def test_crud_over_tls(elastic_service: Dict[str, Any]) -> None:
service_name = elastic_service["service"]["name"]
http_password = elastic_service["passwords"]["elastic"]
index_name = config.DEFAULT_INDEX_NAME
index_type = config.DEFAULT_INDEX_TYPE
index = config.DEFAULT_SETTINGS_MAPPINGS
document_fields = {"name": "Loren", "role": "developer"}
document_id = 1
config.create_index(index_name,
index,
service_name=service_name,
https=True,
http_password=http_password)
config.create_document(
index_name,
index_type,
document_id,
document_fields,
service_name=service_name,
https=True,
http_password=http_password,
)
document = config.get_document(index_name,
index_type,
document_id,
https=True,
http_password=http_password)
assert get_in(["_source", "name"], document) == document_fields["name"]
def fun():
indices_stats = config.get_elasticsearch_indices_stats(config.DEFAULT_INDEX_NAME)
observed_count = indices_stats["_all"]["primaries"]["docs"]["count"]
assert observed_count == 1, "Indices has incorrect count: should be 1, got {}".format(observed_count)
doc = config.get_document(config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 1)
observed_name = doc["_source"]["name"]
return observed_name == "Loren"
def fun():
indices_stats = config.get_elasticsearch_indices_stats(config.DEFAULT_INDEX_NAME)
observed_count = indices_stats["_all"]["primaries"]["docs"]["count"]
assert observed_count == 1, "Indices has incorrect count: should be 1, got {}".format(observed_count)
doc = config.get_document(config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 1)
observed_name = doc["_source"]["name"]
return observed_name == "Loren"
def test_crud_over_tls(elastic_service):
config.create_index(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_SETTINGS_MAPPINGS,
service_name=config.SERVICE_NAME,
https=True,
)
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
1,
{
"name": "Loren",
"role": "developer"
},
service_name=config.SERVICE_NAME,
https=True,
)
document = config.get_document(config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
1,
https=True)
assert document
assert document["_source"]["name"] == "Loren"
def test_indexing(default_populated_index):
indices_stats = config.get_elasticsearch_indices_stats(
config.DEFAULT_INDEX_NAME, service_name=FOLDERED_SERVICE_NAME)
assert indices_stats["_all"]["primaries"]["docs"]["count"] == 1
doc = config.get_document(
config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 1, service_name=FOLDERED_SERVICE_NAME)
assert doc["_source"]["name"] == "Loren"
def test_indexing(default_populated_index: None) -> None:
indices_stats = config.get_elasticsearch_indices_stats(index_name, service_name=service_name)
assert indices_stats["_all"]["primaries"]["docs"]["count"] == 1
doc = config.get_document(index_name, index_type, 1, service_name=service_name)
assert doc["_source"]["name"] == "Loren"
sdk_plan.wait_for_completed_deployment(service_name)
sdk_plan.wait_for_completed_recovery(service_name)
def test_indexing(default_populated_index):
indices_stats = config.get_elasticsearch_indices_stats(config.DEFAULT_INDEX_NAME, service_name=foldered_name)
assert indices_stats["_all"]["primaries"]["docs"]["count"] == 1
doc = config.get_document(config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 1, service_name=foldered_name)
assert doc["_source"]["name"] == "Loren"
sdk_plan.wait_for_completed_deployment(foldered_name)
sdk_plan.wait_for_completed_recovery(foldered_name)
def test_indexing(default_populated_index):
indices_stats = config.get_elasticsearch_indices_stats(
config.DEFAULT_INDEX_NAME, service_name=FOLDERED_SERVICE_NAME)
assert indices_stats["_all"]["primaries"]["docs"]["count"] == 1
doc = config.get_document(config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
1,
service_name=FOLDERED_SERVICE_NAME)
assert doc["_source"]["name"] == "Loren"
def test_indexing(default_populated_index: None) -> bool:
indices_stats = config.get_elasticsearch_indices_stats(config.DEFAULT_INDEX_NAME)
observed_count = indices_stats["_all"]["primaries"]["docs"]["count"]
assert observed_count == 1, "Indices has incorrect count: should be 1, got {}".format(
observed_count
)
doc = config.get_document(config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 1)
observed_name = doc["_source"]["name"]
return bool(observed_name == "Loren")
def test_indexing(default_populated_index: None) -> bool:
indices_stats = config.get_elasticsearch_indices_stats(config.DEFAULT_INDEX_NAME)
observed_count = indices_stats["_all"]["primaries"]["docs"]["count"]
assert observed_count == 1, "Indices has incorrect count: should be 1, got {}".format(
observed_count
)
doc = config.get_document(config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 1)
observed_name = doc["_source"]["name"]
return bool(observed_name == "Loren")
def test_xpack_toggle_with_kibana(default_populated_index):
log.info("\n***** Verify X-Pack disabled by default in elasticsearch")
config.verify_commercial_api_status(
False, service_name=FOLDERED_SERVICE_NAME)
log.info("\n***** Test kibana with X-Pack disabled...")
