2017-09-19 04:07:39 -04:00
|
|
|
#!/usr/bin/env bats
|
|
|
|
|
|
|
|
# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
|
|
# or more contributor license agreements. Licensed under the Elastic License;
|
|
|
|
# you may not use this file except in compliance with the Elastic License.
|
|
|
|
|
|
|
|
load $BATS_UTILS/utils.bash
|
|
|
|
load $BATS_UTILS/plugins.bash
|
|
|
|
load $BATS_UTILS/xpack.bash
|
|
|
|
|
|
|
|
setup() {
|
|
|
|
if [ $BATS_TEST_NUMBER == 1 ]; then
|
2018-02-23 11:03:17 -05:00
|
|
|
export PACKAGE_NAME="elasticsearch"
|
2017-09-19 04:07:39 -04:00
|
|
|
clean_before_test
|
|
|
|
install
|
2018-05-29 14:06:14 -04:00
|
|
|
set_debug_logging
|
2017-09-19 04:07:39 -04:00
|
|
|
|
2018-02-14 22:40:51 -05:00
|
|
|
generate_trial_license
|
2017-09-19 04:07:39 -04:00
|
|
|
verify_xpack_installation
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2018-03-12 12:49:50 -04:00
|
|
|
if [[ "$BATS_TEST_FILENAME" =~ 20_tar_bootstrap_password.bats$ ]]; then
|
2017-09-19 04:07:39 -04:00
|
|
|
load $BATS_UTILS/tar.bash
|
|
|
|
GROUP='TAR BOOTSTRAP PASSWORD'
|
|
|
|
install() {
|
|
|
|
install_archive
|
|
|
|
verify_archive_installation
|
|
|
|
}
|
|
|
|
export ESHOME=/tmp/elasticsearch
|
|
|
|
export_elasticsearch_paths
|
|
|
|
export ESPLUGIN_COMMAND_USER=elasticsearch
|
|
|
|
else
|
|
|
|
load $BATS_UTILS/packages.bash
|
|
|
|
if is_rpm; then
|
|
|
|
GROUP='RPM BOOTSTRAP PASSWORD'
|
|
|
|
elif is_dpkg; then
|
|
|
|
GROUP='DEB BOOTSTRAP PASSWORD'
|
|
|
|
fi
|
|
|
|
export_elasticsearch_paths
|
|
|
|
export ESPLUGIN_COMMAND_USER=root
|
|
|
|
install() {
|
|
|
|
install_package
|
|
|
|
verify_package_installation
|
|
|
|
}
|
|
|
|
fi
|
|
|
|
|
|
|
|
@test "[$GROUP] add bootstrap.password setting" {
|
2017-10-10 03:51:22 -04:00
|
|
|
if [[ -f /tmp/bootstrap.password ]]; then
|
|
|
|
sudo rm -f /tmp/bootstrap.password
|
|
|
|
fi
|
|
|
|
|
2018-03-18 13:06:11 -04:00
|
|
|
run sudo -E -u $ESPLUGIN_COMMAND_USER bash <<"NEW_PASS"
|
2018-03-12 12:49:50 -04:00
|
|
|
if [[ ! -f $ESCONFIG/elasticsearch.keystore ]]; then
|
|
|
|
$ESHOME/bin/elasticsearch-keystore create
|
|
|
|
fi
|
2017-09-19 04:07:39 -04:00
|
|
|
cat /dev/urandom | tr -dc "[a-zA-Z0-9]" | fold -w 20 | head -n 1 > /tmp/bootstrap.password
|
|
|
|
cat /tmp/bootstrap.password | $ESHOME/bin/elasticsearch-keystore add --stdin bootstrap.password
|
|
|
|
NEW_PASS
|
|
|
|
[ "$status" -eq 0 ] || {
|
2017-10-10 03:51:22 -04:00
|
|
|
