From d3e394b071d819ef47a515557a1ce33e81a34522 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Thu, 4 Feb 2021 11:19:00 +0100 Subject: [PATCH] [meta] refactor kitchen tests (#765) * [meta] refactor kitchen tests This commit update kitchen tests to match important feature to test: - default: test a deployment with all default values - license: test a deployment with a license and default values - trial: test a deployment with security enabled and trial license - oss: test a deployment with oss version and default values (6.x only) - upgrade: test an upgrade from a previous version - oss-upgrade: test an upgrade with oss version (6.x only) - oss-to-default-upgrade: test an upgrade from previous oss to latest default version - custom_config: test a deployment with custom config files - security: test a deployment with security enabled * [meta] fix license test --- .kitchen.yml | 38 ++-- Makefile | 2 +- README.md | 2 +- test/integration/custom-config.yml | 11 ++ .../custom_config.yml} | 0 .../serverspec/default_spec.rb | 6 +- test/integration/default.yml | 7 + .../default.yml} | 0 .../serverspec/default_spec.rb | 2 +- .../{oss_spec.rb => custom_config_spec.rb} | 2 +- .../helpers/serverspec/issue_test_spec.rb | 10 - .../helpers/serverspec/license_spec.rb | 27 +++ .../serverspec/oss_to_xpack_upgrade_spec.rb | 4 - .../helpers/serverspec/oss_upgrade_spec.rb | 4 - ...xpack_upgrade_spec.rb => security_spec.rb} | 24 +-- test/integration/issue-test.yml | 42 ----- .../issue-test/serverspec/default_spec.rb | 8 - test/integration/license.yml | 57 ++++++ .../oss-upgrade.yml => license/license.yml} | 0 .../license/serverspec/default_spec.rb | 9 + ...upgrade.yml => oss-to-default-upgrade.yml} | 6 +- .../oss-to-default-upgrade.yml} | 0 .../serverspec/default_spec.rb | 7 + .../serverspec/default_spec.rb | 9 - test/integration/oss-upgrade.yml | 6 +- .../{xpack/xpack.yml => oss-upgrade/oss.yml} | 0 .../oss-upgrade/serverspec/default_spec.rb | 4 +- test/integration/oss.yml | 8 +- .../oss/serverspec/default_spec.rb | 7 +- test/integration/security.yml | 56 ++++++ test/integration/security/security.yml | 2 + .../security/serverspec/default_spec.rb | 9 + .../{xpack-upgrade-trial.yml => trial.yml} | 71 +------ .../trial/serverspec/default_spec.rb | 7 + test/integration/trial/trial.yml | 2 + test/integration/upgrade.yml | 16 ++ .../upgrade/serverspec/default_spec.rb | 7 + test/integration/upgrade/upgrade.yml | 2 + test/integration/xpack-upgrade-trial | 1 - test/integration/xpack-upgrade.yml | 173 ------------------ test/integration/xpack.yml | 10 - test/matrix-6x.yml | 10 +- test/matrix.yml | 10 +- 43 files changed, 272 insertions(+), 406 deletions(-) create mode 100644 test/integration/custom-config.yml rename test/integration/{issue-test/issue-test.yml => custom-config/custom_config.yml} (100%) rename test/integration/{xpack-upgrade => custom-config}/serverspec/default_spec.rb (53%) create mode 100644 test/integration/default.yml rename test/integration/{oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml => default/default.yml} (100%) rename test/integration/{xpack => default}/serverspec/default_spec.rb (79%) rename test/integration/helpers/serverspec/{oss_spec.rb => custom_config_spec.rb} (92%) delete mode 100644 test/integration/helpers/serverspec/issue_test_spec.rb create mode 100644 test/integration/helpers/serverspec/license_spec.rb delete mode 100644 test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb delete mode 100644 test/integration/helpers/serverspec/oss_upgrade_spec.rb rename test/integration/helpers/serverspec/{xpack_upgrade_spec.rb => security_spec.rb} (73%) delete mode 100644 test/integration/issue-test.yml delete mode 100644 test/integration/issue-test/serverspec/default_spec.rb create mode 100644 test/integration/license.yml rename test/integration/{oss-upgrade/oss-upgrade.yml => license/license.yml} (100%) create mode 100644 test/integration/license/serverspec/default_spec.rb rename test/integration/{oss-to-xpack-upgrade.yml => oss-to-default-upgrade.yml} (72%) rename test/integration/{xpack-upgrade/xpack-upgrade.yml => oss-to-default-upgrade/oss-to-default-upgrade.yml} (100%) create mode 100644 test/integration/oss-to-default-upgrade/serverspec/default_spec.rb delete mode 100644 