shakedown.install_package(config.KIBANA_PACKAGE_NAME, options_json={
"kibana": {
"elasticsearch_url": "http://" + sdk_hosts.vip_host(FOLDERED_SERVICE_NAME, "coordinator", 9200)
}})
shakedown.deployment_wait(
app_id="/{}".format(config.KIBANA_PACKAGE_NAME), timeout=config.DEFAULT_KIBANA_TIMEOUT)
config.check_kibana_adminrouter_integration(
"service/{}/".format(config.KIBANA_PACKAGE_NAME))
log.info("Uninstall kibana with X-Pack disabled")
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
log.info("\n***** Set/verify X-Pack enabled in elasticsearch")
config.enable_xpack(service_name=FOLDERED_SERVICE_NAME)
config.verify_commercial_api_status(
True, service_name=FOLDERED_SERVICE_NAME)
config.verify_xpack_license(service_name=FOLDERED_SERVICE_NAME)
log.info("\n***** Write some data while enabled, disable X-Pack, and verify we can still read what we wrote.")
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
2,
{"name": "X-Pack", "role": "commercial plugin"},
service_name=FOLDERED_SERVICE_NAME)
log.info("\n***** Test kibana with X-Pack enabled...")
shakedown.install_package(config.KIBANA_PACKAGE_NAME, options_json={
"kibana": {
"elasticsearch_url": "http://" + sdk_hosts.vip_host(FOLDERED_SERVICE_NAME, "coordinator", 9200),
"xpack_enabled": True
}})
log.info("\n***** Installing Kibana w/X-Pack can take as much as 15 minutes for Marathon deployment ")
log.info(
"to complete due to a configured HTTP health check. (typical: 12 minutes)")
shakedown.deployment_wait(
app_id="/{}".format(config.KIBANA_PACKAGE_NAME), timeout=config.DEFAULT_KIBANA_TIMEOUT)
config.check_kibana_adminrouter_integration(
"service/{}/login".format(config.KIBANA_PACKAGE_NAME))
log.info("\n***** Uninstall kibana with X-Pack enabled")
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
log.info("\n***** Disable X-Pack in elasticsearch.")
config.disable_xpack(service_name=FOLDERED_SERVICE_NAME)
log.info("\n***** Verify we can still read what we wrote when X-Pack was enabled.")
config.verify_commercial_api_status(
False, service_name=FOLDERED_SERVICE_NAME)
doc = config.get_document(
config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 2, service_name=FOLDERED_SERVICE_NAME)
assert doc["_source"]["name"] == "X-Pack"
def test_indexing(default_populated_index: None) -> None:
indices_stats = config.get_elasticsearch_indices_stats(
index_name, service_name=service_name)
assert indices_stats["_all"]["primaries"]["docs"]["count"] == 1
doc = config.get_document(index_name,
index_type,
1,
service_name=service_name)
assert doc["_source"]["name"] == "Loren"
sdk_plan.wait_for_completed_deployment(service_name)
sdk_plan.wait_for_completed_recovery(service_name)
def test_xpack_toggle_with_kibana(default_populated_index):
foldered_name = sdk_utils.get_foldered_name(config.SERVICE_NAME)
log.info("\n***** Verify X-Pack disabled by default in elasticsearch")
config.verify_commercial_api_status(False, service_name=foldered_name)
log.info("\n***** Test kibana with X-Pack disabled...")
