Add packaging test for bootstrap password setup (elastic/x-pack-elasticsearch#2509)

relates elastic/x-pack-elasticsearch#2388 Original commit: elastic/x-pack-elasticsearch@cc750155d0
2017-09-19 10:07:39 +02:00 · 2017-09-19 10:07:39 +02:00 · 0aef18333f
parent aec2308228
commit 0aef18333f
9 changed files with 241 additions and 20 deletions
--- a/qa/vagrant/src/test/resources/packaging/tests/10_basic.bats
+++ b/qa/vagrant/src/test/resources/packaging/tests/10_basic.bats
@ -14,6 +14,7 @@
 load $BATS_UTILS/utils.bash
 load $BATS_UTILS/tar.bash
 load $BATS_UTILS/plugins.bash
+load $BATS_UTILS/xpack.bash

 setup() {
    skip_not_tar_gz
@ -36,21 +37,7 @@ setup() {
 }

@test "[X-PACK] verify x-pack installation" {
-    assert_file "$ESHOME/bin/x-pack" d elasticsearch elasticsearch 755
-    assert_file "$ESHOME/bin/x-pack/certgen" f elasticsearch elasticsearch 755
-    assert_file "$ESHOME/bin/x-pack/croneval" f elasticsearch elasticsearch 755
-    assert_file "$ESHOME/bin/x-pack/extension" f elasticsearch elasticsearch 755
-    assert_file "$ESHOME/bin/x-pack/migrate" f elasticsearch elasticsearch 755
-    assert_file "$ESHOME/bin/x-pack/setup-passwords" f elasticsearch elasticsearch 755
-    assert_file "$ESHOME/bin/x-pack/syskeygen" f elasticsearch elasticsearch 755
-    assert_file "$ESHOME/bin/x-pack/users" f elasticsearch elasticsearch 755
-    assert_file "$ESHOME/bin/x-pack/x-pack-env" f elasticsearch elasticsearch 755
-    assert_file "$ESCONFIG/x-pack" d elasticsearch elasticsearch 750
-    assert_file "$ESCONFIG/x-pack/users" f elasticsearch elasticsearch 660
-    assert_file "$ESCONFIG/x-pack/users_roles" f elasticsearch elasticsearch 660
-    assert_file "$ESCONFIG/x-pack/roles.yml" f elasticsearch elasticsearch 660
-    assert_file "$ESCONFIG/x-pack/role_mapping.yml" f elasticsearch elasticsearch 660
-    assert_file "$ESCONFIG/x-pack/log4j2.properties" f elasticsearch elasticsearch 660
+    verify_xpack_installation
 }