test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb rename test/integration/{xpack/xpack.yml => oss-upgrade/oss.yml} (100%) create mode 100644 test/integration/security.yml create mode 100644 test/integration/security/security.yml create mode 100644 test/integration/security/serverspec/default_spec.rb rename test/integration/{xpack-upgrade-trial.yml => trial.yml} (53%) create mode 100644 test/integration/trial/serverspec/default_spec.rb create mode 100644 test/integration/trial/trial.yml create mode 100644 test/integration/upgrade.yml create mode 100644 test/integration/upgrade/serverspec/default_spec.rb create mode 100644 test/integration/upgrade/upgrade.yml delete mode 120000 test/integration/xpack-upgrade-trial delete mode 100644 test/integration/xpack-upgrade.yml delete mode 100644 test/integration/xpack.yml diff --git a/.kitchen.yml b/.kitchen.yml index fc9dcc1..a1ee4f5 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -149,31 +149,39 @@ platforms: use_sudo: false suites: + - name: custom-config + provisioner: + idempotency_test: true + playbook: test/integration/custom-config.yml + - name: default + provisioner: + playbook: test/integration/default.yml + idempotency_test: true + - name: license + provisioner: + playbook: test/integration/license.yml + idempotency_test: true - name: oss provisioner: idempotency_test: true playbook: test/integration/oss.yml + - name: oss-to-default-upgrade + provisioner: + playbook: test/integration/oss-to-default-upgrade.yml + idempotency_test: false - name: oss-upgrade provisioner: playbook: test/integration/oss-upgrade.yml idempotency_test: false - - name: oss-to-xpack-upgrade + - name: security provisioner: - playbook: test/integration/oss-to-xpack-upgrade.yml - idempotency_test: false - - name: xpack - provisioner: - playbook: test/integration/xpack.yml + playbook: test/integration/security.yml idempotency_test: true - - name: xpack-upgrade + - name: trial provisioner: - playbook: test/integration/xpack-upgrade.yml - idempotency_test: false - - name: issue-test + playbook: test/integration/trial.yml + idempotency_test: false # es_xpack_trial is not idempotent currently + - name: upgrade provisioner: - playbook: test/integration/issue-test.yml - idempotency_test: false - - name: xpack-upgrade-trial - provisioner: - playbook: test/integration/xpack-upgrade-trial.yml + playbook: test/integration/upgrade.yml idempotency_test: false diff --git a/Makefile b/Makefile index 8d28ebc..0de81fb 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ default: build SHELL:=/bin/bash -eux export VERSION := 7.x -PATTERN := xpack-ubuntu-1604 +PATTERN := default-ubuntu-1804 .PHONY: converge verify test login destroy list diff --git a/README.md b/README.md index 2164b4d..a660e63 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,7 @@ This playbook uses [Kitchen](https://kitchen.ci/) for CI and local testing. ### Running the tests * Ensure you have checked out this repository to `elasticsearch`, not `ansible-elasticsearch`. -* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` and `issue-test` suites by appending `-trial` to the `PATTERN` variable. +* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` suites by appending `-trial` to the `PATTERN` variable. * You may need to explicitly specify `VERSION=7.x` if some suites are failing. Install the ruby dependencies with bundler diff --git a/test/integration/custom-config.yml b/test/integration/custom-config.yml new file mode 100644 index 0000000..ed2dbab --- /dev/null +++ b/test/integration/custom-config.yml @@ -0,0 +1,11 @@ +--- +- name: Setup Elasticsearch with custom config files + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_config_default: "test/integration/files/custom_config/elasticsearch" + es_config_log4j2: "test/integration/files/custom_config/log4j2.properties" + es_config_jvm: "test/integration/files/custom_config/jvm.options" diff --git a/test/integration/issue-test/issue-test.yml b/test/integration/custom-config/custom_config.yml similarity index 100% rename from test/integration/issue-test/issue-test.yml rename to test/integration/custom-config/custom_config.yml diff --git a/test/integration/xpack-upgrade/serverspec/default_spec.rb b/test/integration/custom-config/serverspec/default_spec.rb similarity