[meta] refactor kitchen tests (#765)

* [meta] refactor kitchen tests This commit update kitchen tests to match important feature to test: - default: test a deployment with all default values - license: test a deployment with a license and default values - trial: test a deployment with security enabled and trial license - oss: test a deployment with oss version and default values (6.x only) - upgrade: test an upgrade from a previous version - oss-upgrade: test an upgrade with oss version (6.x only) - oss-to-default-upgrade: test an upgrade from previous oss to latest default version - custom_config: test a deployment with custom config files - security: test a deployment with security enabled * [meta] fix license test
2021-02-04 11:19:00 +01:00 · 2021-02-04 11:19:00 +01:00 · d3e394b071
commit d3e394b071
parent 78e805e6cb
43 changed files with 272 additions and 406 deletions
--- a/.kitchen.yml
+++ b/.kitchen.yml
@ -149,31 +149,39 @@ platforms:
      use_sudo: false
 suites:
  - name: custom-config
    provisioner:
      idempotency_test: true
      playbook: test/integration/custom-config.yml
  - name: default
    provisioner:
      playbook: test/integration/default.yml
      idempotency_test: true
  - name: license
    provisioner:
      playbook: test/integration/license.yml
      idempotency_test: true
  - name: oss
    provisioner:
      idempotency_test: true
      playbook: test/integration/oss.yml
  - name: oss-to-default-upgrade
    provisioner:
      playbook: test/integration/oss-to-default-upgrade.yml
      idempotency_test: false
  - name: oss-upgrade
    provisioner:
      playbook: test/integration/oss-upgrade.yml
      idempotency_test: false
-  - name: oss-to-xpack-upgrade
+  - name: security
    provisioner:
-      playbook: test/integration/oss-to-xpack-upgrade.yml
+      playbook: test/integration/security.yml
      idempotency_test: false
  - name: xpack
    provisioner:
      playbook: test/integration/xpack.yml
      idempotency_test: true
-  - name: xpack-upgrade
+  - name: trial
    provisioner:
-      playbook: test/integration/xpack-upgrade.yml
+      playbook: test/integration/trial.yml
-      idempotency_test: false
+      idempotency_test: false # es_xpack_trial is not idempotent currently
-  - name: issue-test
+  - name: upgrade
    provisioner:
-      playbook: test/integration/issue-test.yml
+      playbook: test/integration/upgrade.yml
      idempotency_test: false
  - name: xpack-upgrade-trial
    provisioner:
      playbook: test/integration/xpack-upgrade-trial.yml
      idempotency_test: false
--- a/2
+++ b/2
@ -2,7 +2,7 @@ default: build
 SHELL:=/bin/bash -eux
 export VERSION := 7.x
-PATTERN := xpack-ubuntu-1604
+PATTERN := default-ubuntu-1804
 .PHONY: converge verify test login destroy list
--- a/README.md
+++ b/README.md
@ -97,7 +97,7 @@ This playbook uses [Kitchen](https://kitchen.ci/) for CI and local testing.
 ### Running the tests
 * Ensure you have checked out this repository to `elasticsearch`, not `ansible-elasticsearch`.
-* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` and `issue-test` suites by appending `-trial` to the `PATTERN` variable.
+* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` suites by appending `-trial` to the `PATTERN` variable.
 * You may need to explicitly specify `VERSION=7.x` if some suites are failing.
