diff --git a/data/common.yaml b/data/common.yaml index 1c6c29c..cd0a63e 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,72 +1,71 @@ --- elasticsearch::ensure: present elasticsearch::api_basic_auth_password: ~ elasticsearch::api_basic_auth_username: ~ elasticsearch::api_ca_file: ~ elasticsearch::api_ca_path: ~ elasticsearch::api_host: localhost elasticsearch::api_port: 9200 elasticsearch::api_protocol: http elasticsearch::api_timeout: 10 elasticsearch::autoupgrade: false elasticsearch::config: {} elasticsearch::configdir: /etc/elasticsearch elasticsearch::configdir_recurselimit: 2 elasticsearch::daily_rolling_date_pattern: | "'.'yyyy-MM-dd" elasticsearch::datadir_instance_directories: true elasticsearch::default_logging_level: 'INFO' elasticsearch::defaults_location: ~ elasticsearch::deprecation_logging: false elasticsearch::deprecation_logging_level: 'DEBUG' elasticsearch::download_tool: ~ elasticsearch::download_tool_insecure: ~ elasticsearch::download_tool_verify_certificates: true elasticsearch::file_rolling_type: dailyRollingFile elasticsearch::indices: {} elasticsearch::init_defaults: {} elasticsearch::init_defaults_file: ~ elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.systemd.erb" elasticsearch::instances: {} elasticsearch::jvm_options: [] elasticsearch::license: ~ elasticsearch::logdir: /var/log/elasticsearch elasticsearch::logging_config: {} elasticsearch::logging_file: ~ elasticsearch::logging_level: 'INFO' elasticsearch::logging_template: ~ elasticsearch::manage_repo: true elasticsearch::oss: false elasticsearch::package_dl_timeout: 600 elasticsearch::package_name: elasticsearch elasticsearch::package_provider: package elasticsearch::package_url: ~ elasticsearch::pid_dir: /var/run/elasticsearch elasticsearch::pipelines: {} elasticsearch::plugindir: ~ elasticsearch::plugins: {} elasticsearch::proxy_url: ~ elasticsearch::purge_configdir: false elasticsearch::purge_package_dir: false elasticsearch::purge_secrets: false elasticsearch::repo_stage: false elasticsearch::restart_on_change: false elasticsearch::roles: {} elasticsearch::rolling_file_max_backup_index: 1 elasticsearch::rolling_file_max_file_size: 10MB elasticsearch::scripts: {} elasticsearch::secrets: ~ elasticsearch::security_logging_content: ~ elasticsearch::security_logging_source: ~ -elasticsearch::security_plugin: ~ elasticsearch::service_name: elasticsearch elasticsearch::service_provider: systemd elasticsearch::snapshot_repositories: {} elasticsearch::ssl: false elasticsearch::status: enabled elasticsearch::system_key: ~ elasticsearch::systemd_service_path: /lib/systemd/system elasticsearch::templates: {} elasticsearch::users: {} elasticsearch::validate_tls: true elasticsearch::version: false diff --git a/lib/puppet/provider/elastic_parsedfile.rb b/lib/puppet/provider/elastic_parsedfile.rb index 285119d..cc2a6b8 100644 --- a/lib/puppet/provider/elastic_parsedfile.rb +++ b/lib/puppet/provider/elastic_parsedfile.rb @@ -1,19 +1,12 @@ require 'puppet/provider/parsedfile' # Parent class for Elasticsearch-based providers that need to access # specific configuration directories. class Puppet::Provider::ElasticParsedFile < Puppet::Provider::ParsedFile # Find/set an x-pack configuration file. # # @return String def self.xpack_config(val) @default_target ||= "/etc/elasticsearch/#{val}" end - - # Find/set an oss x-pack configuration file. - # - # @return String - def self.oss_xpack_config(val) - @default_target ||= "/etc/elasticsearch/#{val}" - end end diff --git a/lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb b/lib/puppet/provider/elasticsearch_keystore/ruby.rb similarity index 100% rename from lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb rename to lib/puppet/provider/elasticsearch_keystore/ruby.rb diff --git a/lib/puppet/provider/elasticsearch_license/ruby.rb b/lib/puppet/provider/elasticsearch_license/xpack.rb similarity index 100% rename from lib/puppet/provider/elasticsearch_license/ruby.rb rename to lib/puppet/provider/elasticsearch_license/xpack.rb diff --git a/lib/puppet/provider/elasticsearch_plugin/plugin.rb b/lib/puppet/provider/elasticsearch_plugin/plugin.rb deleted file mode 100644 index 33b6c8c..0000000 --- a/lib/puppet/provider/elasticsearch_plugin/plugin.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'puppet/provider/elastic_plugin' - -Puppet::Type.type(:elasticsearch_plugin).provide( - :plugin, - :parent => Puppet::Provider::ElasticPlugin -) do - desc 'Pre-5.x provider for Elasticsearch bin/plugin command operations.' - - case Facter.value('osfamily') - when 'OpenBSD' - commands :plugin => '/usr/local/elasticsearch/bin/plugin' - commands :es => '/usr/local/elasticsearch/bin/elasticsearch' - commands :javapathhelper => '/usr/local/bin/javaPathHelper' - else - commands :plugin => '/usr/share/elasticsearch/bin/plugin' - commands :es => '/usr/share/elasticsearch/bin/elasticsearch' - end -end diff --git a/lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb b/lib/puppet/provider/elasticsearch_plugin/ruby.rb similarity index 100% rename from lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb rename to lib/puppet/provider/elasticsearch_plugin/ruby.rb diff --git a/lib/puppet/provider/elasticsearch_role/oss_xpack.rb b/lib/puppet/provider/elasticsearch_role/oss_xpack.rb deleted file mode 100644 index 6d1ac0d..0000000 --- a/lib/puppet/provider/elasticsearch_role/oss_xpack.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet/provider/elastic_yaml' - -Puppet::Type.type(:elasticsearch_role).provide( - :oss_xpack, - :parent => Puppet::Provider::ElasticYaml, - :metadata => :privileges -) do - desc 'Provider for OSS X-Pack role resources.' - - oss_xpack_config 'roles.yml' - confine :exists => default_target -end diff --git a/lib/puppet/provider/elasticsearch_role/xpack.rb b/lib/puppet/provider/elasticsearch_role/ruby.rb similarity index 83% rename from lib/puppet/provider/elasticsearch_role/xpack.rb rename to lib/puppet/provider/elasticsearch_role/ruby.rb index d6b60d3..d05e87e 100644 --- a/lib/puppet/provider/elasticsearch_role/xpack.rb +++ b/lib/puppet/provider/elasticsearch_role/ruby.rb @@ -1,12 +1,11 @@ require 'puppet/provider/elastic_yaml' Puppet::Type.type(:elasticsearch_role).provide( - :xpack, + :ruby, :parent => Puppet::Provider::ElasticYaml, :metadata => :privileges ) do desc 'Provider for X-Pack role resources.' xpack_config 'roles.yml' - confine :exists => default_target end diff --git a/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb b/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb deleted file mode 100644 index ff294e6..0000000 --- a/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet/provider/elastic_yaml' - -Puppet::Type.type(:elasticsearch_role_mapping).provide( - :oss_xpack, - :parent => Puppet::Provider::ElasticYaml, - :metadata => :mappings -) do - desc 'Provider for OSS X-Pack role mappings.' - - oss_xpack_config 'role_mapping.yml' - confine :exists => default_target -end diff --git a/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb b/lib/puppet/provider/elasticsearch_role_mapping/ruby.rb similarity index 84% rename from lib/puppet/provider/elasticsearch_role_mapping/xpack.rb rename to lib/puppet/provider/elasticsearch_role_mapping/ruby.rb index 765c450..c73ea00 100644 --- a/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb +++ b/lib/puppet/provider/elasticsearch_role_mapping/ruby.rb @@ -1,12 +1,11 @@ require 'puppet/provider/elastic_yaml' Puppet::Type.type(:elasticsearch_role_mapping).provide( - :xpack, + :ruby, :parent => Puppet::Provider::ElasticYaml, :metadata => :mappings ) do desc 'Provider for X-Pack role mappings.' xpack_config 'role_mapping.yml' - confine :exists => default_target end diff --git a/lib/puppet/provider/elasticsearch_user/esusers.rb b/lib/puppet/provider/elasticsearch_user/esusers.rb deleted file mode 100644 index 9815cc5..0000000 --- a/lib/puppet/provider/elasticsearch_user/esusers.rb +++ /dev/null @@ -1,15 +0,0 @@ -require File.join(File.dirname(__FILE__), '..', '..', '..', 'puppet/provider/elastic_user_command') - -Puppet::Type.type(:elasticsearch_user).provide( - :esusers, - :parent => Puppet::Provider::ElasticUserCommand -) do - desc 'Provider for Shield file (esusers) user resources.' - - has_feature :manages_plaintext_passwords - - mk_resource_methods - - commands :users_cli => "#{homedir}/bin/shield/esusers" - commands :es => "#{homedir}/bin/elasticsearch" -end diff --git a/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb b/lib/puppet/provider/elasticsearch_user/ruby.rb similarity index 74% rename from lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb rename to lib/puppet/provider/elasticsearch_user/ruby.rb index ba47d9e..d12c4f6 100644 --- a/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb +++ b/lib/puppet/provider/elasticsearch_user/ruby.rb @@ -1,16 +1,15 @@ require File.join(File.dirname(__FILE__), '..', '..', '..', 'puppet/provider/elastic_user_command') Puppet::Type.type(:elasticsearch_user).provide( - :elasticsearch_users, + :ruby, :parent => Puppet::Provider::ElasticUserCommand ) do - desc 'Provider for OSS X-Pack user resources.' - confine :exists => "#{homedir}/bin/elasticsearch-users" + desc 'Provider for X-Pack user resources.' has_feature :manages_plaintext_passwords mk_resource_methods commands :users_cli => "#{homedir}/bin/elasticsearch-users" commands :es => "#{homedir}/bin/elasticsearch" end diff --git a/lib/puppet/provider/elasticsearch_user/users.rb b/lib/puppet/provider/elasticsearch_user/users.rb deleted file mode 100644 index 83e02ee..0000000 --- a/lib/puppet/provider/elasticsearch_user/users.rb +++ /dev/null @@ -1,25 +0,0 @@ -require File.join(File.dirname(__FILE__), '..', '..', '..', 'puppet/provider/elastic_user_command') - -Puppet::Type.type(:elasticsearch_user).provide( - :users, - :parent => Puppet::Provider::ElasticUserCommand -) do - desc 'Provider for X-Pack file (users) user resources.' - - # Prefer the newer 'elasticsearch-users' command provider - # if the 'elasticsearch_users' command exists. - # The logic looks a bit backwards here, but that's because - # Puppet evals the 'confine' statement early on. - # So we could hit false-positives due to the package - # being installed in the same Puppet run. - confine :true => begin - false if File.exist?("#{homedir}/bin/elasticsearch-users") - end - - has_feature :manages_plaintext_passwords - - mk_resource_methods - - commands :users_cli => "#{homedir}/bin/x-pack/users" - commands :es => "#{homedir}/bin/elasticsearch" -end diff --git a/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb b/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb deleted file mode 100644 index a160bea..0000000 --- a/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb +++ /dev/null @@ -1,29 +0,0 @@ -require 'puppet/provider/elastic_parsedfile' - -Puppet::Type.type(:elasticsearch_user_file).provide( - :oss_xpack, - :parent => Puppet::Provider::ElasticParsedFile -) do - desc 'Provider for OSS X-Pack users using plain files.' - - oss_xpack_config 'users' - confine :exists => default_target - - has_feature :manages_encrypted_passwords - - text_line :comment, - :match => /^\s*#/ - - record_line :oss_xpack, - :fields => %w[name hashed_password], - :separator => ':', - :joiner => ':' - - def self.valid_attr?(klass, attr_name) - if klass.respond_to? :parameters - klass.parameters.include?(attr_name) - else - true - end - end -end diff --git a/lib/puppet/provider/elasticsearch_user_file/xpack.rb b/lib/puppet/provider/elasticsearch_user_file/ruby.rb similarity index 81% rename from lib/puppet/provider/elasticsearch_user_file/xpack.rb rename to lib/puppet/provider/elasticsearch_user_file/ruby.rb index 318ad35..7438be0 100644 --- a/lib/puppet/provider/elasticsearch_user_file/xpack.rb +++ b/lib/puppet/provider/elasticsearch_user_file/ruby.rb @@ -1,29 +1,28 @@ require 'puppet/provider/elastic_parsedfile' Puppet::Type.type(:elasticsearch_user_file).provide( - :xpack, + :ruby, :parent => Puppet::Provider::ElasticParsedFile ) do - desc 'Provider for X-Pack esusers using plain files.' + desc 'Provider for X-Pack elasticsearch users using plain files.' xpack_config 'users' - confine :exists => default_target has_feature :manages_encrypted_passwords text_line :comment, :match => /^\s*#/ - record_line :xpack, + record_line :ruby, :fields => %w[name hashed_password], :separator => ':', :joiner => ':' def self.valid_attr?(klass, attr_name) if klass.respond_to? :parameters klass.parameters.include?(attr_name) else true end end end diff --git a/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb b/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb deleted file mode 100644 index b2357d6..0000000 --- a/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb +++ /dev/null @@ -1,11 +0,0 @@ -require 'puppet/provider/elastic_user_roles' - -Puppet::Type.type(:elasticsearch_user_roles).provide( - :oss_xpack, - :parent => Puppet::Provider::ElasticUserRoles -) do - desc 'Provider for X-Pack user roles (parsed file.)' - - oss_xpack_config 'users_roles' - confine :exists => default_target -end diff --git a/lib/puppet/provider/elasticsearch_user_roles/xpack.rb b/lib/puppet/provider/elasticsearch_user_roles/ruby.rb similarity index 84% rename from lib/puppet/provider/elasticsearch_user_roles/xpack.rb rename to lib/puppet/provider/elasticsearch_user_roles/ruby.rb index 0b1a082..a5da043 100644 --- a/lib/puppet/provider/elasticsearch_user_roles/xpack.rb +++ b/lib/puppet/provider/elasticsearch_user_roles/ruby.rb @@ -1,11 +1,10 @@ require 'puppet/provider/elastic_user_roles' Puppet::Type.type(:elasticsearch_user_roles).provide( - :xpack, + :ruby, :parent => Puppet::Provider::ElasticUserRoles ) do desc 'Provider for X-Pack user roles (parsed file.)' xpack_config 'users_roles' - confine :exists => default_target end diff --git a/manifests/init.pp b/manifests/init.pp index 13bbb36..03922a3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,606 +1,606 @@ # Top-level Elasticsearch class which may manage installation of the # Elasticsearch package, package repository, and other # global options and parameters. # # @summary Manages the installation of Elasticsearch and related options. # # @example install Elasticsearch # class { 'elasticsearch': } # # @example removal and decommissioning # class { 'elasticsearch': # ensure => 'absent', # } # # @example install everything but disable service(s) afterwards # class { 'elasticsearch': # status => 'disabled', # } # # @param ensure # Controls if the managed resources shall be `present` or `absent`. # If set to `absent`, the managed software packages will be uninstalled, and # any traces of the packages will be purged as well as possible, possibly # including existing configuration files. # System modifications (if any) will be reverted as well as possible (e.g. # removal of created users, services, changed log settings, and so on). # This is a destructive parameter and should be used with care. # # @param api_basic_auth_password # Defines the default REST basic auth password for API authentication. # # @param api_basic_auth_username # Defines the default REST basic auth username for API authentication. # # @param api_ca_file # Path to a CA file which will be used to validate server certs when # communicating with the Elasticsearch API over HTTPS. # # @param api_ca_path # Path to a directory with CA files which will be used to validate server # certs when communicating with the Elasticsearch API over HTTPS. # # @param api_host # Default host to use when accessing Elasticsearch APIs. # # @param api_port # Default port to use when accessing Elasticsearch APIs. # # @param api_protocol # Default protocol to use when accessing Elasticsearch APIs. # # @param api_timeout # Default timeout (in seconds) to use when accessing Elasticsearch APIs. # # @param autoupgrade # If set to `true`, any managed package will be upgraded on each Puppet run # when the package provider is able to find a newer version than the present # one. The exact behavior is provider dependent (see # {package, "upgradeable"}[http://j.mp/xbxmNP] in the Puppet documentation). # # @param ca_certificate # Path to the trusted CA certificate to add to this node's Java keystore. # # @param certificate # Path to the certificate for this node signed by the CA listed in # ca_certificate. # # @param config # Elasticsearch configuration hash. # # @param configdir # Directory containing the elasticsearch configuration. # Use this setting if your packages deviate from the norm (`/etc/elasticsearch`) # # @param configdir_recurselimit # Dictates how deeply the file copy recursion logic should descend when # copying files from the `configdir` to instance `configdir`s. # # @param daily_rolling_date_pattern # File pattern for the file appender log when file_rolling_type is 'dailyRollingFile'. # # @param datadir # Allows you to set the data directory of Elasticsearch. # # @param datadir_instance_directories # Control whether individual directories for instances will be created within # each instance's data directory. # # @param default_logging_level # Default logging level for Elasticsearch. # # @param defaults_location # Absolute path to directory containing init defaults file. # # @param