@test "[X-PACK] verify croneval works" {
--- a/qa/vagrant/src/test/resources/packaging/tests/40_tar_bootstrap_password.bats
+++ b/qa/vagrant/src/test/resources/packaging/tests/40_tar_bootstrap_password.bats
@ -0,0 +1 @@
+bootstrap_password.bash
--- a/qa/vagrant/src/test/resources/packaging/tests/45_package_bootstrap_password.bats
+++ b/qa/vagrant/src/test/resources/packaging/tests/45_package_bootstrap_password.bats
@ -0,0 +1 @@
+bootstrap_password.bash
--- a/qa/vagrant/src/test/resources/packaging/tests/50_tar_setup_passwords.bats
+++ b/qa/vagrant/src/test/resources/packaging/tests/50_tar_setup_passwords.bats
@ -0,0 +1 @@
+setup_passwords.bash
--- a/qa/vagrant/src/test/resources/packaging/tests/55_package_setup_passwords.bats
+++ b/qa/vagrant/src/test/resources/packaging/tests/55_package_setup_passwords.bats
@ -0,0 +1 @@
+setup_passwords.bash
--- a/qa/vagrant/src/test/resources/packaging/tests/bootstrap_password.bash
+++ b/qa/vagrant/src/test/resources/packaging/tests/bootstrap_password.bash
@ -0,0 +1,101 @@
+#!/usr/bin/env bats
+
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License;
+# you may not use this file except in compliance with the Elastic License.
+
+load $BATS_UTILS/utils.bash
+load $BATS_UTILS/plugins.bash
+load $BATS_UTILS/xpack.bash
+
+setup() {
+    if [ $BATS_TEST_NUMBER == 1 ]; then
+        clean_before_test
+        install
+
+        install_and_check_plugin x pack x-pack-*.jar
+        verify_xpack_installation
+    fi
+}
+
+if [[ "$BATS_TEST_FILENAME" =~ 40_tar_bootstrap_password.bats$ ]]; then
+    load $BATS_UTILS/tar.bash
+    GROUP='TAR BOOTSTRAP PASSWORD'
+    install() {
+        install_archive
+        verify_archive_installation
+    }
+    export ESHOME=/tmp/elasticsearch
+    export_elasticsearch_paths
+    export ESPLUGIN_COMMAND_USER=elasticsearch
+else
+    load $BATS_UTILS/packages.bash
+    if is_rpm; then
+        GROUP='RPM BOOTSTRAP PASSWORD'
+    elif is_dpkg; then
+        GROUP='DEB BOOTSTRAP PASSWORD'
+    fi
+    export_elasticsearch_paths
+    export ESPLUGIN_COMMAND_USER=root
+    install() {
+        install_package
+        verify_package_installation
+    }
+fi
+
+@test "[$GROUP] add bootstrap.password setting" {
+    run sudo -E -u $ESPLUGIN_COMMAND_USER sh <<"NEW_PASS"
+cat /dev/urandom | tr -dc "[a-zA-Z0-9]" | fold -w 20 | head -n 1 > /tmp/bootstrap.password
+cat /tmp/bootstrap.password | $ESHOME/bin/elasticsearch-keystore add --stdin bootstrap.password
+NEW_PASS
+    [ "$status" -eq 0 ] || {
+        echo "Expected elasticsearch-keystore tool exit code to be zero"
+        echo "$output"
+        false
+    }
+}
+
+@test "[$GROUP] test bootstrap.password is in setting list" {
+    run_elasticsearch_service 0
+    wait_for_xpack
+
+    sudo -E -u $ESPLUGIN_COMMAND_USER "$ESHOME/bin/elasticsearch-keystore" list | grep "bootstrap.password"
+
+    password=$(cat /tmp/bootstrap.password)
+    curl -u "elastic:$password" -XGET localhost:9200 | grep "You Know, for Search"
+}
+
+@test "[$GROUP] test auto generated passwords with modified bootstrap.password" {
+    run sudo -E -u $ESPLUGIN_COMMAND_USER sh <<"SETUP_OK"
+echo 'y' | $ESHOME/bin/x-pack/setup-passwords auto
+SETUP_OK
+    echo "$output" > /tmp/setup-passwords-output-with-bootstrap
+    [ "$status" -eq 0 ] || {
+        echo "Expected x-pack setup-passwords tool exit code to be zero"
+        cat /tmp/setup-passwords-output-with-bootstrap
+        false
+    }
+
+    curl -s -XGET localhost:9200 | grep "missing authentication token for REST"
+
+    # Disable bash history expansion because passwords can contain "!"
+    set +H
+
+    users=( elastic kibana logstash_system )
+    for user in "${users[@]}"; do
+        grep "Changed password for user $user" /tmp/setup-passwords-output-with-bootstrap || {
+            echo "Expected x-pack setup-passwords tool to change password for user [$user]:"
+            cat /tmp/setup-passwords-output-with-bootstrap
+            false
+        }
+
+        password=$(grep "PASSWORD $user = " /tmp/setup-passwords-output-with-bootstrap | sed "s/PASSWORD $user = //")
+        curl -u "$user:$password" -XGET localhost:9200 | grep "You Know, for Search"
+
+        basic=$(echo -n "$user:$password" | base64)
+        curl -H "Authorization: Basic $basic" -XGET localhost:9200 | grep "You Know, for Search"
+    done
+    set -H
+
+    stop_elasticsearch_service
+}
--- a/qa/vagrant/src/test/resources/packaging/tests/keystore.bash
+++ b/qa/vagrant/src/test/resources/packaging/tests/keystore.bash
@ -6,6 +6,7 @@

 load $BATS_UTILS/utils.bash
 load $BATS_UTILS/plugins.bash
+load $BATS_UTILS/xpack.bash