shakedown.install_package(config.KIBANA_PACKAGE_NAME, options_json={
"kibana": {"elasticsearch_url": "http://" + sdk_hosts.vip_host(foldered_name, "coordinator", 9200)}})
shakedown.deployment_wait(
app_id="/{}".format(config.KIBANA_PACKAGE_NAME), timeout=config.DEFAULT_KIBANA_TIMEOUT)
config.check_kibana_adminrouter_integration(
"service/{}/".format(config.KIBANA_PACKAGE_NAME))
log.info("Uninstall kibana with X-Pack disabled")
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
log.info("\n***** Set/verify X-Pack enabled in elasticsearch. Requires parallel upgrade strategy for full restart.")
config.enable_xpack(service_name=foldered_name)
config.verify_commercial_api_status(True, service_name=foldered_name)
config.verify_xpack_license(service_name=foldered_name)
log.info("\n***** Write some data while enabled, disable X-Pack, and verify we can still read what we wrote.")
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
2,
{"name": "X-Pack", "role": "commercial plugin"},
service_name=foldered_name)
log.info("\n***** Test kibana with X-Pack enabled...")
shakedown.install_package(config.KIBANA_PACKAGE_NAME, options_json={
"kibana": {
"elasticsearch_url": "http://" + sdk_hosts.vip_host(foldered_name, "coordinator", 9200),
"xpack_enabled": True
}})
log.info("\n***** Installing Kibana w/X-Pack can take as much as 15 minutes for Marathon deployment ")
log.info("to complete due to a configured HTTP health check. (typical: 12 minutes)")
shakedown.deployment_wait(app_id="/{}".format(config.KIBANA_PACKAGE_NAME), timeout=config.DEFAULT_KIBANA_TIMEOUT)
config.check_kibana_adminrouter_integration("service/{}/login".format(config.KIBANA_PACKAGE_NAME))
log.info("\n***** Uninstall kibana with X-Pack enabled")
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
log.info("\n***** Disable X-Pack in elasticsearch.")
config.disable_xpack(service_name=foldered_name)
log.info("\n***** Verify we can still read what we wrote when X-Pack was enabled.")
config.verify_commercial_api_status(False, service_name=foldered_name)
doc = config.get_document(config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 2, service_name=foldered_name)
assert doc["_source"]["name"] == "X-Pack"
# reset upgrade strategy to serial
config.update_app(foldered_name, {'UPDATE_STRATEGY': 'serial'}, current_expected_task_count)
def test_crud_over_tls(elastic_service_tls):
config.create_index(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_SETTINGS_MAPPINGS,
service_name=config.SERVICE_NAME,
https=True)
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
1,
{"name": "Loren", "role": "developer"},
service_name=config.SERVICE_NAME,
https=True)
document = config.get_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
1,
https=True)
assert document
assert document['_source']['name'] == 'Loren'
def test_security_toggle_with_kibana(default_populated_index: None) -> None:
http_user = config.DEFAULT_ELASTICSEARCH_USER
# Verify that commercial APIs are disabled by default in Elasticsearch.
config.verify_commercial_api_status(False, service_name=service_name)
# Write some data with security disabled, enabled security, and afterwards verify that we can
# still read what we wrote.
document_security_disabled_id = 1
document_security_disabled_fields = {"name": "Elasticsearch", "role": "search engine"}
config.create_document(
index_name,
index_type,
document_security_disabled_id,
document_security_disabled_fields,
service_name=service_name,
)
# Verify that basic license is enabled by default.
config.verify_xpack_license("basic", service_name=service_name)
# Install Kibana.
elasticsearch_url = "http://" + sdk_hosts.vip_host(service_name, "coordinator", 9200)
sdk_install.install(
kibana_package_name,
kibana_service_name,
0,
{"kibana": {"elasticsearch_url": elasticsearch_url}},
timeout_seconds=kibana_timeout,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works.
config.check_kibana_adminrouter_integration("service/{}/app/kibana".format(kibana_package_name))
# Uninstall it.
sdk_install.uninstall(kibana_package_name, kibana_package_name)
# Enable Elasticsearch security.
sdk_service.update_configuration(
package_name,
service_name,
{
"elasticsearch": {"xpack_security_enabled": True},
"service": {"update_strategy": "parallel"},
},
current_expected_task_count,
)
# This should still be disabled.
config.verify_commercial_api_status(False, service_name=service_name)
# Start trial license.
config.start_trial_license(service_name=service_name)
# Set up passwords. Basic HTTP credentials will have to be used in HTTP requests to
# Elasticsearch from now on.
passwords = config.setup_passwords(service_name)
