From fdf1bda1554bcc0dcb2ebc7f1994687a540fdeb7 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Sun, 24 Jul 2016 12:25:34 +0100 Subject: [PATCH] Shield config tests + prevent use of xpack in version < 2.0 --- tasks/elasticsearch-parameters.yml | 4 ++++ test/integration/helpers/serverspec/xpack_spec.rb | 7 +++++++ test/integration/xpack.yml | 4 +++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/tasks/elasticsearch-parameters.yml b/tasks/elasticsearch-parameters.yml index c05b81d..3cac7cb 100644 --- a/tasks/elasticsearch-parameters.yml +++ b/tasks/elasticsearch-parameters.yml @@ -21,6 +21,10 @@ - fail: msg="If locking memory with bootstrap.mlockall a heap size must be specified" when: es_config['bootstrap.mlockall'] is defined and es_config['bootstrap.mlockall'] == True and es_heap_size is not defined +#Don't support xpack on versions < 2.0 +- fail: msg="Use of the xpack notation is not supported on versions < 2.0. Marvel-agent and watcher can be installed as plugins. Version > 2.0 is required for shield." + when: es_enable_xpack and version_compare('2.0', '<') + #Check if working with shield we have an es_api_basic_auth_username and es_api_basic_auth_username - otherwise any http calls wont work - fail: msg="Enabling shield requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations" when: es_enable_xpack and '"shield" in es_xpack_features' and es_api_basic_auth_username is not defined and es_api_basic_auth_password is not defined diff --git a/test/integration/helpers/serverspec/xpack_spec.rb b/test/integration/helpers/serverspec/xpack_spec.rb index 0e9809a..0772435 100644 --- a/test/integration/helpers/serverspec/xpack_spec.rb +++ b/test/integration/helpers/serverspec/xpack_spec.rb @@ -160,5 +160,12 @@ shared_examples 'xpack::init' do |es_version| end #Test contents of Elasticsearch.yml file + describe file('/etc/elasticsearch/shield_node/elasticsearch.yml') do + it { should contain 'shield.authc.realms.file1.order: 0' } + it { should contain 'shield.authc.realms.file1.type: file' } + it { should contain 'shield.authc.realms.native1.order: 1' } + it { should contain 'shield.authc.realms.native1.type: native' } + end + end diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index f6fe157..ec8c7a5 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -2,7 +2,9 @@ - name: Elasticsearch Xpack tests hosts: localhost roles: - - { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300" }, es_instance_name: "shield_node" } + - { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300", + "shield.authc.realms.file1.type": "file","shield.authc.realms.file1.order": 0, "shield.authc.realms.native1.type": "native","shield.authc.realms.native1.order": 1 }, + es_instance_name: "shield_node" } vars: es_templates: true es_enable_xpack: true