 Install the ruby dependencies with bundler
--- a/test/integration/custom-config.yml
+++ b/test/integration/custom-config.yml
@ -0,0 +1,11 @@
 ---
 - name: Setup Elasticsearch with custom config files
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_config_default: "test/integration/files/custom_config/elasticsearch"
    es_config_log4j2: "test/integration/files/custom_config/log4j2.properties"
    es_config_jvm: "test/integration/files/custom_config/jvm.options"
--- a/test/integration/custom-config/custom_config.yml
+++ b/test/integration/custom-config/custom_config.yml
--- a/test/integration/custom-config/serverspec/default_spec.rb
+++ b/test/integration/custom-config/serverspec/default_spec.rb
@ -1,9 +1,9 @@
-require 'xpack_upgrade_spec'
+require 'custom_config_spec'
 require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
-describe 'Xpack upgrade Tests' do
+describe 'Custom Config Tests' do
  include_examples 'custom_config::init', vars
  include_examples 'shared::init', vars
  include_examples 'xpack_upgrade::init', vars
 end
--- a/test/integration/default.yml
+++ b/test/integration/default.yml
@ -0,0 +1,7 @@
 ---
 - name: Setup Elasticsearch using default configuration
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
--- a/test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml
+++ b/test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml
--- a/test/integration/default/serverspec/default_spec.rb
+++ b/test/integration/default/serverspec/default_spec.rb
@ -2,6 +2,6 @@ require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
-describe 'Xpack upgrade Tests' do
+describe 'default tests' do
  include_examples 'shared::init', vars
 end
--- a/test/integration/helpers/serverspec/custom_config_spec.rb
+++ b/test/integration/helpers/serverspec/custom_config_spec.rb
@ -1,7 +1,7 @@
 require 'spec_helper'
 require 'shared_spec'
-shared_examples 'oss::init' do |vars|
+shared_examples 'custom_config::init' do |vars|
  describe file("/etc/elasticsearch/log4j2.properties") do
    it { should be_file }
    it { should be_owned_by 'root' }
--- a/test/integration/helpers/serverspec/issue_test_spec.rb
+++ b/test/integration/helpers/serverspec/issue_test_spec.rb
@ -1,10 +0,0 @@
 require 'spec_helper'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
 shared_examples 'issue_test::init' do |vars|
  #Add custom tests here for the issue-test.yml test
 end
--- a/test/integration/helpers/serverspec/license_spec.rb
+++ b/test/integration/helpers/serverspec/license_spec.rb
@ -0,0 +1,27 @@
 require 'spec_helper'
 require 'json'
 require 'pathname'
 vars = JSON.parse(File.read('/tmp/vars.json'))
 es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}"
 username = vars['es_api_basic_auth_username']
 password = vars['es_api_basic_auth_password']
 es_keystore = Pathname.new(vars['es_ssl_keystore']).basename.to_s
 es_truststore = Pathname.new(vars['es_ssl_truststore']).basename.to_s
 if vars['es_major_version'] == '7.x'
  es_license_api = "_license"
 else
  es_license_api = "_xpack/license"
 end
 shared_examples 'license::init' do |vars|
  describe 'License check' do
    result = curl_json("#{es_api_url}/#{es_license_api}", username=username, password=password)
    it 'should list the license issued by Elastic' do
      expect(result['license']['status']).to eq('active')
      expect(result['license']['type']).to eq('trial')
      expect(result['license']['issued_to']).to eq('Elastic - INTERNAL (non-production environments)')
    end
  end
 end
--- a/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb
+++ b/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb
@ -1,4 +0,0 @@
 require 'spec_helper'
 shared_examples 'oss_to_xpack_upgrade::init' do |vars|
 end
--- a/test/integration/helpers/serverspec/oss_upgrade_spec.rb
+++ b/test/integration/helpers/serverspec/oss_upgrade_spec.rb
@ -1,4 +0,0 @@
 require 'spec_helper'
 shared_examples 'oss_upgrade::init' do |vars|
 end
--- a/test/integration/helpers/serverspec/xpack_upgrade_spec.rb
+++ b/test/integration/helpers/serverspec/xpack_upgrade_spec.rb
@ -15,7 +15,7 @@ else
  es_security_api = "_xpack/security"
 end
-shared_examples 'xpack_upgrade::init' do |vars|
+shared_examples 'security::init' do |vars|
  #Test users file, users_roles and roles.yml
  describe file("/etc/elasticsearch/users_roles") do
    it { should be_owned_by 'root' }
@ -39,12 +39,9 @@ shared_examples 'xpack_upgrade::init' do |vars|
  describe file("/etc/elasticsearch/elasticsearch.yml") do
    if vars['es_major_version'] == '7.x'
      it { should contain 'security.authc.realms.file.file1.order: 0' }
      it { should contain 'security.authc.realms.native.native1.order: 1' }
    else
      it { should contain 'security.authc.realms.file1.order: 0' }
      it { should contain 'security.authc.realms.file1.type: file' }
      it { should contain 'security.authc.realms.native1.order: 1' }