deprecation_logging -# Wheter to enable deprecation logging. If enabled, deprecation logs will be +# Whether to enable deprecation logging. If enabled, deprecation logs will be # saved to ${cluster.name}_deprecation.log in the Elasticsearch log folder. # # @param deprecation_logging_level # Default deprecation logging level for Elasticsearch. # # @param download_tool # Command-line invocation with which to retrieve an optional package_url. # # @param download_tool_insecure # Command-line invocation with which to retrieve an optional package_url when # certificate verification should be ignored. # # @param download_tool_verify_certificates # Whether or not to verify SSL/TLS certificates when retrieving package files # using a download tool instead of a package management provider. # # @param elasticsearch_group # The group Elasticsearch should run as. This also sets file group # permissions. # # @param elasticsearch_user # The user Elasticsearch should run as. This also sets file ownership. # # @param file_rolling_type # Configuration for the file appender rotation. It can be 'dailyRollingFile', # 'rollingFile' or 'file'. The first rotates by name, the second one by size # or third don't rotate automatically. # # @param homedir # Directory where the elasticsearch installation's files are kept (plugins, etc.) # # @param indices # Define indices via a hash. This is mainly used with Hiera's auto binding. # # @param init_defaults # Defaults file content in hash representation. # # @param init_defaults_file # Defaults file as puppet resource. # # @param init_template # Service file as a template. # # @param jvm_options # Array of options to set in jvm_options. # # @param keystore_password # Password to encrypt this node's Java keystore. # # @param keystore_path # Custom path to the Java keystore file. This parameter is optional. # # @param license # Optional Elasticsearch license in hash or string form. # # @param logdir # Directory that will be used for Elasticsearch logging. # # @param logging_config # Representation of information to be included in the log4j.properties file. # # @param logging_file # Instead of a hash, you may supply a `puppet://` file source for the # log4j.properties file. # # @param logging_level # Default logging level for Elasticsearch. # # @param logging_template # Use a custom logging template - just supply the relative path, i.e. # `$module/elasticsearch/logging.yml.erb` # # @param manage_repo # Enable repo management by enabling official Elastic repositories. # # @param oss # Whether to use the purely open source Elasticsearch package distribution. # # @param package_dir # Directory where packages are downloaded to. # # @param package_dl_timeout # For http, https, and ftp downloads, you may set how long the exec resource # may take. # # @param package_name # Name Of the package to install. # # @param package_provider # Method to install the packages, currently only `package` is supported. # # @param package_url # URL of the package to download. # This can be an http, https, or ftp resource for remote packages, or a # `puppet://` resource or `file:/` for local packages # # @param pid_dir # Directory where the elasticsearch process should write out its PID. # # @param pipelines # Define pipelines via a hash. This is mainly used with Hiera's auto binding. # # @param plugindir # Directory containing elasticsearch plugins. # Use this setting if your packages deviate from the norm (/usr/share/elasticsearch/plugins) # # @param plugins # Define plugins via a hash. This is mainly used with Hiera's auto binding. # # @param private_key # Path to the key associated with this node's certificate. # # @param proxy_url # For http and https downloads, you may set a proxy server to use. By default, # no proxy is used. # Format: `proto://[user:pass@]server[:port]/` # # @param purge_configdir # Purge the config directory of any unmanaged files. # # @param purge_package_dir # Purge package directory on removal # # @param purge_secrets # Whether or not keys present in the keystore will be removed if they are not # present in the specified secrets hash. # # @param repo_stage # Use stdlib stage setup for managing the repo instead of relationship # ordering. # # @param restart_on_change # Determines if the application should be automatically restarted # whenever the configuration, package, or plugins change. Enabling this # setting will cause Elasticsearch to restart whenever there is cause to # re-read configuration files, load new plugins, or start the service using an # updated/changed executable. This may be undesireable in highly available # environments. If all other restart_* parameters are left unset, the value of # `restart_on_change` is used for all other restart_*_change defaults. # # @param restart_config_change # Determines if the application should be automatically restarted # whenever the configuration changes. This includes the Elasticsearch # configuration file, any service files, and defaults files. # Disabling automatic restarts on config changes may be desired in an # environment where you need to ensure restarts occur in a controlled/rolling # manner rather than during a Puppet run. # # @param restart_package_change # Determines if the application should be automatically restarted # whenever the package (or package version) for Elasticsearch changes. # Disabling automatic restarts on package changes may be desired in an # environment where you need to ensure restarts occur in a controlled/rolling # manner rather than during a Puppet run. # # @param restart_plugin_change # Determines if the application should be automatically restarted whenever # plugins are installed or removed. # Disabling automatic restarts on plugin changes may be desired in an # environment where you need to ensure restarts occur in a controlled/rolling # manner rather than during a Puppet run. # # @param roles # Define roles via a hash. This is mainly used with Hiera's auto binding. # # @param rolling_file_max_backup_index # Max number of logs to store whern file_rolling_type is 'rollingFile' # # @param rolling_file_max_file_size # Max log file size when file_rolling_type is 'rollingFile' # # @param scripts # Define scripts via a hash. This is mainly used with Hiera's auto binding. # # @param secrets # Optional default configuration hash of key/value pairs to store in the # Elasticsearch keystore file. If unset, the keystore is left unmanaged. # # @param security_logging_content # File content for x-pack logging configuration file (will be placed # into log4j2.properties file). # # @param security_logging_source # File source for x-pack logging configuration file (will be placed # into log4j2.properties). # # @param service_name # Elasticsearch service name # # @param service_provider # The service resource type provider to use when managing elasticsearch instances. # # @param snapshot_repositories # Define snapshot repositories via a hash. This is mainly used with Hiera's auto binding. # # @param ssl # Whether to manage TLS certificates. Requires the ca_certificate, # certificate, private_key and keystore_password parameters to be set. # # @param status # To define the status of the service. If set to `enabled`, the service will # be run and will be started at boot time. If set to `disabled`, the service # is stopped and will not be started at boot time. If set to `running`, the # service will be run but will not be started at boot time. You may use this # to start a service on the first Puppet run instead of the system startup. # If set to `unmanaged`, the service will not be started at boot time and Puppet # does not care whether the service is running or not. For example, this may # be useful if a cluster management software is used to decide when to start # the service plus assuring it is running on the desired node. # # @param system_key # Source for the x-pack system key. Valid values are any that are # supported for the file resource `source` parameter. # # @param systemd_service_path # Path to the directory in which to install systemd service units. # # @param templates # Define templates via a hash. This is mainly used with Hiera's auto binding. # # @param users # Define templates via a hash. This is mainly used with Hiera's auto binding. # # @param validate_tls # Enable TLS/SSL validation on API calls. # # @param version # To set the specific version you want to install. # # @author Richard Pijnenburg # @author Tyler Langlois # @author Gavin Williams # class elasticsearch ( Enum['absent', 