# Verify trial license is working.
config.verify_xpack_license(
"trial", service_name=service_name, http_user=http_user, http_password=passwords["elastic"]
)
config.verify_commercial_api_status(
True, service_name=service_name, http_user=http_user, http_password=passwords["elastic"]
)
# Write some data with security enabled, disable security, and afterwards verify that we can
# still read what we wrote.
document_security_enabled_id = 2
document_security_enabled_fields = {"name": "X-Pack", "role": "commercial plugin"}
config.create_document(
index_name,
index_type,
document_security_enabled_id,
document_security_enabled_fields,
service_name=service_name,
http_user=http_user,
http_password=passwords["elastic"],
)
# Install Kibana with security enabled.
sdk_install.install(
kibana_package_name,
kibana_package_name,
0,
{
"kibana": {
"elasticsearch_url": elasticsearch_url,
"elasticsearch_xpack_security_enabled": True,
"user": config.DEFAULT_KIBANA_USER,
"password": passwords["kibana"],
}
},
timeout_seconds=kibana_timeout,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works. Notice that with security enabled, one has to access
# /service/kibana/login instead of /service/kibana.
config.check_kibana_adminrouter_integration("service/{}/login".format(kibana_package_name))
# Uninstall it.
sdk_install.uninstall(kibana_package_name, kibana_package_name)
# Disable Elastic security.
sdk_service.update_configuration(
package_name,
service_name,
{
"elasticsearch": {"xpack_security_enabled": False},
"service": {"update_strategy": "parallel"},
},
current_expected_task_count,
)
# Verify we can read what was written before toggling security, without basic HTTP credentials.
document_security_disabled = config.get_document(
index_name, index_type, document_security_disabled_id, service_name=service_name
)
assert (
document_security_disabled["_source"]["name"] == document_security_disabled_fields["name"]
)
# Verify we can read what was written when security was enabled, without basic HTTP credentials.
document_security_enabled = config.get_document(
index_name, index_type, document_security_enabled_id, service_name=service_name
)
assert document_security_enabled["_source"]["name"] == document_security_enabled_fields["name"]
# Set update_strategy back to serial.
sdk_service.update_configuration(
package_name,
service_name,
{"service": {"update_strategy": "serial"}},
current_expected_task_count,
)
def test_security_toggle_with_kibana(default_populated_index):
# Verify that commercial APIs are disabled by default in Elasticsearch.
config.verify_commercial_api_status(False, service_name=foldered_name)
# Write some data with security disabled, enabled security, and afterwards verify that we can
# still read what we wrote.
document_security_disabled_id = 1
document_security_disabled_fields = {"name": "Elasticsearch", "role": "search engine"}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_disabled_id,
document_security_disabled_fields,
service_name=foldered_name,
)
# Verify that basic license is enabled by default.
config.verify_xpack_license("basic", service_name=foldered_name)
# Install Kibana.
elasticsearch_url = "http://" + sdk_hosts.vip_host(foldered_name, "coordinator", 9200)
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{"kibana": {"elasticsearch_url": elasticsearch_url}},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works.
config.check_kibana_adminrouter_integration("service/{}/".format(config.KIBANA_PACKAGE_NAME))
# Uninstall it.
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
# Enable Elasticsearch security.
sdk_service.update_configuration(
config.PACKAGE_NAME,
foldered_name,
{
"elasticsearch": {"xpack_security_enabled": True},
"service": {"update_strategy": "parallel"},
},
current_expected_task_count,
)
# This should still be disabled.
config.verify_commercial_api_status(False, service_name=foldered_name)
# Start trial license.
config.start_trial_license(service_name=foldered_name)
# Set up passwords. Basic HTTP credentials will have to be used in HTTP requests to
# Elasticsearch from now on.
passwords = config.setup_passwords(foldered_name)
# Verify trial license is working.
config.verify_xpack_license(
"trial",
service_name=foldered_name,
http_user=config.DEFAULT_ELASTICSEARCH_USER,
http_password=passwords["elastic"],
)
config.verify_commercial_api_status(
True,
service_name=foldered_name,
http_user=config.DEFAULT_ELASTICSEARCH_USER,
http_password=passwords["elastic"],
)
# Write some data with security enabled, disable security, and afterwards verify that we can
# still read what we wrote.
document_security_enabled_id = 2
document_security_enabled_fields = {"name": "X-Pack", "role": "commercial plugin"}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_enabled_id,
document_security_enabled_fields,
service_name=foldered_name,
http_user=config.DEFAULT_ELASTICSEARCH_USER,
http_password=passwords["elastic"],
)