      it { should contain 'security.authc.realms.native1.type: native' }
    end
    it { should contain 'xpack.security.transport.ssl.enabled: true' }
    it { should contain 'xpack.security.http.ssl.enabled: true' }
@ -56,18 +53,10 @@ shared_examples 'xpack_upgrade::init' do |vars|
  describe file("/etc/elasticsearch/role_mapping.yml") do
    it { should be_owned_by 'root' }
    it { should contain 'power_user:' }
    it { should contain '- cn=admins,dc=example,dc=com' }
    it { should contain 'user:' }
    it { should contain '- cn=admins,dc=example,dc=com' }
  end
  #check accounts are correct i.e. we can auth and they have the correct roles
  describe 'kibana4_server access check' do
    it 'should be reported as version '+vars['es_version'] do
      expect(curl_json(es_api_url, username='kibana4_server', password='changeMe')['version']['number']).to eq(vars['es_version'])
    end
  end
  describe 'security users' do
    result = curl_json("#{es_api_url}/#{es_security_api}/user", username=username, password=password)
    it 'should have the elastic user' do
@ -80,11 +69,6 @@ shared_examples 'xpack_upgrade::init' do |vars|
      expect(result['kibana']['roles']).to eq(['kibana_system'])
      expect(result['kibana']['enabled']).to eq(true)
    end
    it 'should have the kibana_server user' do
      expect(result['kibana4_server']['username']).to eq('kibana4_server')
      expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])
      expect(result['kibana4_server']['enabled']).to eq(true)
    end
    it 'should have the logstash user' do
      expect(result['logstash_system']['username']).to eq('logstash_system')
      expect(result['logstash_system']['roles']).to eq(['logstash_system'])
@ -92,12 +76,6 @@ shared_examples 'xpack_upgrade::init' do |vars|
    end
  end
  describe 'logstash_system access check' do
    it 'should be reported as version '+vars['es_version'] do
      expect(curl_json(es_api_url, username='logstash_system', password='aNewLogstashPassword')['version']['number']).to eq(vars['es_version'])
    end
  end
  describe 'SSL certificate check' do
    certificates = curl_json("#{es_api_url}/_ssl/certificates", username=username, password=password)
    it 'should list the keystore file' do
--- a/test/integration/issue-test.yml
+++ b/test/integration/issue-test.yml
@ -1,42 +0,0 @@
 #This file is for users to test issues and reproduce them using the test framework.
 #Modify the playbook  below and test with kitchen i.e. `kitchen test issue-test`
 #To add custom tests modify the serverspec file ./helpers/serverspec/issue_test_spec.rb
 #Idempot test is enabled for this test
 - name: Simple Example
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_xpack_license: "{{ lookup('file', '/tmp/license.json')  }}"
    es_config:
      xpack.security.authc.realms.file.file1.order: 1
      xpack.security.authc.realms.native.native1.type: "native"
    es_heap_size: "1g"
    es_plugins:
      - plugin: ingest-attachment
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: changeme
    es_users:
      file:
        test_user:
          password: changeme
          roles:
            - kibana_system
      native:
        kibana:
          password: changeme
          roles:
            - kibana_system
        elastic:
          password: aNewPassWord
    es_roles:
      native:
        logstash:
          cluster:
            - manage_index_templates
        logstash_system:
          cluster:
            - manage_index_templates
--- a/test/integration/issue-test/serverspec/default_spec.rb
+++ b/test/integration/issue-test/serverspec/default_spec.rb
@ -1,8 +0,0 @@
 require 'issue_test_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
 describe 'Issue Test' do
  include_examples 'issue_test::init', vars
 end
--- a/test/integration/license.yml
+++ b/test/integration/license.yml
@ -0,0 +1,57 @@
 ---
 - name: Elasticsearch Xpack HTTP different keystore and truststore with password
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_config_6x:
      xpack.security.authc.realms.file1.order: 0
      xpack.security.authc.realms.file1.type: file
    es_config_7x:
      xpack.security.authc.realms.file.file1.order: 0
    es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
    es_xpack_license: "{{ lookup('file', '/tmp/license.json')  }}"
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: changeme
    es_api_sleep: 5
    es_enable_http_ssl: true
    es_enable_transport_ssl: true
    es_ssl_keystore: "test/integration/files/certs/keystore-password.p12"
    es_ssl_truststore: "test/integration/files/certs/truststore-password.p12"
    es_ssl_keystore_password: password1
    es_ssl_truststore_password: password2
    es_validate_certs: no
    es_users:
      file:
        es_admin:
          password: changeMe
          roles:
            - admin
        testUser:
          password: changeMeAlso!