'present'] $ensure, Optional[String] $api_basic_auth_password, Optional[String] $api_basic_auth_username, Optional[String] $api_ca_file, Optional[String] $api_ca_path, String $api_host, Integer[0, 65535] $api_port, Enum['http', 'https'] $api_protocol, Integer $api_timeout, Boolean $autoupgrade, Hash $config, Stdlib::Absolutepath $configdir, Integer $configdir_recurselimit, String $daily_rolling_date_pattern, Elasticsearch::Multipath $datadir, Boolean $datadir_instance_directories, Optional[Stdlib::Absolutepath] $defaults_location, Boolean $deprecation_logging, String $deprecation_logging_level, Optional[String] $download_tool, Optional[String] $download_tool_insecure, Boolean $download_tool_verify_certificates, String $elasticsearch_group, String $elasticsearch_user, Enum['dailyRollingFile', 'rollingFile', 'file'] $file_rolling_type, Stdlib::Absolutepath $homedir, Hash $indices, Hash $init_defaults, Optional[String] $init_defaults_file, String $init_template, Array[String] $jvm_options, Optional[Variant[String, Hash]] $license, Stdlib::Absolutepath $logdir, Hash $logging_config, Optional[String] $logging_file, String $logging_level, Optional[String] $logging_template, Boolean $manage_repo, Boolean $oss, Stdlib::Absolutepath $package_dir, Integer $package_dl_timeout, String $package_name, Enum['package'] $package_provider, Optional[String] $package_url, Optional[Stdlib::Absolutepath] $pid_dir, Hash $pipelines, Optional[Stdlib::Absolutepath] $plugindir, Hash $plugins, Optional[Stdlib::HTTPUrl] $proxy_url, Boolean $purge_configdir, Boolean $purge_package_dir, Boolean $purge_secrets, Variant[Boolean, String] $repo_stage, Boolean $restart_on_change, Hash $roles, Integer $rolling_file_max_backup_index, String $rolling_file_max_file_size, Hash $scripts, Optional[Hash] $secrets, Optional[String] $security_logging_content, Optional[String] $security_logging_source, String $service_name, Enum['init', 'openbsd', 'openrc', 'systemd'] $service_provider, Hash $snapshot_repositories, Boolean $ssl, Elasticsearch::Status $status, Optional[String] $system_key, Stdlib::Absolutepath $systemd_service_path, Hash $templates, Hash $users, Boolean $validate_tls, Variant[String, Boolean] $version, Optional[Stdlib::Absolutepath] $ca_certificate = undef, Optional[Stdlib::Absolutepath] $certificate = undef, String $default_logging_level = $logging_level, Optional[String] $keystore_password = undef, Optional[Stdlib::Absolutepath] $keystore_path = undef, Optional[Stdlib::Absolutepath] $private_key = undef, Boolean $restart_config_change = $restart_on_change, Boolean $restart_package_change = $restart_on_change, Boolean $restart_plugin_change = $restart_on_change, ) { #### Validate parameters if ($package_url != undef and $version != false) { fail('Unable to set the version number when using package_url option.') } if ($version != false) { case $facts['os']['family'] { 'RedHat', 'Linux', 'Suse': { if ($version =~ /.+-\d/) { $pkg_version = $version } else { $pkg_version = "${version}-1" } } default: { $pkg_version = $version } } } # This value serves as an unchanging default for platforms as a default for # init scripts to fallback on. $_datadir_default = $facts['kernel'] ? { 'Linux' => '/var/lib/elasticsearch', 'OpenBSD' => '/var/elasticsearch/data', default => undef, } # The OSS package distribution's package appends `-oss` to the end of the # canonical package name. $_package_name = $oss ? { true => "${package_name}-oss", default => $package_name, } # Set the plugin path variable for use later in the module. if $plugindir == undef { $real_plugindir = "${homedir}/plugins" } else { $real_plugindir = $plugindir } # Should we restart Elasticsearch on config change? $_notify_service = $elasticsearch::restart_config_change ? { true => Service[$elasticsearch::service_name], false => undef, } #### Manage actions contain elasticsearch::package contain elasticsearch::config contain elasticsearch::service create_resources('elasticsearch::index', $elasticsearch::indices) create_resources('elasticsearch::pipeline', $elasticsearch::pipelines) create_resources('elasticsearch::plugin', $elasticsearch::plugins) create_resources('elasticsearch::role', $elasticsearch::roles) create_resources('elasticsearch::script', $elasticsearch::scripts) create_resources('elasticsearch::snapshot_repository', $elasticsearch::snapshot_repositories) create_resources('elasticsearch::template', $elasticsearch::templates) create_resources('elasticsearch::user', $elasticsearch::users) if ($manage_repo == true) { if ($repo_stage == false) { # Use normal relationship ordering contain elastic_stack::repo Class['elastic_stack::repo'] -> Class['elasticsearch::package'] } else { # Use staging for ordering if !(defined(Stage[$repo_stage])) { stage { $repo_stage: before => Stage['main'] } } include elastic_stack::repo Class<|title == 'elastic_stack::repo'|>{ stage => $repo_stage, } } } if ($license != undef) { contain elasticsearch::license } #### Manage relationships # # Note that many of these overly verbose declarations work around # https://tickets.puppetlabs.com/browse/PUP-1410 # which means clean arrow order chaining won't work if someone, say, # doesn't declare any plugins. # # forgive me for what you're about to see if defined(Class['java']) { Class['java'] -> Class['elasticsearch::config'] } if $ensure == 'present' { # Installation, configuration and service Class['elasticsearch::package'] -> Class['elasticsearch::config'] ~> Class['elasticsearch::service'] # Top-level ordering bindings for resources. Class['elasticsearch::config'] -> Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> Elasticsearch::Plugin <| ensure == 'absent' |> -> Class['elasticsearch::config'] # Class['elasticsearch::config'] # -> Elasticsearch::User <| ensure == 'present' |> # Elasticsearch::User <| ensure == 'absent' |> # -> Class['elasticsearch::config'] # Class['elasticsearch::config'] # -> Elasticsearch::Role <| |> Class['elasticsearch::config'] -> Elasticsearch::Template <| |> Class['elasticsearch::config'] -> Elasticsearch::Pipeline <| |> Class['elasticsearch::config'] -> Elasticsearch::Index <| |> Class['elasticsearch::config'] -> Elasticsearch::Snapshot_repository <| |> } else { # Absent; remove configuration before the package. Class['elasticsearch::config'] -> Class['elasticsearch::package'] # Top-level ordering bindings for resources. Elasticsearch::Plugin <| |> -> Class['elasticsearch::config'] Elasticsearch::User <| |> -> Class['elasticsearch::config'] Elasticsearch::Role <| |> -> Class['elasticsearch::config'] Elasticsearch::Template <| |> -> Class['elasticsearch::config'] Elasticsearch::Pipeline <| |> -> Class['elasticsearch::config'] Elasticsearch::Index <| |> -> Class['elasticsearch::config'] Elasticsearch::Snapshot_repository <| |> -> Class['elasticsearch::config'] } # Install plugins before managing users/roles Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> -> Elasticsearch::User <| |> Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> -> Elasticsearch::Role <| |> # Remove plugins after managing users/roles Elasticsearch::User <| |> -> Elasticsearch::Plugin <| ensure == 'absent' |> Elasticsearch::Role <| |> -> Elasticsearch::Plugin <| ensure == 'absent' |> # Ensure roles are defined before managing users that reference roles Elasticsearch::Role <| |> -> Elasticsearch::User <| ensure == 'present' |> # Ensure users are removed before referenced roles are managed Elasticsearch::User <| ensure == 'absent' |> -> Elasticsearch::Role <| |> # Ensure users and roles are managed before calling out to REST resources Elasticsearch::Role <| |> -> Elasticsearch::Template <| |> Elasticsearch::User <| |> -> Elasticsearch::Template <| |> Elasticsearch::Role <| |> -> Elasticsearch::Pipeline <| |> Elasticsearch::User <| |> -> Elasticsearch::Pipeline <| |> Elasticsearch::Role <| |> -> Elasticsearch::Index <| |> Elasticsearch::User <| |> -> Elasticsearch::Index <| |> Elasticsearch::Role <| |> -> Elasticsearch::Snapshot_repository <| |> Elasticsearch::User <| |> -> Elasticsearch::Snapshot_repository <| |> # Ensure that any command-line based user changes are performed before the # file is modified Elasticsearch_user <| |> -> Elasticsearch_user_file <| |> } diff --git a/spec/classes/001_hiera_spec.rb b/spec/classes/001_hiera_spec.rb index 6125a01..b16df2c 100644 --- a/spec/classes/001_hiera_spec.rb +++ b/spec/classes/001_hiera_spec.rb @@ -1,214 +1,213 @@ require 'spec_helper' describe 'elasticsearch', :type => 'class' do default_params = { :config => { 'node.name' => 'foo' } } let(:params) do default_params.merge({}) end on_supported_os( :hardwaremodels => ['x86_64'], :supported_os => [ { 'operatingsystem' => 'CentOS', 