index 53% rename from test/integration/xpack-upgrade/serverspec/default_spec.rb rename to test/integration/custom-config/serverspec/default_spec.rb index 043bc5c..edcd593 100644 --- a/test/integration/xpack-upgrade/serverspec/default_spec.rb +++ b/test/integration/custom-config/serverspec/default_spec.rb @@ -1,9 +1,9 @@ -require 'xpack_upgrade_spec' +require 'custom_config_spec' require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'Xpack upgrade Tests' do +describe 'Custom Config Tests' do + include_examples 'custom_config::init', vars include_examples 'shared::init', vars - include_examples 'xpack_upgrade::init', vars end diff --git a/test/integration/default.yml b/test/integration/default.yml new file mode 100644 index 0000000..7a61d17 --- /dev/null +++ b/test/integration/default.yml @@ -0,0 +1,7 @@ +--- +- name: Setup Elasticsearch using default configuration + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch diff --git a/test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml b/test/integration/default/default.yml similarity index 100% rename from test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml rename to test/integration/default/default.yml diff --git a/test/integration/xpack/serverspec/default_spec.rb b/test/integration/default/serverspec/default_spec.rb similarity index 79% rename from test/integration/xpack/serverspec/default_spec.rb rename to test/integration/default/serverspec/default_spec.rb index 496a28c..248a339 100644 --- a/test/integration/xpack/serverspec/default_spec.rb +++ b/test/integration/default/serverspec/default_spec.rb @@ -2,6 +2,6 @@ require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'Xpack upgrade Tests' do +describe 'default tests' do include_examples 'shared::init', vars end diff --git a/test/integration/helpers/serverspec/oss_spec.rb b/test/integration/helpers/serverspec/custom_config_spec.rb similarity index 92% rename from test/integration/helpers/serverspec/oss_spec.rb rename to test/integration/helpers/serverspec/custom_config_spec.rb index f07ce88..9625510 100644 --- a/test/integration/helpers/serverspec/oss_spec.rb +++ b/test/integration/helpers/serverspec/custom_config_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' require 'shared_spec' -shared_examples 'oss::init' do |vars| +shared_examples 'custom_config::init' do |vars| describe file("/etc/elasticsearch/log4j2.properties") do it { should be_file } it { should be_owned_by 'root' } diff --git a/test/integration/helpers/serverspec/issue_test_spec.rb b/test/integration/helpers/serverspec/issue_test_spec.rb deleted file mode 100644 index f65ed61..0000000 --- a/test/integration/helpers/serverspec/issue_test_spec.rb +++ /dev/null @@ -1,10 +0,0 @@ -require 'spec_helper' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -shared_examples 'issue_test::init' do |vars| - - #Add custom tests here for the issue-test.yml test - -end - diff --git a/test/integration/helpers/serverspec/license_spec.rb b/test/integration/helpers/serverspec/license_spec.rb new file mode 100644 index 0000000..4045a63 --- /dev/null +++ b/test/integration/helpers/serverspec/license_spec.rb @@ -0,0 +1,27 @@ +require 'spec_helper' +require 'json' +require 'pathname' +vars = JSON.parse(File.read('/tmp/vars.json')) + +es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}" +username = vars['es_api_basic_auth_username'] +password = vars['es_api_basic_auth_password'] +es_keystore = Pathname.new(vars['es_ssl_keystore']).basename.to_s +es_truststore = Pathname.new(vars['es_ssl_truststore']).basename.to_s + +if vars['es_major_version'] == '7.x' + es_license_api = "_license" +else + es_license_api = "_xpack/license" +end + +shared_examples 'license::init' do |vars| + describe 'License check' do + result = curl_json("#{es_api_url}/#{es_license_api}", username=username, password=password) + it 'should list the license issued by Elastic' do + expect(result['license']['status']).to eq('active') + expect(result['license']['type']).to eq('trial') + expect(result['license']['issued_to']).to eq('Elastic - INTERNAL (non-production environments)') + end + end +end diff --git a/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb b/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb deleted file mode 100644 index 