 setup() {
    if [ $BATS_TEST_NUMBER == 1 ]; then
@ -45,9 +46,5 @@ fi

@test "[$GROUP] keystore exists after install" {
    install_and_check_plugin x pack x-pack-*.jar
-    if [[ "$BATS_TEST_FILENAME" =~ 20_tar_keystore.bats$ ]]; then
-        assert_file "$ESCONFIG/elasticsearch.keystore" f elasticsearch elasticsearch 660
-    else
-        assert_file "$ESCONFIG/elasticsearch.keystore" f root elasticsearch 660
-    fi
+    verify_xpack_installation
 }
--- a/qa/vagrant/src/test/resources/packaging/tests/setup_passwords.bash
+++ b/qa/vagrant/src/test/resources/packaging/tests/setup_passwords.bash
@ -0,0 +1,84 @@
+#!/usr/bin/env bats
+
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License;
+# you may not use this file except in compliance with the Elastic License.
+
+load $BATS_UTILS/utils.bash
+load $BATS_UTILS/plugins.bash
+load $BATS_UTILS/xpack.bash
+
+setup() {
+    if [ $BATS_TEST_NUMBER == 1 ]; then
+        clean_before_test
+        install
+
+        install_and_check_plugin x pack x-pack-*.jar
+        verify_xpack_installation
+    fi
+}
+
+
+if [[ "$BATS_TEST_FILENAME" =~ 50_tar_setup_passwords.bats$ ]]; then
+    load $BATS_UTILS/tar.bash
+    GROUP='TAR SETUP PASSWORD'
+    install() {
+        install_archive
+        verify_archive_installation
+    }
+    export ESHOME=/tmp/elasticsearch
+    export_elasticsearch_paths
+    export ESPLUGIN_COMMAND_USER=elasticsearch
+else
+    load $BATS_UTILS/packages.bash
+    if is_rpm; then
+        GROUP='RPM SETUP PASSWORD'
+    elif is_dpkg; then
+        GROUP='DEB SETUP PASSWORD'
+    fi
+    export_elasticsearch_paths
+    export ESPLUGIN_COMMAND_USER=root
+    install() {
+        install_package
+        verify_package_installation
+    }
+fi
+
+@test "[$GROUP] test auto generated passwords" {
+    run_elasticsearch_service 0
+    wait_for_xpack
+
+    run sudo -E -u $ESPLUGIN_COMMAND_USER sh <<"SETUP_AUTO"
+echo 'y' | $ESHOME/bin/x-pack/setup-passwords auto
+SETUP_AUTO
+    echo "$output" > /tmp/setup-passwords-output
+    [ "$status" -eq 0 ] || {
+        echo "Expected x-pack setup-passwords tool exit code to be zero"
+        cat /tmp/setup-passwords-output
+        false
+    }
+
+    curl -s -XGET localhost:9200 | grep "missing authentication token for REST"
+
+    # Disable bash history expansion because passwords can contain "!"
+    set +H
+
+    users=( elastic kibana logstash_system )
+    for user in "${users[@]}"; do
+        grep "Changed password for user $user" /tmp/setup-passwords-output || {
+            echo "Expected x-pack setup-passwords tool to change password for user [$user]:"
+            cat /tmp/setup-passwords-output
+            false
+        }
+
+        password=$(grep "PASSWORD $user = " /tmp/setup-passwords-output | sed "s/PASSWORD $user = //")
+        curl -u "$user:$password" -XGET localhost:9200 | grep "You Know, for Search"
+
+        basic=$(echo -n "$user:$password" | base64)
+        curl -H "Authorization: Basic $basic" -XGET localhost:9200 | grep "You Know, for Search"
+    done
+    set -H
+
+    stop_elasticsearch_service
+}
+
--- a/qa/vagrant/src/test/resources/packaging/utils/xpack.bash
+++ b/qa/vagrant/src/test/resources/packaging/utils/xpack.bash
@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License;
+# you may not use this file except in compliance with the Elastic License.
+
+verify_xpack_installation() {
+    local user="$ESPLUGIN_COMMAND_USER"
+    local group="$ESPLUGIN_COMMAND_USER"
+
+    assert_file "$ESHOME/bin/x-pack" d $user $group 755
+    assert_file "$ESHOME/bin/x-pack/certgen" f $user $group 755
+    assert_file "$ESHOME/bin/x-pack/croneval" f $user $group 755
+    assert_file "$ESHOME/bin/x-pack/extension" f $user $group 755
+    assert_file "$ESHOME/bin/x-pack/migrate" f $user $group 755
+    assert_file "$ESHOME/bin/x-pack/setup-passwords" f $user $group 755
+    assert_file "$ESHOME/bin/x-pack/syskeygen" f $user $group 755
+    assert_file "$ESHOME/bin/x-pack/users" f $user $group 755
+    assert_file "$ESHOME/bin/x-pack/x-pack-env" f $user $group 755
+    assert_number_of_files "$ESHOME/bin/x-pack/" 16
+
+    assert_file "$ESCONFIG/x-pack" d $user elasticsearch 750
+    assert_file "$ESCONFIG/x-pack/users" f $user elasticsearch 660
+    assert_file "$ESCONFIG/x-pack/users_roles" f $user elasticsearch 660
+    assert_file "$ESCONFIG/x-pack/roles.yml" f $user elasticsearch 660
+    assert_file "$ESCONFIG/x-pack/role_mapping.yml" f $user elasticsearch 660
+    assert_file "$ESCONFIG/x-pack/log4j2.properties" f $user elasticsearch 660
+    assert_number_of_files "$ESCONFIG/x-pack" 5
+
+    assert_file "$ESCONFIG/elasticsearch.keystore" f $user elasticsearch 660
+}
+
+assert_number_of_files() {
+    local directory=$1
+    local expected=$2
+
+    local count=$(ls "$directory" | wc -l)
+    [ "$count" -eq "$expected" ] || {
+        echo "Expected $expected files in $directory but found: $count"
+        false
+    }
+}
+
+wait_for_xpack() {
+    for i in {1..30}; do
+        echo "GET / HTTP/1.0" > /dev/tcp/localhost/9200 && break || sleep 1;
+    done
+}