'operatingsystemrelease' => ['7'] } ] ).each do |os, facts| context "on #{os}" do context 'hiera' do describe 'indices' do context 'single indices' do let(:facts) { facts.merge(:scenario => 'singleindex') } it { should contain_elasticsearch__index('baz') .with( :ensure => 'present', :settings => { 'index' => { 'number_of_shards' => 1 } } ) } it { should contain_elasticsearch_index('baz') } it { should contain_es_instance_conn_validator( 'baz-index-conn-validator' ) } end context 'no indices' do let(:facts) { facts.merge(:scenario => '') } it { should_not contain_elasticsearch__index('baz') } end end context 'config' do let(:facts) { facts.merge(:scenario => 'singleinstance') } - # TODO: Fix this it { should contain_augeas('init_defaults') } it { should contain_file('/etc/elasticsearch/elasticsearch.yml') } it { should contain_datacat('/etc/elasticsearch/elasticsearch.yml') } it { should contain_datacat_fragment('main_config') } it { should contain_service('elasticsearch').with( :ensure => 'running', :enable => true ) } end # of config describe 'pipelines' do context 'single pipeline' do let(:facts) { facts.merge(:scenario => 'singlepipeline') } it { should contain_elasticsearch__pipeline('testpipeline') .with( :ensure => 'present', :content => { 'description' => 'Add the foo field', 'processors' => [ { 'set' => { 'field' => 'foo', 'value' => 'bar' } } ] } ) } it { should contain_elasticsearch_pipeline('testpipeline') } end context 'no pipelines' do let(:facts) { facts.merge(:scenario => '') } it { should_not contain_elasticsearch__pipeline('testpipeline') } end end describe 'plugins' do context 'single plugin' do let(:facts) { facts.merge(:scenario => 'singleplugin') } it { should contain_elasticsearch__plugin('mobz/elasticsearch-head') .with( :ensure => 'present', :module_dir => 'head' ) } it { should contain_elasticsearch_plugin('mobz/elasticsearch-head') } end context 'no plugins' do let(:facts) { facts.merge(:scenario => '') } it { should_not contain_elasticsearch__plugin( 'mobz/elasticsearch-head/1.0.0' ) } end end describe 'roles' do context 'single roles' do let(:facts) { facts.merge(:scenario => 'singlerole') } let(:params) do default_params end it { should contain_elasticsearch__role('admin') .with( :ensure => 'present', :privileges => { 'cluster' => 'monitor', 'indices' => { '*' => 'all' } }, :mappings => [ 'cn=users,dc=example,dc=com' ] ) } it { should contain_elasticsearch_role('admin') } it { should contain_elasticsearch_role_mapping('admin') } end context 'no roles' do let(:facts) { facts.merge(:scenario => '') } it { should_not contain_elasticsearch__role('admin') } end end describe 'scripts' do context 'single scripts' do let(:facts) { facts.merge(:scenario => 'singlescript') } it { should contain_elasticsearch__script('myscript') .with( :ensure => 'present', :source => 'puppet:///file/here' ) } it { should contain_file('/usr/share/elasticsearch/scripts/here') } end context 'no roles' do let(:facts) { facts.merge(:scenario => '') } it { should_not contain_elasticsearch__script('myscript') } end end describe 'templates' do context 'single template' do let(:facts) { facts.merge(:scenario => 'singletemplate') } it { should contain_elasticsearch__template('foo') .with( :ensure => 'present', :content => { 'template' => 'foo-*', 'settings' => { 'index' => { 'number_of_replicas' => 0 } } } ) } it { should contain_elasticsearch_template('foo') } end context 'no templates' do let(:facts) { facts.merge(:scenario => '') } it { should_not contain_elasticsearch__template('foo') } end end describe 'users' do context 'single users' do let(:facts) { facts.merge(:scenario => 'singleuser') } let(:params) do default_params end it { should contain_elasticsearch__user('elastic') .with( :ensure => 'present', :roles => ['admin'], :password => 'password' ) } it { should contain_elasticsearch_user('elastic') } end context 'no users' do let(:facts) { facts.merge(:scenario => '') } it { should_not contain_elasticsearch__user('elastic') } end end end end end end diff --git a/spec/helpers/acceptance/tests/security_shared_examples.rb b/spec/helpers/acceptance/tests/security_shared_examples.rb index 6557371..1c0f2ea 100644 --- a/spec/helpers/acceptance/tests/security_shared_examples.rb +++ b/spec/helpers/acceptance/tests/security_shared_examples.rb @@ -1,231 +1,180 @@ require 'json' require 'spec_utilities' require 'helpers/acceptance/tests/manifest_shared_examples' shared_examples 'security plugin manifest' do |credentials| let(:extra_manifest) do users = credentials.map do |username, meta| <<-USER #{meta[:changed] ? "notify { 'password change for #{username}' : } ~>" : ''} elasticsearch::user { '#{username}': password => '#{meta[:hash] ? meta[:hash] : meta[:plaintext]}', roles => #{meta[:roles].reduce({}) { |a, e| a.merge(e) }.keys}, } USER end.join("\n") roles = credentials.values.reduce({}) do |sum, user_metadata| # Collect all roles across users sum.merge user_metadata end[:roles].reduce({}) do |all_roles, role| all_roles.merge role end.reject do |_role, permissions| permissions.empty? end.map do |role, rights| <<-ROLE elasticsearch::role { '#{role}': privileges => #{rights} } ROLE end.join("\n") <<-MANIFEST #{users} #{roles} MANIFEST end include_examples( 'manifest application', not(credentials.values.map { |p| p[:changed] }.any?) ) end shared_examples 'secured request' do |test_desc, es_config, path, http_test, expected, user = nil, pass = nil| es_port = es_config['http.port'] describe port(es_port) do it 'open', :with_retries do should be_listening end end describe server :container do describe http( "https://localhost:#{es_port}#{path}", { :ssl => { :verify => false } }.merge((user and pass) ? { :basic_auth => [user, pass] } : {}) ) do it test_desc, :with_retries do expect(http_test.call(response)).to eq(expected) end end end end shared_examples 'security acceptance tests' do |es_config| describe 'security plugin operations', :if => vault_available?, :then_purge => true, :with_license => true, :with_certificates => true do rand_string = lambda { [*('a'..'z')].sample(8).join } admin_user = rand_string.call admin_password = rand_string.call admin = { admin_user => { :plaintext => admin_password, :roles => [{ 'superuser' => [] }] } } let(:manifest_class_parameters) do <<-MANIFEST api_basic_auth_password => '#{admin_password}', api_basic_auth_username => '#{admin_user}', api_ca_file => '#{@tls[:ca][:cert][:path]}', api_protocol => 'https', ca_certificate => '#{@tls[:ca][:cert][:path]}', certificate => '#{@tls[:clients].first[:cert][:path]}', keystore_password => '#{@keystore_password}', license => file('#{v[:elasticsearch_license_path]}'), private_key => '#{@tls[:clients].first[:key][:path]}', restart_on_change => true, ssl => true, validate_tls => true, MANIFEST end describe 'over tls' do user_one = rand_string.call user_two = rand_string.call user_one_pw = rand_string.call user_two_pw = rand_string.call describe 'user authentication' do username_passwords = { user_one => { :plaintext => user_one_pw, :roles => [{ 'superuser' => [] }] }, user_two => { :plaintext => user_two_pw, :roles => [{ 'superuser' => [] }] } }.merge(admin) username_passwords[user_two][:hash] = bcrypt(username_passwords[user_two][:plaintext]) include_examples('security plugin manifest', username_passwords) include_examples( 'secured request', 'denies unauthorized access', es_config, '/_cluster/health', lambda { |r| r.status }, 401 ) include_examples( 'secured request', "permits user #{user_one} access", es_config, '/_cluster/health', lambda { |r| r.status }, 200, user_one, user_one_pw ) include_examples( 'secured request', "permits user #{user_two} access", es_config, '/_cluster/health', lambda { |r| r.status }, 200, user_two, user_two_pw ) end describe 'changing passwords' do new_password = rand_string.call username_passwords = { user_one => { :plaintext => new_password, :changed => true, :roles => [{ 'superuser' => [] }] } } include_examples('security plugin manifest', username_passwords) include_examples( 'secured request', 'denies unauthorized access', es_config, '/_cluster/health', lambda { |r| r.status }, 401 ) include_examples( 'secured request', "permits user #{user_two} access with new password", es_config, '/_cluster/health', lambda { |r| r.status }, 200, user_one, new_password ) end describe 'roles' do password = rand_string.call username = rand_string.call user = { username => { :plaintext => password, :roles => [{ rand_string.call => { 'cluster' => [ 'cluster:monitor/health' ] } }] } } include_examples('security plugin manifest', user) include_examples( 'secured request', 'denies