4eeda4c..0000000 --- a/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb +++ /dev/null @@ -1,4 +0,0 @@ -require 'spec_helper' - -shared_examples 'oss_to_xpack_upgrade::init' do |vars| -end diff --git a/test/integration/helpers/serverspec/oss_upgrade_spec.rb b/test/integration/helpers/serverspec/oss_upgrade_spec.rb deleted file mode 100644 index f09e937..0000000 --- a/test/integration/helpers/serverspec/oss_upgrade_spec.rb +++ /dev/null @@ -1,4 +0,0 @@ -require 'spec_helper' - -shared_examples 'oss_upgrade::init' do |vars| -end diff --git a/test/integration/helpers/serverspec/xpack_upgrade_spec.rb b/test/integration/helpers/serverspec/security_spec.rb similarity index 73% rename from test/integration/helpers/serverspec/xpack_upgrade_spec.rb rename to test/integration/helpers/serverspec/security_spec.rb index 237b1de..9410898 100644 --- a/test/integration/helpers/serverspec/xpack_upgrade_spec.rb +++ b/test/integration/helpers/serverspec/security_spec.rb @@ -15,7 +15,7 @@ else es_security_api = "_xpack/security" end -shared_examples 'xpack_upgrade::init' do |vars| +shared_examples 'security::init' do |vars| #Test users file, users_roles and roles.yml describe file("/etc/elasticsearch/users_roles") do it { should be_owned_by 'root' } @@ -39,12 +39,9 @@ shared_examples 'xpack_upgrade::init' do |vars| describe file("/etc/elasticsearch/elasticsearch.yml") do if vars['es_major_version'] == '7.x' it { should contain 'security.authc.realms.file.file1.order: 0' } - it { should contain 'security.authc.realms.native.native1.order: 1' } else it { should contain 'security.authc.realms.file1.order: 0' } it { should contain 'security.authc.realms.file1.type: file' } - it { should contain 'security.authc.realms.native1.order: 1' } - it { should contain 'security.authc.realms.native1.type: native' } end it { should contain 'xpack.security.transport.ssl.enabled: true' } it { should contain 'xpack.security.http.ssl.enabled: true' } @@ -56,18 +53,10 @@ shared_examples 'xpack_upgrade::init' do |vars| describe file("/etc/elasticsearch/role_mapping.yml") do it { should be_owned_by 'root' } it { should contain 'power_user:' } - it { should contain '- cn=admins,dc=example,dc=com' } it { should contain 'user:' } - it { should contain '- cn=admins,dc=example,dc=com' } end #check accounts are correct i.e. we can auth and they have the correct roles - describe 'kibana4_server access check' do - it 'should be reported as version '+vars['es_version'] do - expect(curl_json(es_api_url, username='kibana4_server', password='changeMe')['version']['number']).to eq(vars['es_version']) - end - end - describe 'security users' do result = curl_json("#{es_api_url}/#{es_security_api}/user", username=username, password=password) it 'should have the elastic user' do @@ -80,11 +69,6 @@ shared_examples 'xpack_upgrade::init' do |vars| expect(result['kibana']['roles']).to eq(['kibana_system']) expect(result['kibana']['enabled']).to eq(true) end - it 'should have the kibana_server user' do - expect(result['kibana4_server']['username']).to eq('kibana4_server') - expect(result['kibana4_server']['roles']).to eq(['kibana4_server']) - expect(result['kibana4_server']['enabled']).to eq(true) - end it 'should have the logstash user' do expect(result['logstash_system']['username']).to eq('logstash_system') expect(result['logstash_system']['roles']).to eq(['logstash_system']) @@ -92,12 +76,6 @@ shared_examples 'xpack_upgrade::init' do |vars| end end - describe 'logstash_system access check' do - it 'should be reported as version '+vars['es_version'] do - expect(curl_json(es_api_url, username='logstash_system', password='aNewLogstashPassword')['version']['number']).to eq(vars['es_version']) - end - end - describe 'SSL certificate check' do certificates = curl_json("#{es_api_url}/_ssl/certificates", username=username, password=password) it 'should list the keystore file' do diff --git a/test/integration/issue-test.yml b/test/integration/issue-test.yml deleted file mode 100644 index 1629f20..0000000 --- a/test/integration/issue-test.yml +++ /dev/null @@ -1,42 +0,0 @@ -#This file is for users to test issues and reproduce them using the test framework. -#Modify the playbook below and test with kitchen i.e. `kitchen test issue-test` -#To add custom tests modify the