.security.authc.realms.file.file1.order: 0
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_api_sleep: 5
es_enable_http_ssl: true
es_enable_transport_ssl: true
es_ssl_keystore: "test/integration/files/certs/keystore-password.p12"
es_ssl_truststore: "test/integration/files/certs/truststore-password.p12"
es_ssl_keystore_password: password1
es_ssl_truststore_password: password2
es_validate_certs: no
es_users:
file:
es_admin:
password: changeMe
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user
es_roles:
file:
admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all
power_user:
cluster:
- monitor
indices:
- names: '*'
privileges:
- all
user:
indices:
- names: '*'
privileges:
- read

0
test/integration/oss-upgrade/oss-upgrade.yml → test/integration/license/license.yml
View file

9
test/integration/license/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,9 @@
require 'license_spec'
require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'license tests' do
include_examples 'shared::init', vars
include_examples 'license::init', vars
end

6
test/integration/oss-to-xpack-upgrade.yml → test/integration/oss-to-default-upgrade.yml
View file

@ -1,5 +1,5 @@
---
- name: Standard test for single node setup. Tests idempotence.
- name: Deploy Elasticsearch OSS version
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
@ -8,9 +8,8 @@
vars:
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
oss_version: true
es_heap_size: "1g"
- name: Standard test for single node setup. Tests idempotence.
- name: Upgrade to Elasticsearch default version
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
@ -18,4 +17,3 @@
- elasticsearch
vars:
oss_version: false
es_heap_size: "1g"

0
test/integration/xpack-upgrade/xpack-upgrade.yml → test/integration/oss-to-default-upgrade/oss-to-default-upgrade.yml
View file

7
test/integration/oss-to-default-upgrade/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,7 @@
require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'oss to default upgrade tests' do
include_examples 'shared::init', vars
end

9
test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb
View file

@ -1,9 +0,0 @@
require 'oss_to_xpack_upgrade_spec'
require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'oss to xpack upgrade Tests' do
include_examples 'shared::init', vars
include_examples 'oss_to_xpack_upgrade::init', vars
end

6
test/integration/oss-upgrade.yml
View file

@ -1,5 +1,5 @@
---
- name: Standard test for single node setup. Tests idempotence.
- name: Deploy Elasticsearch OSS previous version
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
@ -8,9 +8,8 @@
vars:
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
oss_version: true
es_heap_size: "1g"
- name: Standard test for single node setup. Tests idempotence.
- name: Deploy Elasticsearch OSS latest version
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
@ -18,4 +17,3 @@
- elasticsearch
vars:
oss_version: true
es_heap_size: "1g"

0
test/integration/xpack/xpack.yml → test/integration/oss-upgrade/oss.yml
View file

4
test/integration/oss-upgrade/serverspec/default_spec.rb
View file

@ -1,9 +1,7 @@
require 'oss_upgrade_spec'
require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'oss upgrade Tests' do
include_examples 'oss_upgrade::init', vars
describe 'oss upgrade tests' do
include_examples 'shared::init', vars
end

8
test/integration/oss.yml
View file

@ -1,5 +1,5 @@
---
- name: Standard test for single node setup. Tests idempotence.
- name: Setup Elasticsearch OSS 6.x
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
@ -7,11 +7,5 @@
- elasticsearch
vars:
oss_version: true
es_heap_size: "1g"
es_plugins:
- plugin: ingest-attachment
es_config_default: "test/integration/files/custom_config/elasticsearch"
es_config_log4j2: "test/integration/files/custom_config/log4j2.properties"
es_config_jvm: "test/integration/files/custom_config/jvm.options"
#Do not add tests here. This test is run twice and confirms idempotency.

7
test/integration/oss/serverspec/default_spec.rb
View file

@ -1,12 +1,7 @@
require 'oss_spec'
require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'OSS Tests' do
include_examples 'oss::init', vars
describe 'oss tests' do
include_examples 'shared::init', vars
end

56
test/integration/security.yml Normal file
View file

@ -0,0 +1,56 @@
---
- name: Elasticsearch Xpack HTTP different keystore and truststore with password
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_config_6x:
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.file1.type: file
es_config_7x:
xpack.security.authc.realms.file.file1.order: 0
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_api_sleep: 5
es_enable_http_ssl: true
es_enable_transport_ssl: true
es_ssl_keystore: "test/integration/files/certs/keystore-password.p12"
es_ssl_truststore: "test/integration/files/certs/truststore-password.p12"
es_ssl_keystore_password: password1
es_ssl_truststore_password: password2
es_validate_certs: no
es_users:
file:
es_admin:
password: changeMe
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user
es_roles:
file:
admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all
power_user:
cluster:
- monitor
indices:
- names: '*'
privileges:
- all
user:
indices:
- names: '*'
privileges:
- read

2
test/integration/security/security.yml Normal file
View file

@ -0,0 +1,2 @@
---
- host: test-kitchen

9
test/integration/security/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,9 @@
require 'security_spec'
require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'security tests' do
include_examples 'shared::init', vars
include_examples 'security::init', vars
end

71
test/integration/xpack-upgrade-trial.yml → test/integration/trial.yml
View file