          roles:
            - power_user
            - user
    es_roles:
      file:
        admin:
          cluster:
            - all
          indices:
            - names: '*'
              privileges:
                - all
        power_user:
          cluster:
            - monitor
          indices:
            - names: '*'
              privileges:
                - all
        user:
          indices:
            - names: '*'
              privileges:
                - read
--- a/test/integration/oss-upgrade/oss-upgrade.yml
+++ b/test/integration/oss-upgrade/oss-upgrade.yml
--- a/test/integration/license/serverspec/default_spec.rb
+++ b/test/integration/license/serverspec/default_spec.rb
@ -0,0 +1,9 @@
 require 'license_spec'
 require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
 describe 'license tests' do
  include_examples 'shared::init', vars
  include_examples 'license::init', vars
 end
--- a/test/integration/oss-to-default-upgrade.yml
+++ b/test/integration/oss-to-default-upgrade.yml
@ -1,5 +1,5 @@
 ---
- name: Standard test for single node setup. Tests idempotence.
+- name: Deploy Elasticsearch OSS version
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
@ -8,9 +8,8 @@
  vars:
    es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
    oss_version: true
    es_heap_size: "1g"
- name: Standard test for single node setup. Tests idempotence.
+- name: Upgrade to Elasticsearch default version
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
@ -18,4 +17,3 @@
    - elasticsearch
  vars:
    oss_version: false
    es_heap_size: "1g"
--- a/test/integration/oss-to-default-upgrade/oss-to-default-upgrade.yml
+++ b/test/integration/oss-to-default-upgrade/oss-to-default-upgrade.yml
--- a/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb
+++ b/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb
@ -0,0 +1,7 @@
 require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
 describe 'oss to default upgrade tests' do
  include_examples 'shared::init', vars
 end
--- a/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb
+++ b/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb
@ -1,9 +0,0 @@
 require 'oss_to_xpack_upgrade_spec'
 require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
 describe 'oss to xpack upgrade Tests' do
  include_examples 'shared::init', vars
  include_examples 'oss_to_xpack_upgrade::init', vars
 end
--- a/test/integration/oss-upgrade.yml
+++ b/test/integration/oss-upgrade.yml
@ -1,5 +1,5 @@
 ---
- name: Standard test for single node setup. Tests idempotence.
+- name: Deploy Elasticsearch OSS previous version
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
@ -8,9 +8,8 @@
  vars:
    es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
    oss_version: true
    es_heap_size: "1g"
- name: Standard test for single node setup. Tests idempotence.
+- name: Deploy Elasticsearch OSS latest version
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
@ -18,4 +17,3 @@
    - elasticsearch
  vars:
    oss_version: true
    es_heap_size: "1g"
--- a/test/integration/oss-upgrade/oss.yml
+++ b/test/integration/oss-upgrade/oss.yml
--- a/test/integration/oss-upgrade/serverspec/default_spec.rb
+++ b/test/integration/oss-upgrade/serverspec/default_spec.rb
@ -1,9 +1,7 @@
 require 'oss_upgrade_spec'
 require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
-describe 'oss upgrade Tests' do
+describe 'oss upgrade tests' do
  include_examples 'oss_upgrade::init', vars
  include_examples 'shared::init', vars
 end
--- a/test/integration/oss.yml
+++ b/test/integration/oss.yml
@ -1,5 +1,5 @@
 ---
- name: Standard test for single node setup. Tests idempotence.