serverspec file ./helpers/serverspec/issue_test_spec.rb -#Idempot test is enabled for this test - -- name: Simple Example - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_config: - xpack.security.authc.realms.file.file1.order: 1 - xpack.security.authc.realms.native.native1.type: "native" - es_heap_size: "1g" - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: changeme - es_users: - file: - test_user: - password: changeme - roles: - - kibana_system - native: - kibana: - password: changeme - roles: - - kibana_system - elastic: - password: aNewPassWord - es_roles: - native: - logstash: - cluster: - - manage_index_templates - logstash_system: - cluster: - - manage_index_templates diff --git a/test/integration/issue-test/serverspec/default_spec.rb b/test/integration/issue-test/serverspec/default_spec.rb deleted file mode 100644 index ee7536b..0000000 --- a/test/integration/issue-test/serverspec/default_spec.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'issue_test_spec' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -describe 'Issue Test' do - include_examples 'issue_test::init', vars -end - diff --git a/test/integration/license.yml b/test/integration/license.yml new file mode 100644 index 0000000..cd0e234 --- /dev/null +++ b/test/integration/license.yml @@ -0,0 +1,57 @@ +--- +- name: Elasticsearch Xpack HTTP different keystore and truststore with password + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_config_6x: + xpack.security.authc.realms.file1.order: 0 + xpack.security.authc.realms.file1.type: file + es_config_7x: + xpack.security.authc.realms.file.file1.order: 0 + es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" + es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_api_sleep: 5 + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" + es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no + es_users: + file: + es_admin: + password: changeMe + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user + es_roles: + file: + admin: + cluster: + - all + indices: + - names: '*' + privileges: + - all + power_user: + cluster: + - monitor + indices: + - names: '*' + privileges: + - all + user: + indices: + - names: '*' + privileges: + - read diff --git a/test/integration/oss-upgrade/oss-upgrade.yml b/test/integration/license/license.yml similarity index 100% rename from test/integration/oss-upgrade/oss-upgrade.yml rename to test/integration/license/license.yml diff --git a/test/integration/license/serverspec/default_spec.rb b/test/integration/license/serverspec/default_spec.rb new file mode 100644 index 0000000..aabba22 --- /dev/null +++ b/test/integration/license/serverspec/default_spec.rb @@ -0,0 +1,9 @@ +require 'license_spec' +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'license tests' do + include_examples 'shared::init', vars + include_examples 'license::init', vars +end diff --git a/test/integration/oss-to-xpack-upgrade.yml b/test/integration/oss-to-default-upgrade.yml similarity index 72% rename from test/integration/oss-to-xpack-upgrade.yml rename to test/integration/oss-to-default-upgrade.yml index 2d8caf8..774f725 100644 --- a/test/integration/oss-to-xpack-upgrade.yml +++ b/test/integration/oss-to-default-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: Standard test for single node setup. Tests idempotence. +- name: Deploy Elasticsearch OSS version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -8,9 +8,8 @@ vars: es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade oss_version: true - es_heap_size: "1g" -- name: Standard test for single node setup. Tests idempotence. +- name: Upgrade to Elasticsearch default version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -18,4 +17,3 @@ - elasticsearch vars: oss_version: false - es_heap_size: "1g" diff --git a/test/integration/xpack-upgrade/xpack-upgrade.yml b/test/integration/oss-to-default-upgrade/oss-to-default-upgrade.yml similarity index 100% rename from test/integration/xpack-upgrade/xpack-upgrade.yml rename to test/integration/oss-to-default-upgrade/oss-to-default-upgrade.yml diff --git a/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb b/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb new file mode 100644 index 0000000..08e2a2d --- /dev/null +++ b/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'oss to default upgrade tests' do + include_examples 'shared::init', vars +end diff --git a/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb b/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb deleted file mode 100644 index c633ffa..0000000 --- a/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'oss_to_xpack_upgrade_spec' -require 'shared_spec' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -describe 'oss to xpack upgrade Tests' do - include_examples 'shared::init', vars - include_examples 'oss_to_xpack_upgrade::init', vars -end diff --git a/test/integration/oss-upgrade.yml b/test/integration/oss-upgrade.yml index 9d5c147..153b02a 100644 --- a/test/integration/oss-upgrade.yml +++ b/test/integration/oss-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: Standard test for single node setup. Tests idempotence. +- name: Deploy Elasticsearch OSS previous version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -8,9 +8,8 @@ vars: es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade oss_version: true - es_heap_size: "1g" -- name: Standard test for single node setup. Tests idempotence. +- name: Deploy Elasticsearch OSS latest version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -18,4 +17,3 @@ - elasticsearch vars: oss_version: true - es_heap_size: "1g" diff --git a/test/integration/xpack/xpack.yml b/test/integration/oss-upgrade/oss.yml similarity index 100% rename from test/integration/xpack/xpack.yml rename to test/integration/oss-upgrade/oss.yml diff --git a/test/integration/oss-upgrade/serverspec/default_spec.rb b/test/integration/oss-upgrade/serverspec/default_spec.rb index 939ee16..cd36592 100644 --- a/test/integration/oss-upgrade/serverspec/default_spec.rb +++ b/test/integration/oss-upgrade/serverspec/default_spec.rb @@ -1,9 +1,7 @@ -require 'oss_upgrade_spec' require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'oss upgrade Tests' do - include_examples 'oss_upgrade::init', vars +describe 'oss upgrade tests' do include_examples 'shared::init', vars end diff --git a/test/integration/oss.yml b/test/integration/oss.yml index 7f54c47..6c6ba06 100644 --- a/test/integration/oss.yml +++ b/test/integration/oss.yml @@ -1,5 +1,5 @@ --- -- name: Standard test for single node setup. Tests idempotence. +- name: Setup Elasticsearch OSS 6.x hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -7,11 +7,5 @@ - elasticsearch vars: oss_version: true - es_heap_size: "1g" - es_plugins: - - plugin: ingest-attachment - es_config_default: "test/integration/files/custom_config/elasticsearch" - es_config_log4j2: "test/integration/files/custom_config/log4j2.properties" - es_config_jvm: "test/integration/files/custom_config/jvm.options" #Do not add tests here. This test is run twice and confirms idempotency. diff --git a/test/integration/oss/serverspec/default_spec.rb b/test/integration/oss/serverspec/default_spec.rb index 7b50667..b32dc04 100644 --- a/test/integration/oss/serverspec/default_spec.rb +++ b/test/integration/oss/serverspec/default_spec.rb @@ -1,12 +1,7 @@ -require 'oss_spec' require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'OSS Tests' do - include_examples 'oss::init', vars +describe 'oss tests' do include_examples 'shared::init', vars end - - - diff --git a/test/integration/security.yml b/test/integration/security.yml new file mode 100644 index 0000000..bfedebf --- /dev/null +++ b/test/integration/security.yml @@ -0,0 +1,56 @@ +--- +- name: Elasticsearch Xpack HTTP different keystore and truststore with password + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_config_6x: + xpack.security.authc.realms.file1.order: 0 + xpack.security.authc.realms.file1.type: file + es_config_7x: + xpack.security.authc.realms.file.file1.order: 0 + es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_api_sleep: 5 + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" + es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no + es_users: + file: + es_admin: + password: changeMe + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user + es_roles: + file: + admin: + cluster: + - all + indices: + - names: '*' + privileges: + - all + power_user: + cluster: + - monitor + indices: + - names: '*' + privileges: + - all + user: + indices: + - names: '*' + privileges: + - read diff --git a/test/integration/security/security.yml b/test/integration/security/security.yml new file mode 100644 index 0000000..a3c37e1 --- /dev/null +++ b/test/integration/security/security.