unauthorized access', es_config, '/_snapshot', lambda { |r| r.status }, 403, username, password ) include_examples( 'secured request', 'permits authorized access', es_config, '/_cluster/health', lambda { |r| r.status }, 200, username, password ) end end - - # describe 'with two instances' do - # let(:ssl_params) do - # @tls[:clients].each_with_index.map do |cert, i| - # format(%( - # Elasticsearch::Instance['es-%02d'] { - # ca_certificate => '#{@tls[:ca][:cert][:path]}', - # certificate => '#{cert[:cert][:path]}', - # private_key => '#{cert[:key][:path]}', - # keystore_password => '#{@keystore_password}', - # } - # ), i + 1) - # end.join("\n") - # end - - # ssl_instances = default_instances.map do |instance, meta| - # new_config = if v[:elasticsearch_major_version] > 2 - # { 'xpack.ssl.verification_mode' => 'none' } - # else - # { 'shield.ssl.hostname_verification' => false } - # end - # [ - # instance, - # { - # 'config' => meta['config'].merge(new_config).merge( - # 'discovery.zen.minimum_master_nodes' => default_instances.keys.size - # ), - # 'ssl' => true - # } - # ] - # end.to_h - - # username = rand_string.call - # password = rand_string.call - - # include_examples( - # 'security plugin manifest', - # ssl_instances, - # username => { - # :plaintext => password, - # :roles => [{ 'superuser' => [] }] - # } - # ) - - # include_examples( - # 'secured request', 'clusters between two nodes', - # ssl_instances, '/_nodes', - # lambda { |r| JSON.parse(r.body)['nodes'].size }, 2, - # username, password - # ) - # end end end diff --git a/spec/unit/provider/elasticsearch_license/ruby_spec.rb b/spec/unit/provider/elasticsearch_license/ruby_spec.rb deleted file mode 100644 index 1bfcd01..0000000 --- a/spec/unit/provider/elasticsearch_license/ruby_spec.rb +++ /dev/null @@ -1,61 +0,0 @@ -require_relative '../../../helpers/unit/provider/elasticsearch_rest_shared_examples' - -describe Puppet::Type.type(:elasticsearch_license).provider(:xpack) do - let(:name) { 'xpack' } - - let(:example_1) do - { - :name => 'xpack', - :ensure => :present, - :provider => :xpack, - :content => { - 'license' => { - 'status' => 'active', - 'uid' => 'cbff45e7-c553-41f7-ae4f-9205eabd80xx', - 'type' => 'trial', - 'issue_date' => '2018-02-22T23:12:05.550Z', - 'issue_date_in_millis' => 1_519_341_125_550, - 'expiry_date' => '2018-03-24T23:12:05.550Z', - 'expiry_date_in_millis' => 1_521_933_125_550, - 'max_nodes' => 1_000, - 'issued_to' => 'test', - 'issuer' => 'elasticsearch', - 'start_date_in_millis' => 1_513_814_400_000 - } - } - } - end - - let(:json_1) do - { - 'license' => { - 'status' => 'active', - 'uid' => 'cbff45e7-c553-41f7-ae4f-9205eabd80xx', - 'type' => 'trial', - 'issue_date' => '2018-02-22T23:12:05.550Z', - 'issue_date_in_millis' => '1519341125550', - 'expiry_date' => '2018-03-24T23:12:05.550Z', - 'expiry_date_in_millis' => '1521933125550', - 'max_nodes' => '1000', - 'issued_to' => 'test', - 'issuer' => 'elasticsearch', - 'start_date_in_millis' => '1513814400000' - } - } - end - - let(:resource) { Puppet::Type::Elasticsearch_index.new props } - let(:provider) { described_class.new resource } - let(:props) do - { - :name => name, - :settings => { - 'index' => { - 'number_of_replicas' => 0 - } - } - } - end - - include_examples 'REST API', 'xpack/license', nil, true -end diff --git a/spec/unit/provider/elasticsearch_license/xpack_spec.rb b/spec/unit/provider/elasticsearch_license/xpack_spec.rb new file mode 100644 index 0000000..978b3bd --- /dev/null +++ b/spec/unit/provider/elasticsearch_license/xpack_spec.rb @@ -0,0 +1,61 @@ +require_relative '../../../helpers/unit/provider/elasticsearch_rest_shared_examples' + +describe Puppet::Type.type(:elasticsearch_license).provider(:xpack) do + let(:name) { 'xpack' } + + let(:example_1) do + { + :name => 'xpack', + :ensure => :present, + :provider => :xpack, + :content => { + 'license' => { + 'status' => 'active', + 'uid' => 'cbff45e7-c553-41f7-ae4f-9205eabd80xx', + 'type' => 'trial', + 'issue_date' => '2018-02-22T23:12:05.550Z', + 'issue_date_in_millis' => 1_519_341_125_550, + 'expiry_date' => '2018-03-24T23:12:05.550Z', + 'expiry_date_in_millis' => 1_521_933_125_550, + 'max_nodes' => 1_000, + 'issued_to' => 'test', + 'issuer' => 'elasticsearch', + 'start_date_in_millis' => 1_513_814_400_000 + } + } + } + end + + let(:json_1) do + { + 'license' => { + 'status' => 'active', + 'uid' => 'cbff45e7-c553-41f7-ae4f-9205eabd80xx', + 'type' => 'trial', + 'issue_date' => '2018-02-22T23:12:05.550Z', + 'issue_date_in_millis' => '1519341125550', + 'expiry_date' => '2018-03-24T23:12:05.550Z', + 'expiry_date_in_millis' => '1521933125550', + 'max_nodes' => '1000', + 'issued_to' => 'test', + 'issuer' => 'elasticsearch', + 'start_date_in_millis' => '1513814400000' + } + } + end + + let(:resource) { Puppet::Type::Elasticsearch_index.new props } + let(:provider) { described_class.new resource } + let(:props) do + { + :name => name, + :settings => { + 'index' => { + 'number_of_replicas' => 0 + } + } + } + end + + include_examples 'REST API', 'xpack/license', nil, true +end diff --git a/spec/unit/provider/elasticsearch_plugin/plugin_spec.rb b/spec/unit/provider/elasticsearch_plugin/plugin_spec.rb deleted file mode 100644 index 08365ef..0000000 --- a/spec/unit/provider/elasticsearch_plugin/plugin_spec.rb +++ /dev/null @@ -1,23 +0,0 @@ -require_relative 'shared_examples' - -provider_class = Puppet::Type.type(:elasticsearch_plugin).provider(:plugin) - -describe provider_class do - let(:resource_name) { 'lmenezes/elasticsearch-kopf' } - let(:resource) do - Puppet::Type.type(:elasticsearch_plugin).new( - :name => resource_name, - :ensure => :present, - :provider => 'plugin' - ) - end - let(:provider) do - provider = provider_class.new - provider.resource = resource - provider - end - let(:klass) { provider_class } - - include_examples 'plugin provider', '1.7.0' - include_examples 'plugin provider', '2.0.0' -end diff --git a/spec/unit/provider/elasticsearch_plugin/elasticsearch_plugin_spec.rb b/spec/unit/provider/elasticsearch_plugin/ruby_spec.rb similarity index 100% rename from spec/unit/provider/elasticsearch_plugin/elasticsearch_plugin_spec.rb rename to spec/unit/provider/elasticsearch_plugin/ruby_spec.rb diff --git a/spec/unit/provider/elasticsearch_role/all_spec.rb b/spec/unit/provider/elasticsearch_role/all_spec.rb deleted file mode 100644 index fe026b4..0000000 --- a/spec/unit/provider/elasticsearch_role/all_spec.rb +++ /dev/null @@ -1,61 +0,0 @@ -require 'spec_helper_rspec' - -[:oss_xpack, :xpack].each do |provider| - describe Puppet::Type.type(:elasticsearch_role).provider(provider) do - describe 'instances' do - it 'should have an instance method' do - expect(described_class).to respond_to :instances - end - - context 'with no roles' do - it 'should return no resources' do - expect(described_class.parse("\n")).to eq([]) - end - end - - context 'with one role' do - it 'should return one resource' do - expect(described_class.parse(%( - admin: - cluster: all - indices: - '*': all - ))[0]).to eq( - :ensure => :present, - :name => 'admin', - :privileges => { - 'cluster' => 'all', - 'indices' => { - '*' => 'all' - } - } - ) - end - end - - context 'with multiple roles' do - it 'should return three resources' do - expect(described_class.parse(%( - admin: - cluster: all - indices: - '*': all - user: - indices: - '*': read - power_user: - cluster: monitor - indices: - '*': all - )).length).to eq(3) - end - end - end # of describe instances - - describe 'prefetch' do - it 'should have a prefetch method' do - expect(described_class).to respond_to :prefetch - end - end - end # of describe puppet type -end diff --git a/spec/unit/provider/elasticsearch_role/ruby_spec.rb b/spec/unit/provider/elasticsearch_role/ruby_spec.rb new file mode 100644 index 0000000..bbaafed --- /dev/null +++ b/spec/unit/provider/elasticsearch_role/ruby_spec.rb @@ -0,0 +1,59 @@ +require 'spec_helper_rspec' + +describe Puppet::Type.type(:elasticsearch_role).provider(:ruby) do + describe 'instances' do + it 'should have an instance method' do + expect(described_class).to respond_to :instances + end + + context 'with no roles' do + it 'should return no resources' do + expect(described_class.parse("\n")).to eq([]) + end + end + + context 'with one role' do + it 'should return one resource' do + expect(described_class.parse(%( + admin: + cluster: all + indices: + '*': all + ))[0]).to eq( + :ensure => :present, + :name => 'admin', + :privileges => { + 'cluster' => 'all', + 'indices' => { + '*' => 'all' + } + } + ) + end + end + + context 'with multiple roles' do + it 'should return three resources' do + expect(described_class.parse(%( + admin: + cluster: all + indices: + '*': all + user: + indices: + '*': read + power_user: + cluster: monitor + indices: + '*': all + )).length).to eq(3) + end + end + end # of describe instances + + describe 'prefetch' do + it 'should have a prefetch method' do + expect(described_class).to respond_to :prefetch + end + end +end diff --git a/spec/unit/provider/elasticsearch_role_mapping/all_spec.rb b/spec/unit/provider/elasticsearch_role_mapping/all_spec.rb deleted file mode 100644 index 53e1891..0000000 --- a/spec/unit/provider/elasticsearch_role_mapping/all_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -require 'spec_helper_rspec' - -[:oss_xpack, :xpack].each do |provider| - describe Puppet::Type.type(:elasticsearch_role_mapping).provider(provider) do - describe 'instances' do - it 'should have an instance method' do - expect(described_class).to respond_to :instances - end - - context 'with no roles' do - it 'should return no resources' do - expect(described_class.parse("\n")).to eq([]) - end - end - - context 'with one role' do - it 'should return one resource' do - expect(described_class.parse(%( - admin: - - "cn=users,dc=example,dc=com" - ))[0]).to eq( - :ensure => :present, - :name => 'admin', - :mappings => [ - 'cn=users,dc=example,dc=com' - ] - ) - end - end - - context 'with multiple roles' do - it 'should return three resources' do - expect(described_class.parse(%( - admin: - - "cn=users,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - - "cn=John Doe,cn=other users,dc=example,dc=com" - power_user: - - "cn=admins,dc=example,dc=com" - )).length).to eq(3) - end - end - end # of describe instances - - describe 'prefetch' do - it 'should have a prefetch method' do - expect(described_class).to respond_to :prefetch - end - end - end # of describe puppet type -end diff --git a/spec/unit/provider/elasticsearch_role_mapping/ruby_spec.rb b/spec/unit/provider/elasticsearch_role_mapping/ruby_spec.rb new file mode 100644 index 0000000..f2af032 --- /dev/null +++ b/spec/unit/provider/elasticsearch_role_mapping/ruby_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper_rspec' + +describe Puppet::Type.type(:elasticsearch_role_mapping).provider(:ruby) do + describe 'instances' do + it 'should have an instance method' do + expect(described_class).to respond_to :instances + end + + context 'with no roles' do + it 'should return no resources' do + expect(described_class.parse("\n")).to eq([]) + end + end + + context 'with one role' do + it 'should return one resource' do + expect(described_class.parse(%( + admin: + - "cn=users,dc=example,dc=com" + ))[0]).to eq( + :ensure => :present, + :name => 'admin', + :mappings => [ + 'cn=users,dc=example,dc=com' + ] + ) + end + end + + context 'with multiple roles' do + it 'should return three resources' do + expect(described_class.parse(%( + admin: + - "cn=users,dc=example,dc=com" + user: + - "cn=users,dc=example,dc=com" + - "cn=admins,dc=example,dc=com" + - "cn=John Doe,cn=other users,dc=example,dc=com" + power_user: + - "cn=admins,dc=example,dc=com" + )).length).to eq(3) + end + end + end # of describe instances + + describe 'prefetch' do + it 'should have a prefetch method' do + expect(described_class).to respond_to :prefetch + end + end +end diff --git a/spec/unit/provider/elasticsearch_user/all_spec.rb b/spec/unit/provider/elasticsearch_user/all_spec.rb deleted file mode 100644 index 3f70bb9..0000000 --- a/spec/unit/provider/elasticsearch_user/all_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -require 'spec_helper_rspec' - -[:elasticsearch_users, :esusers, :users].each do |provider| - describe Puppet::Type.type(:elasticsearch_user).provider(provider) do - describe 'instances' do - it 'should have an instance method' do - expect(described_class).to respond_to :instances - end - - context 'without users' do - before do - expect(described_class).to receive(:command_with_path).with('list').and_return( - 'No users found' - ) - end - - it 'should return no resources' do - expect(described_class.instances.size).to eq(0) - end - end - - context 'with one user' do - before do - expect(described_class).to receive(:command_with_path).with('list').and_return( - 'elastic : admin*,power_user' - ) - end - - it 'should return one resource' do - expect(described_class.instances[0].instance_variable_get( - '@property_hash' - )).to eq( - :ensure => :present, - :name => 'elastic', - :provider => provider - ) - end - end - - context 'with multiple users' do - before do - expect(described_class).to receive( - :command_with_path - ).with('list').and_return( - <<-EOL - elastic : admin* - logstash : user - kibana : kibana - EOL - ) - end - - it 'should return three resources' do - expect(described_class.instances.length).to eq(3) - end - end - end # of describe instances - - describe 'prefetch' do - it 'should have a prefetch method' do - expect(described_class).to respond_to :prefetch - end - end - end # of describe puppet type -end diff --git a/spec/unit/provider/elasticsearch_user/ruby_spec.rb b/spec/unit/provider/elasticsearch_user/ruby_spec.rb new file mode 100644 index 0000000..627c854 --- /dev/null +++ b/spec/unit/provider/elasticsearch_user/ruby_spec.rb @@ -0,0 +1,63 @@ +require 'spec_helper_rspec' + +describe Puppet::Type.type(:elasticsearch_user).provider(:ruby) do + describe 'instances' do + it 'should have an instance method' do + expect(described_class).to respond_to :instances + end + + context 'without users' do + before do + expect(described_class).to receive(:command_with_path).with('list').and_return( + 'No users found' + ) + end + + it 'should return no resources' do + expect(described_class.instances.size).to eq(0) + end + end + + context 'with one user' do + before do + expect(described_class).to receive(:command_with_path).with('list').and_return( + 'elastic : admin*,power_user' + ) + end + + it 'should return one resource' do + expect(described_class.instances[0].instance_variable_get( + '@property_hash' + )).to eq( + :ensure => :present, + :name => 'elastic', + :provider => :ruby + ) + end + end + + context 'with multiple users' do + before do + expect(described_class).to receive( + :command_with_path + ).with('list').and_return( + <<-EOL + elastic : admin* + logstash : user + kibana : kibana + EOL + ) + end + + it 'should return three resources' do + expect(described_class.instances.length).to eq(3) + end + end + end # of describe instances + + describe 'prefetch' do + it 'should have a prefetch method' do + expect(described_class).to respond_to :prefetch + end + end +end diff --git a/spec/unit/provider/elasticsearch_user_file/all_spec.rb b/spec/unit/provider/elasticsearch_user_file/all_spec.rb deleted file mode 100644 index 83bab2e..0000000 --- a/spec/unit/provider/elasticsearch_user_file/all_spec.rb +++ /dev/null @@ -1,46 +0,0 @@ -require 'spec_helper_rspec' - -[:oss_xpack, :xpack].each do |provider| - describe Puppet::Type.type(:elasticsearch_user_file).provider(provider) do - describe 'instances' do - it 'should have an instance method' do - expect(described_class).to respond_to :instances - end - - context 'without users' do - it 'should return no resources' do - expect(described_class.parse("\n")).to eq([]) - end - end - - context 'with one user' do - it 'should return one resource' do - expect(described_class.parse(%( - elastic:$2a$10$DddrTs0PS3qNknUTq0vpa.g.0JpU.jHDdlKp1xox1W5ZHX.w8Cc8C - ).gsub(/^\s+/, ''))[0]).to eq( - :name => 'elastic', - :hashed_password => '$2a$10$DddrTs0PS3qNknUTq0vpa.g.0JpU.jHDdlKp1xox1W5ZHX.w8Cc8C', - :record_type => provider - ) - end - end - - context 'with multiple users' do - it 'should return three resources' do - expect(described_class.parse(%( - - admin:$2a$10$DddrTs0PS3qNknUTq0vpa.g.0JpU.jHDdlKp1xox1W5ZHX.w8Cc8C - user:$2a$10$caYr8GhYeJ2Yo0yEhQhQvOjLSwt8Lm6MKQWx8WSnZ/L/IL5sGdQFu - kibana:$2a$10$daYr8GhYeJ2Yo0yEhQhQvOjLSwt8Lm6MKQWx8WSnZ/L/IL5sGdQFu - ).gsub(/^\s+/, '')).length).to eq(3) - end - end - end # of describe instances - - describe 'prefetch' do - it 'should have a prefetch method' do - expect(described_class).to respond_to :prefetch - end - end - end # of describe puppet type -end diff --git a/spec/unit/provider/elasticsearch_user_file/ruby_spec.rb b/spec/unit/provider/elasticsearch_user_file/ruby_spec.rb new file mode 100644 index 0000000..78dfc65 --- /dev/null +++ b/spec/unit/provider/elasticsearch_user_file/ruby_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper_rspec' + +describe Puppet::Type.type(:elasticsearch_user_file).provider(:ruby) do + describe 'instances' do + it 'should have an instance method' do + expect(described_class).to respond_to :instances + end + + context 'without users' do + it 'should return no resources' do + expect(described_class.parse("\n")).to eq([]) + end + end + + context 'with one user' do + it 'should return one resource' do + expect(described_class.parse(%( + elastic:$2a$10$DddrTs0PS3qNknUTq0vpa.g.0JpU.jHDdlKp1xox1W5ZHX.w8Cc8C + ).gsub(/^\s+/, ''))[0]).to eq( + :name => 'elastic', + :hashed_password => '$2a$10$DddrTs0PS3qNknUTq0vpa.g.0JpU.jHDdlKp1xox1W5ZHX.w8Cc8C', + :record_type => :ruby + ) + end + end + + context 'with multiple users' do + it 'should return three resources' do + expect(described_class.parse(%( + + admin:$2a$10$DddrTs0PS3qNknUTq0vpa.g.0JpU.jHDdlKp1xox1W5ZHX.w8Cc8C + user:$2a$10$caYr8GhYeJ2Yo0yEhQhQvOjLSwt8Lm6MKQWx8WSnZ/L/IL5sGdQFu + kibana:$2a$10$daYr8GhYeJ2Yo0yEhQhQvOjLSwt8Lm6MKQWx8WSnZ/L/IL5sGdQFu + ).gsub(/^\s+/, '')).length).to eq(3) + end + end + end # of describe instances + + describe 'prefetch' do + it 'should have a prefetch method' do + expect(described_class).to respond_to :prefetch + end + end +end diff --git a/spec/unit/provider/elasticsearch_user_roles/all_spec.rb b/spec/unit/provider/elasticsearch_user_roles/all_spec.rb deleted file mode 100644 index 7b74ace..0000000 --- a/spec/unit/provider/elasticsearch_user_roles/all_spec.rb +++ /dev/null @@ -1,46 +0,0 @@ -require 'spec_helper_rspec' - -[:oss_xpack, :xpack].each do |provider| - describe Puppet::Type.type(:elasticsearch_user_roles) - .provider(provider) do - describe 'instances' do - it 'should have an instance method' do - expect(described_class).to respond_to :instances - end - - context 'without roles' do - it 'should return no resources' do - expect(described_class.parse("\n")).to eq([]) - end - end - - context 'with one user' do - it 'should return one resource' do - expect(described_class.parse(%( - admin:elastic - power_user:elastic - ))[0]).to eq( - :name => 'elastic', - :roles => %w[admin power_user] - ) - end - end - - context 'with multiple users' do - it 'should return three resources' do - expect(described_class.parse(%( - admin:elastic - logstash:user - kibana:kibana - )).length).to eq(3) - end - end - end # of describe instances - - describe 'prefetch' do - it 'should have a prefetch method' do - expect(described_class).to respond_to :prefetch - end - end - end # of describe puppet type -end diff --git a/spec/unit/provider/elasticsearch_user_roles/ruby_spec.rb b/spec/unit/provider/elasticsearch_user_roles/ruby_spec.rb new file mode 100644 index 0000000..2effbd8 --- /dev/null +++ b/spec/unit/provider/elasticsearch_user_roles/ruby_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper_rspec' + +describe Puppet::Type.type(:elasticsearch_user_roles) + .provider(:ruby) do + describe 'instances' do + it 'should have an instance method' do + expect(described_class).to respond_to :instances + end + + context 'without roles' do + it 'should return no resources' do + expect(described_class.parse("\n")).to eq([]) + end + end + + context 'with one user' do + it 'should return one resource' do + expect(described_class.parse(%( + admin:elastic + power_user:elastic + ))[0]).to eq( + :name => 'elastic', + :roles => %w[admin power_user] + ) + end + end + + context 'with multiple users' do + it 'should return three resources' do + expect(described_class.parse(%( + admin:elastic + logstash:user + kibana:kibana + )).length).to eq(3) + end + end + end # of describe instances + + describe 'prefetch' do + it 'should have a prefetch method' do + expect(described_class).to respond_to :prefetch + end + end +end diff --git a/spec/unit/type/elasticsearch_license_spec.rb b/spec/unit/type/elasticsearch_license_spec.rb index 647cc77..2ddbdd1 100644 --- a/spec/unit/type/elasticsearch_license_spec.rb +++ b/spec/unit/type/elasticsearch_license_spec.rb @@ -1,77 +1,75 @@ require_relative '../../helpers/unit/type/elasticsearch_rest_shared_examples' describe Puppet::Type.type(:elasticsearch_license) do - %w[x-pack shield].each do |plugin| - let(:resource_name) { plugin } + let(:resource_name) { 'license' } - include_examples 'REST API types', 'license', :content + include_examples 'REST API types', 'license', :content - describe "license for #{plugin}" do - let(:resource) do - described_class.new( - :name => resource_name, - :ensure => 'present', - :content => { - 'license' => { - 'uid' => 'cbff45e7-c553-41f7-ae4f-9205eabd80xx', - 'type' => 'trial', - 'issue_date_in_millis' => '1519341125550', - 'expiry_date_in_millis' => '1521933125550', - 'max_nodes' => '1000', - 'issued_to' => 'test', - 'issuer' => 'elasticsearch', - 'signature' => 'secretvalue', - 'start_date_in_millis' => '1513814400000' - } + describe 'license' do + let(:resource) do + described_class.new( + :name => resource_name, + :ensure => 'present', + :content => { + 'license' => { + 'uid' => 'cbff45e7-c553-41f7-ae4f-9205eabd80xx', + 'type' => 'trial', + 'issue_date_in_millis' => '1519341125550', + 'expiry_date_in_millis' => '1521933125550', + 'max_nodes' => '1000', + 'issued_to' => 'test', + 'issuer' => 'elasticsearch', + 'signature' => 'secretvalue', + 'start_date_in_millis' => '1513814400000' } - ) - end + } + ) + end - let(:content) { resource.property(:content) } + let(:content) { resource.property(:content) } - describe 'insync?' do - let(:is_content) do - { - 'license' => { - 'status' => 'active', - 'uid' => 'cbff45e7-c553-41f7-ae4f-9205eabd80xx', - 'type' => 'trial', - 'issue_date' => '2018-02-22T23:12:05.550Z', - 'issue_date_in_millis' => 1_519_341_125_550, - 'expiry_date' => '2018-03-24T23:12:05.550Z', - 'expiry_date_in_millis' => 1_521_933_125_550, - 'max_nodes' => 1_000, - 'issued_to' => 'test', - 'issuer' => 'elasticsearch', - 'start_date_in_millis' => 1_513_814_400_000 - } + describe 'insync?' do + let(:is_content) do + { + 'license' => { + 'status' => 'active', + 'uid' => 'cbff45e7-c553-41f7-ae4f-9205eabd80xx', + 'type' => 'trial', + 'issue_date' => '2018-02-22T23:12:05.550Z', + 'issue_date_in_millis' => 1_519_341_125_550, + 'expiry_date' => '2018-03-24T23:12:05.550Z', + 'expiry_date_in_millis' => 1_521_933_125_550, + 'max_nodes' => 1_000, + 'issued_to' => 'test', + 'issuer' => 'elasticsearch', + 'start_date_in_millis' => 1_513_814_400_000 } - end + } + end - describe 'synced properties' do - it 'only enforces defined content' do - expect(content.insync?(is_content)).to be_truthy - end + describe 'synced properties' do + it 'only enforces defined content' do + expect(content.insync?(is_content)).to be_truthy end + end - describe 'out-of-sync property' do - { - 'uid' => 'cbff45e7-c553-41f7-ae4f-xxxxxxxxxxxx', - 'issue_date_in_millis' => '1513814400000', - 'expiry_date_in_millis' => '1533167999999', - 'start_date_in_millis' => '-1' - }.each_pair do |field, value| - let(:changed_content) do - is_content['license'][field] = value - is_content - end + describe 'out-of-sync property' do + { + 'uid' => 'cbff45e7-c553-41f7-ae4f-xxxxxxxxxxxx', + 'issue_date_in_millis' => '1513814400000', + 'expiry_date_in_millis' => '1533167999999', + 'start_date_in_millis' => '-1' + }.each_pair do |field, value| + let(:changed_content) do + is_content['license'][field] = value + is_content + end - it "detection for #{field}" do - expect(content.insync?(changed_content)).to be_falsy - end + it "detection for #{field}" do + expect(content.insync?(changed_content)).to be_falsy end end end end end end diff --git a/spec/unit/type/elasticsearch_plugin_spec.rb b/spec/unit/type/elasticsearch_plugin_spec.rb index 33c58db..4523db7 100644 --- a/spec/unit/type/elasticsearch_plugin_spec.rb +++ b/spec/unit/type/elasticsearch_plugin_spec.rb @@ -1,36 +1,19 @@ require 'spec_helper_rspec' describe Puppet::Type.type(:elasticsearch_plugin) do let(:resource_name) { 'lmenezes/elasticsearch-kopf' } describe 'input validation' do describe 'when validating attributes' do [:configdir, :java_opts, :java_home, :name, :source, :url, :proxy].each do |param| it "should have a #{param} parameter" do expect(described_class.attrtype(param)).to eq(:param) end end it 'should have an ensure property' do expect(described_class.attrtype(:ensure)).to eq(:property) end end end end - -describe Puppet::Type.type(:elasticsearch_plugin).provider(:plugin) do - it 'should install a plugin' do - resource = Puppet::Type.type(:elasticsearch_plugin).new( - :name => 'lmenezes/elasticsearch-kopf', - :ensure => :present - ) - allow(File).to receive(:open) - provider = described_class.new(resource) - allow(provider).to receive(:es_version).and_return '1.7.3' - expect(provider).to receive(:plugin).with([ - 'install', - 'lmenezes/elasticsearch-kopf' - ]) - provider.create - end -end