echo "Expected elasticsearch-keystore tool exit code to be zero but got [$status]"
|
2017-09-19 04:07:39 -04:00
|
|
|
echo "$output"
|
|
|
|
false
|
|
|
|
}
|
2017-10-10 03:51:22 -04:00
|
|
|
assert_file_exist "/tmp/bootstrap.password"
|
2017-09-19 04:07:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
@test "[$GROUP] test bootstrap.password is in setting list" {
|
2018-03-18 13:06:11 -04:00
|
|
|
run sudo -E -u $ESPLUGIN_COMMAND_USER bash <<"NODE_SETTINGS"
|
2017-10-10 03:51:22 -04:00
|
|
|
cat >> $ESCONFIG/elasticsearch.yml <<- EOF
|
|
|
|
network.host: 127.0.0.1
|
|
|
|
http.port: 9200
|
|
|
|
EOF
|
|
|
|
NODE_SETTINGS
|
|
|
|
|
2017-09-19 04:07:39 -04:00
|
|
|
run_elasticsearch_service 0
|
2017-10-10 03:51:22 -04:00
|
|
|
wait_for_xpack 127.0.0.1 9200
|
2017-09-19 04:07:39 -04:00
|
|
|
|
|
|
|
sudo -E -u $ESPLUGIN_COMMAND_USER "$ESHOME/bin/elasticsearch-keystore" list | grep "bootstrap.password"
|
|
|
|
|
|
|
|
password=$(cat /tmp/bootstrap.password)
|
2017-10-11 05:34:33 -04:00
|
|
|
clusterHealth=$(sudo curl -u "elastic:$password" -H "Content-Type: application/json" \
|
|
|
|
-XGET "http://127.0.0.1:9200/_cluster/health?wait_for_status=green&timeout=30s")
|
|
|
|
echo "$clusterHealth" | grep '"status":"green"' || {
|
|
|
|
echo "Expected cluster health to be green but got:"
|
|
|
|
echo "$clusterHealth"
|
|
|
|
false
|
|
|
|
}
|
2017-09-19 04:07:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
@test "[$GROUP] test auto generated passwords with modified bootstrap.password" {
|
2017-10-10 03:51:22 -04:00
|
|
|
if [[ -f /tmp/setup-passwords-output-with-bootstrap ]]; then
|
|
|
|
sudo rm -f /tmp/setup-passwords-output-with-bootstrap
|
|
|
|
fi
|
|
|
|
|
2018-03-18 13:06:11 -04:00
|
|
|
run sudo -E -u $ESPLUGIN_COMMAND_USER bash <<"SETUP_OK"
|
2018-04-11 11:21:15 -04:00
|
|
|
echo 'y' | $ESHOME/bin/elasticsearch-setup-passwords auto
|
2017-09-19 04:07:39 -04:00
|
|
|
SETUP_OK
|
|
|
|
echo "$output" > /tmp/setup-passwords-output-with-bootstrap
|
|
|
|
[ "$status" -eq 0 ] || {
|
2018-04-11 11:21:15 -04:00
|
|
|
echo "Expected x-pack elasticsearch-setup-passwords tool exit code to be zero but got [$status]"
|
2017-09-19 04:07:39 -04:00
|
|
|
cat /tmp/setup-passwords-output-with-bootstrap
|
2018-02-13 13:56:17 -05:00
|
|
|
debug_collect_logs
|
2017-09-19 04:07:39 -04:00
|
|
|
false
|
|
|
|
}
|
|
|
|
|
2018-12-27 23:26:46 -05:00
|
|
|
curl -s -XGET 'http://127.0.0.1:9200' | grep "missing authentication credentials for REST"