# Install Kibana with security enabled.
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{
"kibana": {
"elasticsearch_url": elasticsearch_url,
"elasticsearch_xpack_security_enabled": True,
"user": config.DEFAULT_KIBANA_USER,
"password": passwords["kibana"],
}
},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works. Notice that with security enabled, one has to access
# /service/kibana/login instead of /service/kibana.
config.check_kibana_adminrouter_integration(
"service/{}/login".format(config.KIBANA_PACKAGE_NAME)
)
# Uninstall it.
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
# Disable Elastic security.
sdk_service.update_configuration(
config.PACKAGE_NAME,
foldered_name,
{
"elasticsearch": {"xpack_security_enabled": False},
"service": {"update_strategy": "parallel"},
},
current_expected_task_count,
)
# Verify we can read what was written before toggling security, without basic HTTP credentials.
document_security_disabled = config.get_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_disabled_id,
service_name=foldered_name,
)
assert (
document_security_disabled["_source"]["name"] == document_security_disabled_fields["name"]
)
# Verify we can read what was written when security was enabled, without basic HTTP credentials.
document_security_enabled = config.get_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_enabled_id,
service_name=foldered_name,
)
assert document_security_enabled["_source"]["name"] == document_security_enabled_fields["name"]
# Set update_strategy back to serial.
sdk_service.update_configuration(
config.PACKAGE_NAME,
foldered_name,
{"service": {"update_strategy": "serial"}},
current_expected_task_count,
)
def test_xpack_toggle_with_kibana(default_populated_index):
log.info("\n***** Verify X-Pack disabled by default in elasticsearch")
config.verify_commercial_api_status(False, service_name=foldered_name)
log.info("\n***** Test kibana with X-Pack disabled...")
elasticsearch_url = "http://" + sdk_hosts.vip_host(foldered_name, "coordinator", 9200)
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{ "kibana": {
"elasticsearch_url": elasticsearch_url
}},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False)
config.check_kibana_adminrouter_integration(
"service/{}/".format(config.KIBANA_PACKAGE_NAME))
log.info("Uninstall kibana with X-Pack disabled")
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
log.info("\n***** Set/verify X-Pack enabled in elasticsearch. Requires parallel upgrade strategy for full restart.")
config.set_xpack(True, service_name=foldered_name)
config.check_elasticsearch_plugin_installed(config.XPACK_PLUGIN_NAME, service_name=foldered_name)
config.verify_commercial_api_status(True, service_name=foldered_name)
config.verify_xpack_license(service_name=foldered_name)
log.info("\n***** Write some data while enabled, disable X-Pack, and verify we can still read what we wrote.")
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
2,
{"name": "X-Pack", "role": "commercial plugin"},
service_name=foldered_name)
log.info("\n***** Test kibana with X-Pack enabled...")
log.info("\n***** Installing Kibana w/X-Pack can exceed default 15 minutes for Marathon "
"deployment to complete due to a configured HTTP health check. (typical: 12 minutes)")
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{ "kibana": {
"elasticsearch_url": elasticsearch_url,
"xpack_enabled": True
}},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False)
config.check_kibana_plugin_installed(config.XPACK_PLUGIN_NAME, service_name=config.KIBANA_PACKAGE_NAME)
config.check_kibana_adminrouter_integration("service/{}/login".format(config.KIBANA_PACKAGE_NAME))
log.info("\n***** Uninstall kibana with X-Pack enabled")
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
log.info("\n***** Disable X-Pack in elasticsearch.")
config.set_xpack(False, service_name=foldered_name)
log.info("\n***** Verify we can still read what we wrote when X-Pack was enabled.")