@ -1,5 +1,5 @@
---
- name: Elasticsearch Xpack HTTP different keystore and truststore with password
- name: Setup Elasticsearch with security enabled and a trial license
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
@ -15,15 +15,7 @@
xpack.security.authc.realms.file.file1.order: 0
xpack.security.authc.realms.native.native1.order: 1
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_heap_size: "1g"
es_templates: true
es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json"
es_major_version: "7.x"
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
es_xpack_license: ""
es_xpack_trial: true
es_plugins:
- plugin: ingest-attachment
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_api_sleep: 5
@ -112,64 +104,3 @@
- write
- delete
- create_index
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
- name: Elasticsearch Xpack HTTP SSL and shared keystore without password
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_config_6x:
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.file1.type: file
xpack.security.authc.realms.native1.order: 1
xpack.security.authc.realms.native1.type: native
es_config_7x:
xpack.security.authc.realms.file.file1.order: 0
xpack.security.authc.realms.native.native1.order: 1
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_heap_size: "1g"
es_templates: true
es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json"
es_xpack_license: ""
es_xpack_trial: false
es_plugins:
- plugin: ingest-attachment
es_api_basic_auth_username: elastic
es_api_basic_auth_password: elasticChanged
es_api_sleep: 5
es_enable_http_ssl: true
es_enable_transport_ssl: true
es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12"
es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12"
es_ssl_keystore_password: ""
es_ssl_truststore_password: ""
es_validate_certs: no
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
user:
- "cn=users,dc=example,dc=com"
- "cn=admins,dc=example,dc=com"
es_users:
native:
kibana4_server:
password: changeMe
roles:
- kibana4_server
logstash_system:
#this will be ignored
roles:
- kibana4_server
file:
es_admin:
password: changeMeAgain
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user

7
test/integration/trial/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,7 @@
require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'trial tests' do
include_examples 'shared::init', vars
end

2
test/integration/trial/trial.yml Normal file
View file

@ -0,0 +1,2 @@
---
- host: test-kitchen

16
test/integration/upgrade.yml Normal file
View file

@ -0,0 +1,16 @@
---
- name: Deploy Elasticsearch previous version
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}"
- name: Deploy Elasticsearch latest version
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch

7
test/integration/upgrade/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,7 @@
require 'shared_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'upgrade tests' do
include_examples 'shared::init', vars
end

2
test/integration/upgrade/upgrade.yml Normal file
View file

@ -0,0 +1,2 @@
---
- host: test-kitchen

1
test/integration/xpack-upgrade-trial
View file

@ -1 +0,0 @@
xpack-upgrade

173
test/integration/xpack-upgrade.yml
View file

@ -1,173 +0,0 @@
---
- name: Elasticsearch Xpack HTTP different keystore and truststore with password
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_config_6x:
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.file1.type: file
xpack.security.authc.realms.native1.order: 1
xpack.security.authc.realms.native1.type: native
es_config_7x:
xpack.security.authc.realms.file.file1.order: 0
xpack.security.authc.realms.native.native1.order: 1
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_heap_size: "1g"
es_templates: true
es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json"
es_major_version: "7.x"
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_plugins:
- plugin: ingest-attachment
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_api_sleep: 5
es_enable_http_ssl: false
es_enable_transport_ssl: true
es_ssl_keystore: "test/integration/files/certs/keystore-password.p12"
es_ssl_truststore: "test/integration/files/certs/truststore-password.p12"
es_ssl_keystore_password: password1
es_ssl_truststore_password: password2
es_validate_certs: no
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
user:
- "cn=users,dc=example,dc=com"
- "cn=admins,dc=example,dc=com"
es_users:
native:
kibana4_server:
password: changeMe
roles:
- kibana4_server
logstash_system:
#this should be successfully modified
password: aNewLogstashPassword
#this will be ignored
roles:
- kibana4_server
elastic:
password: elasticChanged
file:
es_admin:
password: changeMe
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user
es_roles:
file:
admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all
power_user:
cluster:
- monitor
indices:
- names: '*'
privileges:
- all
user:
indices:
- names: '*'
privileges:
- read
kibana4_server:
cluster:
- monitor
indices:
- names: '.kibana'
privileges:
- all
native:
logstash:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index
#this will be ignored - its reserved
logstash_system:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
- name: Elasticsearch Xpack HTTP SSL and shared keystore without password
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_config_6x:
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.file1.type: file
xpack.security.authc.realms.native1.order: 1
xpack.security.authc.realms.native1.type: native
es_config_7x:
xpack.security.authc.realms.file.file1.order: 0
xpack.security.authc.realms.native.native1.order: 1
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_heap_size: "1g"
es_templates: true
es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json"
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_plugins:
- plugin: ingest-attachment
es_api_basic_auth_username: elastic
es_api_basic_auth_password: elasticChanged
es_api_sleep: 5
es_enable_http_ssl: true
es_enable_transport_ssl: true
es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12"
es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12"
es_ssl_keystore_password: ""
es_ssl_truststore_password: ""
es_validate_certs: no
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
user:
- "cn=users,dc=example,dc=com"
- "cn=admins,dc=example,dc=com"
es_users:
native:
kibana4_server:
password: changeMe
roles:
- kibana4_server
logstash_system:
#this will be ignored
roles:
- kibana4_server
file:
es_admin:
password: changeMeAgain
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user

10
test/integration/xpack.yml
View file

@ -1,10 +0,0 @@
#Tests x-pack is idempotent and works when security is not enabled
---
- name: Elasticsearch Xpack tests - no security and manual download
hosts: localhost
post_tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- elasticsearch
vars:
es_heap_size: 2g

10
test/matrix-6x.yml
View file

@ -9,8 +9,12 @@ OS:
- centos-8
- amazonlinux-2
TEST_TYPE:
- custom-config
- default
- license
- oss
- oss-to-default-upgrade
- oss-upgrade
- oss-to-xpack-upgrade
- xpack
- xpack-upgrade
- security
- trial
- upgrade

10
test/matrix.yml
View file

@ -9,8 +9,12 @@ OS:
- centos-8
- amazonlinux-2
TEST_TYPE:
- custom-config
- default
- license
- oss
- oss-to-default-upgrade
- oss-upgrade
- oss-to-xpack-upgrade
- xpack
- xpack-upgrade
- security
- trial
- upgrade