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/security/serverspec/default_spec.rb b/test/integration/security/serverspec/default_spec.rb new file mode 100644 index 0000000..25696e8 --- /dev/null +++ b/test/integration/security/serverspec/default_spec.rb @@ -0,0 +1,9 @@ +require 'security_spec' +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'security tests' do + include_examples 'shared::init', vars + include_examples 'security::init', vars +end diff --git a/test/integration/xpack-upgrade-trial.yml b/test/integration/trial.yml similarity index 53% rename from test/integration/xpack-upgrade-trial.yml rename to test/integration/trial.yml index acf2e57..3221713 100644 --- a/test/integration/xpack-upgrade-trial.yml +++ b/test/integration/trial.yml @@ -1,5 +1,5 @@ --- -- name: Elasticsearch Xpack HTTP different keystore and truststore with password +- name: Setup Elasticsearch with security enabled and a trial license hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -15,15 +15,7 @@ xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.native1.order: 1 es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_major_version: "7.x" - es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade - es_xpack_license: "" es_xpack_trial: true - es_plugins: - - plugin: ingest-attachment es_api_basic_auth_username: elastic es_api_basic_auth_password: changeme es_api_sleep: 5 @@ -112,64 +104,3 @@ - write - delete - create_index - -#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed. -- name: Elasticsearch Xpack HTTP SSL and shared keystore without password - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_config_6x: - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.file1.type: file - xpack.security.authc.realms.native1.order: 1 - xpack.security.authc.realms.native1.type: native - es_config_7x: - xpack.security.authc.realms.file.file1.order: 0 - xpack.security.authc.realms.native.native1.order: 1 - es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_xpack_license: "" - es_xpack_trial: false - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: elasticChanged - es_api_sleep: 5 - es_enable_http_ssl: true - es_enable_transport_ssl: true - es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_keystore_password: "" - es_ssl_truststore_password: "" - es_validate_certs: no - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this will be ignored - roles: - - kibana4_server - file: - es_admin: - password: changeMeAgain - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user diff --git a/test/integration/trial/serverspec/default_spec.rb b/test/integration/trial/serverspec/default_spec.rb new file mode 100644 index 0000000..9700f5b --- /dev/null +++ b/test/integration/trial/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'trial tests' do + include_examples 'shared::init', vars +end diff --git a/test/integration/trial/trial.yml b/test/integration/trial/trial.yml new file mode 100644 index 0000000..a3c37e1 --- /dev/null +++ b/test/integration/trial/trial.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/upgrade.yml b/test/integration/upgrade.yml new file mode 100644 index 0000000..2a1a27b --- /dev/null +++ b/test/integration/upgrade.yml @@ -0,0 +1,16 @@ +--- +- name: Deploy Elasticsearch previous version + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" + +- name: Deploy Elasticsearch latest version + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch diff --git a/test/integration/upgrade/serverspec/default_spec.rb b/test/integration/upgrade/serverspec/default_spec.rb new file mode 100644 index 0000000..29eacb2 --- /dev/null +++ b/test/integration/upgrade/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'upgrade tests' do + include_examples 'shared::init', vars +end diff --git a/test/integration/upgrade/upgrade.yml b/test/integration/upgrade/upgrade.yml new file mode 100644 index 0000000..a3c37e1 --- /dev/null +++ b/test/integration/upgrade/upgrade.