test: add tests that exercise the security index during rolling upgrades

This commit adds basic tests that store a user and a role using the native API. The test checks that the user and role can be used prior to starting the upgrade. The realm and roles caches are also cleared to ensure the next authentication will require a read from the security index; this ensures we are actually testing reads from the index. Original commit: elastic/x-pack-elasticsearch@396862da94
2016-12-01 11:15:15 -05:00 · 2016-12-01 11:15:15 -05:00 · e8836f99b0
parent 139073e8f7
commit e8836f99b0
4 changed files with 126 additions and 0 deletions
--- a/qa/rolling-upgrade/build.gradle
+++ b/qa/rolling-upgrade/build.gradle
@ -99,6 +99,19 @@ test.enabled = false // no unit tests for rolling upgrades, only the rest integr

 check.dependsOn(integTest)

+dependencies {
+    testCompile project(path: ':x-plugins:elasticsearch', configuration: 'runtime')
+}
+
+// copy x-pack plugin info so it is on the classpath and security manager has the right permissions
+String outputDir = "generated-resources/${project.name}"
+task copyXPackPluginProps(type: Copy) {
+    from project(':x-plugins:elasticsearch').file('src/main/plugin-metadata')
+    from project(':x-plugins:elasticsearch').tasks.pluginProperties
+    into outputDir
+}
+project.sourceSets.test.output.dir(outputDir, builtBy: copyXPackPluginProps)
+
 repositories {
    maven {
        url "https://oss.sonatype.org/content/repositories/snapshots/"
--- a/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yaml
+++ b/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yaml
@ -0,0 +1,31 @@
+---
+"Verify user and role in mixed cluster":
+  - do:
+      headers:
+        Authorization: "Basic bmF0aXZlX3VzZXI6Y2hhbmdlbWU="
+      cluster.health:
+        wait_for_status: yellow
+        wait_for_nodes: 2
+        timeout: 25s
+  - match: { timed_out: false }
+
+  - do:
+      xpack.security.get_user:
+        username: "native_user"
+  - match: { native_user.username:  "native_user" }
+  - match: { native_user.roles.0:  "native_role" }
+
+  - do:
+      xpack.security.get_role:
+        name: "native_role"
+  - match: { native_role.cluster.0:  "all" }
+  - match: { native_role.indices.0.names.0: "test_index" }
+  - match: { native_role.indices.0.privileges.0:  "all" }
+
+  - do:
+      xpack.security.clear_cached_roles:
+        name: "native_role"
+
+  - do:
+      xpack.security.clear_cached_realms:
+        realms: "_all"
--- a/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yaml
+++ b/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yaml
@ -0,0 +1,59 @@
+---
+"Create user and role":
+  - do:
+     cluster.health:
+        wait_for_status: green
+        wait_for_nodes: 2
+        timeout: 25s
+
+  - do:
+     xpack.security.put_user:
+       username: "native_user"
+       body:  >
+           {
+             "password" : "changeme",
+             "roles" : [ "native_role" ]
+           }
+  - match: { user: { created: true } }
+
+  - do:
+      xpack.security.put_role:
+        name: "native_role"
+        body:  >
+            {
+              "cluster": ["all"],
+              "indices": [
+                {
+                  "names": "test_index",
+                  "privileges": ["all"]
+                }
+              ]
+            }
+  - match: { role: { created: true } }
+
+  # validate that the user and role work in the cluster by executing a health request and getting a valid response back
+  - do:
+      headers:
+        Authorization: "Basic bmF0aXZlX3VzZXI6Y2hhbmdlbWU="
+      cluster.health: {}
+  - match: { timed_out: false }
+
+  - do:
+      xpack.security.clear_cached_roles:
+        name: "native_role"
+
+  - do:
+      xpack.security.clear_cached_realms:
+        realms: "_all"
+
+  - do:
+      cluster.health:
+        index: ".monitoring-*" # include monitoring-data-* and monitoring-es-*
+        wait_for_active_shards: 4 # 1 primary and 1 replica each for the two monitoring indices
+        timeout: 25s
+
+  - do:
+      cluster.health:
+        index: ".security"
+        wait_for_active_shards: 2 # 1 primary and 1 replica since we have two nodes
+        timeout: 25s
--- a/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yaml
+++ b/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yaml
@ -0,0 +1,23 @@
+---
+"Verify user and role in upgraded cluster":
+  - do:
+      headers:
+        Authorization: "Basic bmF0aXZlX3VzZXI6Y2hhbmdlbWU="
+      cluster.health:
+        wait_for_status: green
+        wait_for_nodes: 2
+        timeout: 25s
+  - match: { timed_out: false }
+
+  - do:
+      xpack.security.get_user:
+        username: "native_user"
+  - match: { native_user.username:  "native_user" }
+  - match: { native_user.roles.0:  "native_role" }
+
+  - do:
+      xpack.security.get_role:
+        name: "native_role"
+  - match: { native_role.cluster.0:  "all" }
+  - match: { native_role.indices.0.names.0: "test_index" }
+  - match: { native_role.indices.0.privileges.0:  "all" }