+- name: Setup Elasticsearch OSS 6.x
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
@ -7,11 +7,5 @@
    - elasticsearch
  vars:
    oss_version: true
    es_heap_size: "1g"
    es_plugins:
      - plugin: ingest-attachment
    es_config_default: "test/integration/files/custom_config/elasticsearch"
    es_config_log4j2: "test/integration/files/custom_config/log4j2.properties"
    es_config_jvm: "test/integration/files/custom_config/jvm.options"
 #Do not add tests here. This test is run twice and confirms idempotency.
--- a/test/integration/oss/serverspec/default_spec.rb
+++ b/test/integration/oss/serverspec/default_spec.rb
@ -1,12 +1,7 @@
 require 'oss_spec'
 require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
-describe 'OSS Tests' do
+describe 'oss tests' do
  include_examples 'oss::init', vars
  include_examples 'shared::init', vars
 end
--- a/test/integration/security.yml
+++ b/test/integration/security.yml
@ -0,0 +1,56 @@
 ---
 - name: Elasticsearch Xpack HTTP different keystore and truststore with password
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_config_6x:
      xpack.security.authc.realms.file1.order: 0
      xpack.security.authc.realms.file1.type: file
    es_config_7x:
      xpack.security.authc.realms.file.file1.order: 0
    es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: changeme
    es_api_sleep: 5
    es_enable_http_ssl: true
    es_enable_transport_ssl: true
    es_ssl_keystore: "test/integration/files/certs/keystore-password.p12"
    es_ssl_truststore: "test/integration/files/certs/truststore-password.p12"
    es_ssl_keystore_password: password1
    es_ssl_truststore_password: password2
    es_validate_certs: no
    es_users:
      file:
        es_admin:
          password: changeMe
          roles:
            - admin
        testUser:
          password: changeMeAlso!
          roles:
            - power_user
            - user
    es_roles:
      file:
        admin:
          cluster:
            - all
          indices:
            - names: '*'
              privileges:
                - all
        power_user:
          cluster:
            - monitor
          indices:
            - names: '*'
              privileges:
                - all
        user:
          indices:
            - names: '*'
              privileges:
                - read
--- a/test/integration/security/security.yml
+++ b/test/integration/security/security.yml
@ -0,0 +1,2 @@
 ---
 - host: test-kitchen
--- a/test/integration/security/serverspec/default_spec.rb
+++ b/test/integration/security/serverspec/default_spec.rb
@ -0,0 +1,9 @@
 require 'security_spec'
 require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
 describe 'security tests' do
  include_examples 'shared::init', vars
  include_examples 'security::init', vars
 end
--- a/test/integration/xpack-upgrade-trial.yml
+++ b/test/integration/xpack-upgrade-trial.yml
@ -1,5 +1,5 @@
 ---
- name: Elasticsearch Xpack HTTP different keystore and truststore with password
+- name: Setup Elasticsearch with security enabled and a trial license
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
@ -15,15 +15,7 @@
      xpack.security.authc.realms.file.file1.order: 0
      xpack.security.authc.realms.native.native1.order: 1
    es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
    es_heap_size: "1g"
    es_templates: true
    es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json"
    es_major_version: "7.x"
    es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
    es_xpack_license: ""
    es_xpack_trial: true
    es_plugins:
      - plugin: ingest-attachment
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: changeme
    es_api_sleep: 5
@ -112,64 +104,3 @@
                - write
                - delete
                - create_index
 #modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
 - name: Elasticsearch Xpack HTTP SSL and shared keystore without password
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_config_6x:
      xpack.security.authc.realms.file1.order: 0
      xpack.security.authc.realms.file1.type: file
      xpack.security.authc.realms.native1.order: 1
      xpack.security.authc.realms.native1.type: native
    es_config_7x:
      xpack.security.authc.realms.file.file1.order: 0
      xpack.security.authc.realms.native.native1.order: 1
    es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
    es_heap_size: "1g"