|
2017-09-19 04:07:39 -04:00
|
|
|
|
|
|
|
# Disable bash history expansion because passwords can contain "!"
|
|
|
|
set +H
|
|
|
|
|
|
|
|
users=( elastic kibana logstash_system )
|
|
|
|
for user in "${users[@]}"; do
|
|
|
|
grep "Changed password for user $user" /tmp/setup-passwords-output-with-bootstrap || {
|
2018-04-11 11:21:15 -04:00
|
|
|
echo "Expected x-pack elasticsearch-setup-passwords tool to change password for user [$user]:"
|
2017-09-19 04:07:39 -04:00
|
|
|
cat /tmp/setup-passwords-output-with-bootstrap
|
|
|
|
false
|
|
|
|
}
|
|
|
|
|
|
|
|
password=$(grep "PASSWORD $user = " /tmp/setup-passwords-output-with-bootstrap | sed "s/PASSWORD $user = //")
|
2017-10-10 03:51:22 -04:00
|
|
|
curl -u "$user:$password" -XGET 'http://127.0.0.1:9200' | grep "You Know, for Search"
|
2017-09-19 04:07:39 -04:00
|
|
|
|
|
|
|
basic=$(echo -n "$user:$password" | base64)
|
2017-10-10 03:51:22 -04:00
|
|
|
curl -H "Authorization: Basic $basic" -XGET 'http://127.0.0.1:9200' | grep "You Know, for Search"
|
2017-09-19 04:07:39 -04:00
|
|
|
done
|
|
|
|
set -H
|
2017-12-14 09:57:03 -05:00
|
|
|
}
|
|
|
|
|
2018-04-11 11:29:57 -04:00
|
|
|
@test "[$GROUP] test elasticsearch-sql-cli" {
|
2017-12-14 09:57:03 -05:00
|
|
|
password=$(grep "PASSWORD elastic = " /tmp/setup-passwords-output-with-bootstrap | sed "s/PASSWORD elastic = //")
|
|
|
|
curl -s -u "elastic:$password" -H "Content-Type: application/json" -XPUT 'localhost:9200/library/book/1?refresh&pretty' -d'{
|
|
|
|
"name": "Ender'"'"'s Game",
|
|
|
|
"author": "Orson Scott Card",
|
|
|
|
"release_date": "1985-06-01",
|
|
|
|
"page_count": 324
|
|
|
|
}'
|
|
|
|
|
|
|
|
password=$(grep "PASSWORD elastic = " /tmp/setup-passwords-output-with-bootstrap | sed "s/PASSWORD elastic = //")
|
|
|
|
|
2018-04-11 11:29:57 -04:00
|
|
|
run $ESHOME/bin/elasticsearch-sql-cli --debug "http://elastic@127.0.0.1:9200" <<SQL
|
2017-12-14 09:57:03 -05:00
|
|
|
$password
|
|
|
|
SELECT * FROM library;
|
|
|
|
SQL
|
|
|
|
[ "$status" -eq 0 ] || {
|
|
|
|
echo "SQL cli failed:\n$output"
|
|
|
|
false
|
|
|
|
}
|
|
|
|
[[ "$output" == *"Card"* ]] || {
|
|
|
|
echo "Failed to find author [Card] in library:$output"
|
|
|
|
false
|
|
|
|
}
|
|
|
|
}
|
2017-09-19 04:07:39 -04:00
|
|
|
|
2018-04-11 11:29:57 -04:00
|
|
|
@test "[$GROUP] test elasticsearch-sql-cli when user refuses password" {
|
2018-03-13 09:00:53 -04:00
|
|
|
# Run with empty stdin
|
2018-04-11 11:29:57 -04:00
|
|
|
run $ESHOME/bin/elasticsearch-sql-cli --debug "http://elastic@127.0.0.1:9200" <<SQL
|
2018-03-13 09:00:53 -04:00
|
|
|
SQL
|
|
|
|
[ "$status" -eq 77 ] || { #NOPERM
|
|
|
|
echo "SQL cli failed:\n$output"
|
|
|
|
false
|
|
|
|
}
|
|
|
|
[[ "$output" == *"password required"* ]] || {
|
|
|
|
echo "Failed to find author [password required] in error:$output"
|
|
|
|
false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-14 09:57:03 -05:00
|
|
|
@test "[$GROUP] stop Elasticsearch" {
|
2017-09-19 04:07:39 -04:00
|
|
|
stop_elasticsearch_service
|
|
|
|
}
|