Monitoring: Add smoke test for Monitoring with Security
Original commit: elastic/x-pack-elasticsearch@9dc800ebcc
This commit is contained in:
parent
1d72eb2b61
commit
c9392183d2
|
@ -0,0 +1,40 @@
|
||||||
|
apply plugin: 'elasticsearch.rest-test'
|
||||||
|
|
||||||
|
dependencies {
|
||||||
|
testCompile project(path: ':x-plugins:elasticsearch:x-pack', configuration: 'runtime')
|
||||||
|
}
|
||||||
|
|
||||||
|
// bring in monitoring rest test suite
|
||||||
|
task copyMonitoringRestTests(type: Copy) {
|
||||||
|
into project.sourceSets.test.output.resourcesDir
|
||||||
|
from project(':x-plugins:elasticsearch:x-pack').sourceSets.test.resources.srcDirs
|
||||||
|
include 'rest-api-spec/test/monitoring/**'
|
||||||
|
}
|
||||||
|
|
||||||
|
integTest {
|
||||||
|
dependsOn copyMonitoringRestTests
|
||||||
|
|
||||||
|
cluster {
|
||||||
|
plugin 'x-pack', project(':x-plugins:elasticsearch:x-pack')
|
||||||
|
setting 'xpack.monitoring.agent.interval', '3s'
|
||||||
|
extraConfigFile 'x-pack/roles.yml', 'roles.yml'
|
||||||
|
setupCommand 'setupTestAdminUser',
|
||||||
|
'bin/x-pack/users', 'useradd', 'test_admin', '-p', 'changeme', '-r', 'admin'
|
||||||
|
setupCommand 'setupMonitoredSystemUser',
|
||||||
|
'bin/x-pack/users', 'useradd', 'monitored_system', '-p', 'changeme', '-r', 'monitored_system,required_for_test'
|
||||||
|
setupCommand 'setupPowerlessUser',
|
||||||
|
'bin/x-pack/users', 'useradd', 'no_monitored_system', '-p', 'changeme', '-r', 'required_for_test'
|
||||||
|
|
||||||
|
waitCondition = { node, ant ->
|
||||||
|
File tmpFile = new File(node.cwd, 'wait.success')
|
||||||
|
ant.get(src: "http://${node.httpUri()}",
|
||||||
|
dest: tmpFile.toString(),
|
||||||
|
username: 'test_admin',
|
||||||
|
password: 'changeme',
|
||||||
|
ignoreerrors: true,
|
||||||
|
retries: 10)
|
||||||
|
return tmpFile.exists()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
admin:
|
||||||
|
cluster:
|
||||||
|
- all
|
||||||
|
indices:
|
||||||
|
- names: '*'
|
||||||
|
privileges:
|
||||||
|
- all
|
||||||
|
|
||||||
|
monitored_system:
|
||||||
|
cluster: [ 'cluster:admin/xpack/monitoring/bulk' ]
|
||||||
|
|
||||||
|
required_for_test:
|
||||||
|
cluster: [ 'monitor' ]
|
||||||
|
indices:
|
||||||
|
- names: '.monitoring-*'
|
||||||
|
privileges:
|
||||||
|
- write
|
||||||
|
- read
|
||||||
|
- manage
|
|
@ -0,0 +1,55 @@
|
||||||
|
/*
|
||||||
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||||
|
* or more contributor license agreements. Licensed under the Elastic License;
|
||||||
|
* you may not use this file except in compliance with the Elastic License.
|
||||||
|
*/
|
||||||
|
package org.elasticsearch.smoketest;
|
||||||
|
|
||||||
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
|
import org.elasticsearch.common.settings.Settings;
|
||||||
|
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
|
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||||
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
|
|
||||||
|
public class MonitoringWithShieldIT extends ESRestTestCase {
|
||||||
|
|
||||||
|
private final static String TEST_ADMIN_USERNAME = "test_admin";
|
||||||
|
private final static String TEST_ADMIN_PASSWORD = "changeme";
|
||||||
|
|
||||||
|
public MonitoringWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||||
|
super(testCandidate);
|
||||||
|
}
|
||||||
|
|
||||||
|
@ParametersFactory
|
||||||
|
public static Iterable<Object[]> parameters() throws IOException, RestTestParseException {
|
||||||
|
return ESRestTestCase.createParameters(0, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected String[] getCredentials() {
|
||||||
|
return new String[]{"monitored_system", "changeme"};
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected Settings restClientSettings() {
|
||||||
|
String[] creds = getCredentials();
|
||||||
|
String token = basicAuthHeaderValue(creds[0], new SecuredString(creds[1].toCharArray()));
|
||||||
|
return Settings.builder()
|
||||||
|
.put(ThreadContext.PREFIX + ".Authorization", token)
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected Settings restAdminSettings() {
|
||||||
|
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
||||||
|
return Settings.builder()
|
||||||
|
.put(ThreadContext.PREFIX + ".Authorization", token)
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,36 @@
|
||||||
|
/*
|
||||||
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||||
|
* or more contributor license agreements. Licensed under the Elastic License;
|
||||||
|
* you may not use this file except in compliance with the Elastic License.
|
||||||
|
*/
|
||||||
|
package org.elasticsearch.smoketest;
|
||||||
|
|
||||||
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import static org.hamcrest.Matchers.containsString;
|
||||||
|
|
||||||
|
public class MonitoringWithShieldInsufficientRoleIT extends MonitoringWithShieldIT {
|
||||||
|
|
||||||
|
public MonitoringWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||||
|
super(testCandidate);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void test() throws IOException {
|
||||||
|
try {
|
||||||
|
super.test();
|
||||||
|
fail("should have failed because of missing role");
|
||||||
|
} catch(AssertionError ae) {
|
||||||
|
assertThat(ae.getMessage(), containsString("action [cluster:admin/xpack/monitoring/bulk]"));
|
||||||
|
assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
|
||||||
|
assertThat(ae.getMessage(), containsString("is unauthorized for user [no_monitored_system]"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected String[] getCredentials() {
|
||||||
|
return new String[]{"no_monitored_system", "changeme"};
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue