def service_account(configure_security):
"""
Sets up a service account for use with TLS.
"""
try:
service_account_info = transport_encryption.setup_service_account(foldered_name)
yield service_account_info
finally:
transport_encryption.cleanup_service_account(foldered_name, service_account_info)
def service_account(configure_security):
"""
Sets up a service account for use with TLS.
"""
try:
service_account_info = transport_encryption.setup_service_account(config.SERVICE_NAME)
yield service_account_info
finally:
transport_encryption.cleanup_service_account(config.SERVICE_NAME, service_account_info)
def service_account(configure_security):
"""
Sets up a service account for use with TLS.
"""
try:
service_account_info = transport_encryption.setup_service_account(config.SERVICE_NAME)
yield service_account_info
finally:
transport_encryption.cleanup_service_account(config.SERVICE_NAME, service_account_info)
def service_account(configure_security):
"""
Sets up a service account for use with TLS.
"""
try:
service_account_info = transport_encryption.setup_service_account(foldered_name)
yield service_account_info
finally:
transport_encryption.cleanup_service_account(foldered_name, service_account_info)
def _service_account_impl(
configure_security: None) -> Iterator[Dict[str, Any]]:
try:
name = config.SERVICE_NAME
service_account_info = transport_encryption.setup_service_account(name)
yield service_account_info
finally:
transport_encryption.cleanup_service_account(config.SERVICE_NAME,
service_account_info)
def service_account(configure_security: None) -> Iterator[Dict[str, Any]]:
"""
Sets up a service account for use with TLS.
"""
try:
name = config.SERVICE_NAME
service_account_info = transport_encryption.setup_service_account(name)
yield service_account_info
finally:
transport_encryption.cleanup_service_account(config.SERVICE_NAME, service_account_info)
def service_account(configure_security: None) -> Iterator[Dict[str, Any]]:
"""
Sets up a service account for use with TLS.
"""
try:
name = config.SERVICE_NAME
service_account_info = transport_encryption.setup_service_account(name)
yield service_account_info
finally:
transport_encryption.cleanup_service_account(config.SERVICE_NAME,
service_account_info)
def test_admin_router_with_folder_name() -> None:
elastic_service_name = "test/integration/elastic"
kibana_service_name = "test/integration/kibana"
try:
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, kibana_service_name)
sdk_install.uninstall(config.PACKAGE_NAME, elastic_service_name)
service_account_info = transport_encryption.setup_service_account(elastic_service_name)
sdk_install.install(
config.PACKAGE_NAME,
service_name=elastic_service_name,
expected_running_tasks=config.DEFAULT_TASK_COUNT,
additional_options={
"service": {
"name": elastic_service_name,
"service_account": service_account_info["name"],
"service_account_secret": service_account_info["secret"],
}
},
timeout_seconds=30 * 60,
wait_for_deployment=True,
)
elasticsearch_url = "http://" + sdk_hosts.vip_host(
elastic_service_name, "coordinator", 9200
)
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
kibana_service_name,
0,
{"kibana": {"elasticsearch_url": elasticsearch_url}},
wait_for_deployment=False,
insert_strict_options=False,
)
encoded_kibana_service_name = urllib.parse.quote(kibana_service_name)
config.check_kibana_adminrouter_integration(
"service/{}/".format(encoded_kibana_service_name)
)
config.check_kibana_adminrouter_integration(
"service/{}/app/kibana".format(encoded_kibana_service_name)
)
finally:
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, kibana_service_name)
sdk_install.uninstall(config.PACKAGE_NAME, elastic_service_name)
transport_encryption.cleanup_service_account(elastic_service_name, service_account_info)
def test_security_toggle_with_kibana() -> None:
try:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_SERVICE_NAME)
service_account_info = transport_encryption.setup_service_account(config.SERVICE_NAME)
sdk_install.install(
config.PACKAGE_NAME,
service_name=config.SERVICE_NAME,
expected_running_tasks=config.DEFAULT_TASK_COUNT,
additional_options={
"service": {
"name": config.SERVICE_NAME,
"service_account": service_account_info["name"],
"service_account_secret": service_account_info["secret"],
}
},
timeout_seconds=30 * 60,
wait_for_deployment=True,
)
# Write some data with security disabled, enabled security, and afterwards verify that we can
# still read what we wrote.
document_security_disabled_id = 1
document_security_disabled_fields = {"name": "Elasticsearch", "role": "search engine"}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_disabled_id,
document_security_disabled_fields,
service_name=config.SERVICE_NAME,
)
# Install Kibana.
coordinator_host = sdk_hosts.vip_host(config.SERVICE_NAME, "coordinator", 9200)
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_SERVICE_NAME,
0,
{"kibana": {"elasticsearch_url": "http://" + coordinator_host}},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works.
config.check_kibana_adminrouter_integration(
"service/{}/".format(config.KIBANA_PACKAGE_NAME)
)
config.check_kibana_adminrouter_integration(
"service/{}/app/kibana".format(config.KIBANA_PACKAGE_NAME)
)
# Uninstall it.
sdk_install.uninstall(config.KIBANA_SERVICE_NAME, config.KIBANA_PACKAGE_NAME)
# Enable Elasticsearch security.
sdk_service.update_configuration(
config.PACKAGE_NAME,
config.SERVICE_NAME,
{
"elasticsearch": {"xpack_security_enabled": True},
"service": {
"update_strategy": "parallel",
"security": {"transport_encryption": {"enabled": True}},
},
},
config.DEFAULT_TASK_COUNT,
wait_for_deployment=False,
)
# Set up passwords. Basic HTTP credentials will have to be used in HTTP requests to
# Elasticsearch from now on.
passwords = config.setup_passwords(config.SERVICE_NAME, https=True)
# Write some data with security enabled, disable security, and afterwards verify that we can
# still read what we wrote.
document_security_enabled_id = 2
document_security_enabled_fields = {"name": "X-Pack", "role": "commercial plugin"}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_enabled_id,
document_security_enabled_fields,
service_name=config.SERVICE_NAME,
https=True,
http_user=config.DEFAULT_ELASTICSEARCH_USER,
http_password=passwords["elastic"],
)
# Install Kibana with security enabled.
sdk_install.install(
config.KIBANA_SERVICE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{
"service": {"name": config.KIBANA_SERVICE_NAME},
"kibana": {
"elasticsearch_tls": True,
"elasticsearch_url": "https://" + coordinator_host,
"elasticsearch_xpack_security_enabled": True,
"user": config.DEFAULT_KIBANA_USER,
"password": passwords["kibana"],
},
},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works.
config.check_kibana_adminrouter_integration(
"service/{}/".format(config.KIBANA_PACKAGE_NAME)
)
config.check_kibana_adminrouter_integration(
"service/{}/login".format(config.KIBANA_PACKAGE_NAME)
)
# Uninstall it.
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_SERVICE_NAME)
# Disable Elastic security.
sdk_service.update_configuration(
config.PACKAGE_NAME,
config.SERVICE_NAME,
{
"elasticsearch": {"xpack_security_enabled": False},
"service": {
"update_strategy": "parallel",
"security": {"transport_encryption": {"enabled": False}},
},
},
config.DEFAULT_TASK_COUNT,
wait_for_deployment=True,
)
# Verify we can read what was written before toggling security, without basic HTTP credentials.
document_security_disabled = config.get_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_disabled_id,
service_name=config.SERVICE_NAME,
)
assert (
document_security_disabled["_source"]["name"]
== document_security_disabled_fields["name"]
)
# Verify we can read what was written when security was enabled, without basic HTTP credentials.
document_security_enabled = config.get_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_enabled_id,
service_name=config.SERVICE_NAME,
)
assert (
document_security_enabled["_source"]["name"] == document_security_enabled_fields["name"]
)
finally:
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_SERVICE_NAME)
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
transport_encryption.cleanup_service_account(config.SERVICE_NAME, service_account_info)
