Fix for issue #369

2017-09-19 20:11:09 +01:00 · 2017-09-19 20:11:09 +01:00 · e9a6f74d09
commit e9a6f74d09
parent 0676799d1c
8 changed files with 216 additions and 47 deletions
--- a/test/integration/helpers/serverspec/xpack_spec.rb
+++ b/test/integration/helpers/serverspec/xpack_spec.rb
@ -199,5 +199,45 @@ shared_examples 'xpack::init' do |es_version,plugins|
    #Test contents as expected
    its(:md5sum) { should eq '6ff0e6c4380a6ac0f6e04d871c0ca5e8' }
  end
+
+  #check accounts are correct i.e. we can auth and they have the correct roles
+
+  describe 'kibana4_server access check' do
+    it 'should be reported as version '+es_version do
+      command = command('curl -s localhost:9200/ -u kibana4_server:changeMe | grep number')
+      expect(command.stdout).to match(es_version)
+      expect(command.exit_status).to eq(0)
+    end
+  end
+
+  describe command('curl -s localhost:9200/_xpack/security/user/kibana4_server -u elastic:elasticChanged | md5sum | grep f0548742161d9e50c7c7fbe2e061a1fa') do
+      its(:exit_status) { should eq 0 }
+  end
+
+
+  describe 'logstash_system access check' do
+    it 'should be reported as version '+es_version do
+      command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword | grep number')
+      expect(command.stdout).to match(es_version)
+      expect(command.exit_status).to eq(0)
+    end
+  end
+
+  describe command('curl -s localhost:9200/_xpack/security/user/logstash_system -u elastic:elasticChanged | md5sum | grep 98d361ddfa5156abd33542a493b4fd85') do
+      its(:exit_status) { should eq 0 }
+  end
+
+  describe 'kibana access check' do
+    it 'should be reported as version '+es_version do
+      command = command('curl -s localhost:9200/ -u kibana:changeme | grep number')
+      expect(command.stdout).to match(es_version)
+      expect(command.exit_status).to eq(0)
+    end
+  end
+
+  describe command('curl -s localhost:9200/_xpack/security/user/kibana -u elastic:elasticChanged | md5sum | grep 34190c64eb3c7cfb002fa789df5fad20') do
+      its(:exit_status) { should eq 0 }
+  end
+
 end

--- a/test/integration/issue-test.yml
+++ b/test/integration/issue-test.yml
@ -2,10 +2,20 @@
 #Modify the playbook  below and test with kitchen i.e. `kitchen test issue-test`
 #To add custom tests modify the serverspec file ./helpers/serverspec/issue_test_spec.rb
 #Idempot test is enabled for this test
+
 - name: Simple Example
  hosts: localhost
  roles:
-    - { role: elasticsearch, es_config:  {  "xpack.security.authc.realms.file1.type": "file", "xpack.security.authc.realms.file1.order": 1, "xpack.security.authc.realms.native1.type": "native", "xpack.security.authc.realms.native1.order": 0 }, es_instance_name: "security_node" }
+    - {
+        role: elasticsearch,
+        es_config:
+        {
+          "xpack.security.authc.realms.file1.type": "file",
+          "xpack.security.authc.realms.file1.order": 1,
+          "xpack.security.authc.realms.native1.type": "native",
+          "xpack.security.authc.realms.native1.order": 0
+        },
+    es_instance_name: "security_node" }
  vars:
    es_heap_size: "1g"
    es_enable_xpack: true
@ -17,8 +27,27 @@
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: changeme
    es_users:
-      native:
-        testUser:
+      file:
+        kibana:
          password: changeme
          roles:
-            - kibana_user
+            - kibana_system
+        test_user:
+          password: changeme
+          roles:
+            - kibana_system
+      native:
+        kibana:
+          password: changeme
+          roles:
+            - kibana_system
+        elastic:
+          password: aNewPassWord
+    es_roles:
+      native:
+        logstash:
+          cluster:
+            - manage_index_templates
+        logstash_system:
+          cluster:
+            - manage_index_templates
--- a/test/integration/xpack.yml
+++ b/test/integration/xpack.yml
@ -31,6 +31,14 @@
          password: changeMe
          roles:
            - kibana4_server
+        logstash_system:
+          #this should be successfully modified
+          password: aNewLogstashPassword
+          #this will be ignored
+          roles:
+            - kibana4_server
+        elastic:
+          password: elasticChanged
      file:
        es_admin:
          password: changeMe
@ -41,6 +49,11 @@
          roles:
            - power_user
            - user
+        #testing this shouldn't be impacted through the file call
+        kibana:
+          password: this_wont_be_set
+          roles:
+            - kibana_system
    es_roles:
      file:
        admin:
@ -79,6 +92,16 @@
                - write
                - delete
                - create_index
+        #this will be ignored - its reserved
+        logstash_system:
+          cluster:
+            - manage_index_templates
+          indices:
+            - names: 'logstash-*'
+              privileges:
+                - write
+                - delete
+                - create_index

 #modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
 - name: Elasticsearch Xpack modify
@ -99,7 +122,7 @@
      - security
      - alerting
    es_api_basic_auth_username: elastic
-    es_api_basic_auth_password: changeme
+    es_api_basic_auth_password: elasticChanged
    es_role_mapping:
      power_user:
        - "cn=admins,dc=example,dc=com"
@ -112,6 +135,10 @@
          password: changeMe
          roles:
            - kibana4_server
+        logstash_system:
+          #this will be ignored
+          roles:
+            - kibana4_server
      file:
        es_admin:
          password: changeMeAgain