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/xpack-upgrade-trial b/test/integration/xpack-upgrade-trial deleted file mode 120000 index 3021ce0..0000000 --- a/test/integration/xpack-upgrade-trial +++ /dev/null @@ -1 +0,0 @@ -xpack-upgrade \ No newline at end of file diff --git a/test/integration/xpack-upgrade.yml b/test/integration/xpack-upgrade.yml deleted file mode 100644 index ea4a8bc..0000000 --- a/test/integration/xpack-upgrade.yml +++ /dev/null @@ -1,173 +0,0 @@ ---- -- name: Elasticsearch Xpack HTTP different keystore and truststore with password - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_config_6x: - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.file1.type: file - xpack.security.authc.realms.native1.order: 1 - xpack.security.authc.realms.native1.type: native - es_config_7x: - xpack.security.authc.realms.file.file1.order: 0 - xpack.security.authc.realms.native.native1.order: 1 - es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_major_version: "7.x" - es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: changeme - es_api_sleep: 5 - es_enable_http_ssl: false - es_enable_transport_ssl: true - es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" - es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" - es_ssl_keystore_password: password1 - es_ssl_truststore_password: password2 - es_validate_certs: no - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this should be successfully modified - password: aNewLogstashPassword - #this will be ignored - roles: - - kibana4_server - elastic: - password: elasticChanged - file: - es_admin: - password: changeMe - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user - es_roles: - file: - admin: - cluster: - - all - indices: - - names: '*' - privileges: - - all - power_user: - cluster: - - monitor - indices: - - names: '*' - privileges: - - all - user: - indices: - - names: '*' - privileges: - - read - kibana4_server: - cluster: - - monitor - indices: - - names: '.kibana' - privileges: - - all - native: - logstash: - cluster: - - manage_index_templates - indices: - - names: 'logstash-*' - privileges: - - write - - delete - - create_index - #this will be ignored - its reserved - logstash_system: - cluster: - - manage_index_templates - indices: - - names: 'logstash-*' - privileges: - - write - - delete - - create_index - -#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed. -- name: Elasticsearch Xpack HTTP SSL and shared keystore without password - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_config_6x: - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.file1.type: file - xpack.security.authc.realms.native1.order: 1 - xpack.security.authc.realms.native1.type: native - es_config_7x: - xpack.security.authc.realms.file.file1.order: 0 - xpack.security.authc.realms.native.native1.order: 1 - es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: elasticChanged - es_api_sleep: 5 - es_enable_http_ssl: true - es_enable_transport_ssl: true - es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_keystore_password: "" - es_ssl_truststore_password: "" - es_validate_certs: no - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this will be ignored - roles: - - kibana4_server - file: - es_admin: - password: changeMeAgain - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml deleted file mode 100644 index 002736f..0000000 --- a/test/integration/xpack.yml +++ /dev/null @@ -1,10 +0,0 @@ -#Tests x-pack is idempotent and works when security is not enabled ---- -- name: Elasticsearch Xpack tests - no security and manual download - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_heap_size: 2g diff --git a/test/matrix-6x.yml b/test/matrix-6x.yml index d8fad35..d08e1e6 100644 --- a/test/matrix-6x.yml +++ b/test/matrix-6x.yml @@ -9,8 +9,12 @@ OS: - centos-8 - amazonlinux-2 TEST_TYPE: + - custom-config + - default + - license - oss + - oss-to-default-upgrade - oss-upgrade - - oss-to-xpack-upgrade - - xpack - - xpack-upgrade + - security + - trial + - upgrade diff --git a/test/matrix.yml b/test/matrix.yml index d8fad35..d08e1e6 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -9,8 +9,12 @@ OS: - centos-8 - amazonlinux-2 TEST_TYPE: + - custom-config + - default + - license - oss + - oss-to-default-upgrade - oss-upgrade - - oss-to-xpack-upgrade - - xpack - - xpack-upgrade + - security + - trial + - upgrade