    es_templates: true
    es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json"
    es_xpack_license: ""
    es_xpack_trial: false
    es_plugins:
      - plugin: ingest-attachment
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: elasticChanged
    es_api_sleep: 5
    es_enable_http_ssl: true
    es_enable_transport_ssl: true
    es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12"
    es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12"
    es_ssl_keystore_password: ""
    es_ssl_truststore_password: ""
    es_validate_certs: no
    es_role_mapping:
      power_user:
        - "cn=admins,dc=example,dc=com"
      user:
        - "cn=users,dc=example,dc=com"
        - "cn=admins,dc=example,dc=com"
    es_users:
      native:
        kibana4_server:
          password: changeMe
          roles:
            - kibana4_server
        logstash_system:
          #this will be ignored
          roles:
            - kibana4_server
      file:
        es_admin:
          password: changeMeAgain
          roles:
            - admin
        testUser:
          password: changeMeAlso!
          roles:
            - power_user
            - user
--- a/test/integration/trial/serverspec/default_spec.rb
+++ b/test/integration/trial/serverspec/default_spec.rb
@ -0,0 +1,7 @@
 require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
 describe 'trial tests' do
  include_examples 'shared::init', vars
 end
--- a/test/integration/trial/trial.yml
+++ b/test/integration/trial/trial.yml
@ -0,0 +1,2 @@
 ---
 - host: test-kitchen
--- a/test/integration/upgrade.yml
+++ b/test/integration/upgrade.yml
@ -0,0 +1,16 @@
 ---
 - name: Deploy Elasticsearch previous version
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}"
 - name: Deploy Elasticsearch latest version
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
--- a/test/integration/upgrade/serverspec/default_spec.rb
+++ b/test/integration/upgrade/serverspec/default_spec.rb
@ -0,0 +1,7 @@
 require 'shared_spec'
 require 'json'
 vars = JSON.parse(File.read('/tmp/vars.json'))
 describe 'upgrade tests' do
  include_examples 'shared::init', vars
 end
--- a/test/integration/upgrade/upgrade.yml
+++ b/test/integration/upgrade/upgrade.yml
@ -0,0 +1,2 @@
 ---
 - host: test-kitchen
--- a/test/integration/xpack-upgrade-trial
+++ b/test/integration/xpack-upgrade-trial
@ -1 +0,0 @@
 xpack-upgrade
--- a/test/integration/xpack-upgrade.yml
+++ b/test/integration/xpack-upgrade.yml
@ -1,173 +0,0 @@
 ---
 - name: Elasticsearch Xpack HTTP different keystore and truststore with password
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_config_6x:
      xpack.security.authc.realms.file1.order: 0
      xpack.security.authc.realms.file1.type: file
      xpack.security.authc.realms.native1.order: 1
      xpack.security.authc.realms.native1.type: native
    es_config_7x:
      xpack.security.authc.realms.file.file1.order: 0
      xpack.security.authc.realms.native.native1.order: 1
    es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
    es_heap_size: "1g"
    es_templates: true
    es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json"
    es_major_version: "7.x"
    es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
    es_xpack_license: "{{ lookup('file', '/tmp/license.json')  }}"
    es_plugins:
      - plugin: ingest-attachment
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: changeme
    es_api_sleep: 5
    es_enable_http_ssl: false
    es_enable_transport_ssl: true
    es_ssl_keystore: "test/integration/files/certs/keystore-password.p12"
    es_ssl_truststore: "test/integration/files/certs/truststore-password.p12"
    es_ssl_keystore_password: password1
    es_ssl_truststore_password: password2
    es_validate_certs: no
    es_role_mapping:
      power_user:
        - "cn=admins,dc=example,dc=com"
      user:
        - "cn=users,dc=example,dc=com"
        - "cn=admins,dc=example,dc=com"
    es_users:
      native:
        kibana4_server:
          password: changeMe
          roles:
            - kibana4_server
        logstash_system:
          #this should be successfully modified
          password: aNewLogstashPassword
          #this will be ignored
          roles:
            - kibana4_server
        elastic:
          password: elasticChanged
      file:
        es_admin:
          password: changeMe
          roles:
            - admin
        testUser:
          password: changeMeAlso!