config.verify_commercial_api_status(False, service_name=foldered_name)
doc = config.get_document(config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 2, service_name=foldered_name)
assert doc["_source"]["name"] == "X-Pack"
# reset upgrade strategy to serial
config.update_app(foldered_name, {'UPDATE_STRATEGY': 'serial'}, current_expected_task_count)
sdk_plan.wait_for_completed_deployment(foldered_name)
sdk_plan.wait_for_completed_recovery(foldered_name)
def test_security_toggle_with_kibana() -> None:
try:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_SERVICE_NAME)
service_account_info = transport_encryption.setup_service_account(config.SERVICE_NAME)
sdk_install.install(
config.PACKAGE_NAME,
service_name=config.SERVICE_NAME,
expected_running_tasks=config.DEFAULT_TASK_COUNT,
additional_options={
"service": {
"name": config.SERVICE_NAME,
"service_account": service_account_info["name"],
"service_account_secret": service_account_info["secret"],
}
},
timeout_seconds=30 * 60,
wait_for_deployment=True,
)
# Write some data with security disabled, enabled security, and afterwards verify that we can
# still read what we wrote.
document_security_disabled_id = 1
document_security_disabled_fields = {"name": "Elasticsearch", "role": "search engine"}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_disabled_id,
document_security_disabled_fields,
service_name=config.SERVICE_NAME,
)
# Install Kibana.
coordinator_host = sdk_hosts.vip_host(config.SERVICE_NAME, "coordinator", 9200)
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_SERVICE_NAME,
0,
{"kibana": {"elasticsearch_url": "http://" + coordinator_host}},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works.
config.check_kibana_adminrouter_integration(
"service/{}/".format(config.KIBANA_PACKAGE_NAME)
)
config.check_kibana_adminrouter_integration(
"service/{}/app/kibana".format(config.KIBANA_PACKAGE_NAME)
)
# Uninstall it.
sdk_install.uninstall(config.KIBANA_SERVICE_NAME, config.KIBANA_PACKAGE_NAME)
# Enable Elasticsearch security.
sdk_service.update_configuration(
config.PACKAGE_NAME,
config.SERVICE_NAME,
{
"elasticsearch": {"xpack_security_enabled": True},
"service": {
"update_strategy": "parallel",
"security": {"transport_encryption": {"enabled": True}},
},
},
config.DEFAULT_TASK_COUNT,
wait_for_deployment=False,
)
# Set up passwords. Basic HTTP credentials will have to be used in HTTP requests to
# Elasticsearch from now on.
passwords = config.setup_passwords(config.SERVICE_NAME, https=True)
# Write some data with security enabled, disable security, and afterwards verify that we can
# still read what we wrote.
document_security_enabled_id = 2
document_security_enabled_fields = {"name": "X-Pack", "role": "commercial plugin"}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_enabled_id,
document_security_enabled_fields,
service_name=config.SERVICE_NAME,
https=True,
http_user=config.DEFAULT_ELASTICSEARCH_USER,
http_password=passwords["elastic"],
)
# Install Kibana with security enabled.
sdk_install.install(
config.KIBANA_SERVICE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{
"service": {"name": config.KIBANA_SERVICE_NAME},
"kibana": {
"elasticsearch_tls": True,
"elasticsearch_url": "https://" + coordinator_host,
"elasticsearch_xpack_security_enabled": True,
"user": config.DEFAULT_KIBANA_USER,
"password": passwords["kibana"],
},
},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works.
config.check_kibana_adminrouter_integration(
"service/{}/".format(config.KIBANA_PACKAGE_NAME)
)
config.check_kibana_adminrouter_integration(
"service/{}/login".format(config.KIBANA_PACKAGE_NAME)
)
# Uninstall it.
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_SERVICE_NAME)
# Disable Elastic security.
sdk_service.update_configuration(
config.PACKAGE_NAME,
config.SERVICE_NAME,
{
"elasticsearch": {"xpack_security_enabled": False},
"service": {
"update_strategy": "parallel",
"security": {"transport_encryption": {"enabled": False}},
},
},
config.DEFAULT_TASK_COUNT,
wait_for_deployment=True,
)
# Verify we can read what was written before toggling security, without basic HTTP credentials.
document_security_disabled = config.get_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_disabled_id,
service_name=config.SERVICE_NAME,
)
assert (
document_security_disabled["_source"]["name"]
== document_security_disabled_fields["name"]
)
# Verify we can read what was written when security was enabled, without basic HTTP credentials.
document_security_enabled = config.get_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_enabled_id,
service_name=config.SERVICE_NAME,
)
assert (
document_security_enabled["_source"]["name"] == document_security_enabled_fields["name"]
)
finally:
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_SERVICE_NAME)
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
transport_encryption.cleanup_service_account(config.SERVICE_NAME, service_account_info)