          roles:
            - power_user
            - user
    es_roles:
      file:
        admin:
          cluster:
            - all
          indices:
            - names: '*'
              privileges:
                - all
        power_user:
          cluster:
            - monitor
          indices:
            - names: '*'
              privileges:
                - all
        user:
          indices:
            - names: '*'
              privileges:
                - read
        kibana4_server:
          cluster:
              - monitor
          indices:
            - names: '.kibana'
              privileges:
                - all
      native:
        logstash:
          cluster:
            - manage_index_templates
          indices:
            - names: 'logstash-*'
              privileges:
                - write
                - delete
                - create_index
        #this will be ignored - its reserved
        logstash_system:
          cluster:
            - manage_index_templates
          indices:
            - names: 'logstash-*'
              privileges:
                - write
                - delete
                - create_index
 #modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
 - name: Elasticsearch Xpack HTTP SSL and shared keystore without password
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_config_6x:
      xpack.security.authc.realms.file1.order: 0
      xpack.security.authc.realms.file1.type: file
      xpack.security.authc.realms.native1.order: 1
      xpack.security.authc.realms.native1.type: native
    es_config_7x:
      xpack.security.authc.realms.file.file1.order: 0
      xpack.security.authc.realms.native.native1.order: 1
    es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
    es_heap_size: "1g"
    es_templates: true
    es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json"
    es_xpack_license: "{{ lookup('file', '/tmp/license.json')  }}"
    es_plugins:
      - plugin: ingest-attachment
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: elasticChanged
    es_api_sleep: 5
    es_enable_http_ssl: true
    es_enable_transport_ssl: true
    es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12"
    es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12"
    es_ssl_keystore_password: ""
    es_ssl_truststore_password: ""
    es_validate_certs: no
    es_role_mapping:
      power_user:
        - "cn=admins,dc=example,dc=com"
      user:
        - "cn=users,dc=example,dc=com"
        - "cn=admins,dc=example,dc=com"
    es_users:
      native:
        kibana4_server:
          password: changeMe
          roles:
            - kibana4_server
        logstash_system:
          #this will be ignored
          roles:
            - kibana4_server
      file:
        es_admin:
          password: changeMeAgain
          roles:
            - admin
        testUser:
          password: changeMeAlso!
          roles:
            - power_user
            - user
--- a/test/integration/xpack.yml
+++ b/test/integration/xpack.yml
@ -1,10 +0,0 @@
 #Tests x-pack is idempotent and works when security is not enabled
 ---
 - name: Elasticsearch Xpack tests - no security and manual download
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_heap_size: 2g
--- a/test/matrix-6x.yml
+++ b/test/matrix-6x.yml
@ -9,8 +9,12 @@ OS:
  - centos-8
  - amazonlinux-2
 TEST_TYPE:
  - custom-config
  - default
  - license
  - oss
  - oss-to-default-upgrade
  - oss-upgrade
-  - oss-to-xpack-upgrade
+  - security
-  - xpack
+  - trial
-  - xpack-upgrade
+  - upgrade
--- a/test/matrix.yml
+++ b/test/matrix.yml
@ -9,8 +9,12 @@ OS:
  - centos-8
  - amazonlinux-2
 TEST_TYPE:
  - custom-config
  - default
  - license
  - oss
  - oss-to-default-upgrade
  - oss-upgrade
-  - oss-to-xpack-upgrade
+  - security
-  - xpack
+  - trial
-  - xpack-upgrade
+  - upgrade