diff --git a/auditbeat/docker-compose.yml b/auditbeat/docker-compose.yml index 6a0e252106b8..adf338889883 100644 --- a/auditbeat/docker-compose.yml +++ b/auditbeat/docker-compose.yml @@ -8,7 +8,7 @@ services: environment: - ES_HOST=elasticsearch - ES_PORT=9200 - - ES_USER=beats + - ES_USER=auditbeat_user - ES_PASS=testing - KIBANA_HOST=kibana - KIBANA_PORT=5601 @@ -32,8 +32,15 @@ services: extends: file: ../testing/environments/${TESTING_ENVIRONMENT}.yml service: elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] + retries: 300 + interval: 1s kibana: extends: file: ../testing/environments/${TESTING_ENVIRONMENT}.yml service: kibana + healthcheck: + test: ["CMD-SHELL", "curl -u beats:testing -s http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] + retries: 600 diff --git a/auditbeat/tests/system/test_base.py b/auditbeat/tests/system/test_base.py index 2f7f645c750c..73a7d8ae9f07 100644 --- a/auditbeat/tests/system/test_base.py +++ b/auditbeat/tests/system/test_base.py @@ -41,7 +41,7 @@ def test_index_management(self): """ dirs = [self.temp_dir("auditbeat_test")] with PathCleanup(dirs): - es = Elasticsearch([self.get_elasticsearch_url()]) + es = self.get_elasticsearch_instance() self.render_config_template( modules=[{ @@ -50,7 +50,8 @@ def test_index_management(self): "paths": dirs, } }], - elasticsearch={"host": self.get_elasticsearch_url()}) + elasticsearch=self.get_elasticsearch_template_config() + ) self.run_beat(extra_args=["setup", "--index-management"], exit_code=0) assert self.log_contains('Loaded index template') @@ -67,7 +68,6 @@ def test_dashboards(self): kibana_dir = os.path.join(self.beat_path, "build", "kibana") shutil.copytree(kibana_dir, os.path.join(self.working_dir, "kibana")) - es = Elasticsearch([self.get_elasticsearch_url()]) self.render_config_template( modules=[{ "name": "file_integrity", @@ -75,8 +75,8 @@ def test_dashboards(self): "paths": dirs, } }], - elasticsearch={"host": self.get_elasticsearch_url()}, - kibana={"host": self.get_kibana_url()}, + elasticsearch=self.get_elasticsearch_template_config(), + kibana=self.get_kibana_template_config(), ) self.run_beat(extra_args=["setup", "--dashboards"], exit_code=0) diff --git a/dev-tools/cmd/dashboards/export_dashboards.go b/dev-tools/cmd/dashboards/export_dashboards.go index 364fae9e0f5e..d1ab9b084e42 100644 --- a/dev-tools/cmd/dashboards/export_dashboards.go +++ b/dev-tools/cmd/dashboards/export_dashboards.go @@ -66,7 +66,8 @@ func main() { user = u.User.Username() pass, _ = u.User.Password() } - + user = "beats" + pass = "testing" transport := httpcommon.DefaultHTTPTransportSettings() transport.Timeout = kibanaTimeout diff --git a/dev-tools/mage/integtest_docker.go b/dev-tools/mage/integtest_docker.go index 94d9288d1fa6..721736da2e67 100644 --- a/dev-tools/mage/integtest_docker.go +++ b/dev-tools/mage/integtest_docker.go @@ -112,6 +112,10 @@ func (d *DockerIntegrationTester) Test(dir string, mageTarget string, env map[st // Use the host machine's pkg cache to minimize external downloads. "-v", goPkgCache + ":" + dockerGoPkgCache + ":ro", "-e", "GOPROXY=file://" + dockerGoPkgCache + ",direct", + // Do not set ES_USER or ES_PATH in this file unless you intend to override + // values set in all individual docker-compose files + // "-e", "ES_USER=admin", + // "-e", "ES_PASS=testing", } args, err = addUidGidEnvArgs(args) if err != nil { diff --git a/dev-tools/mage/pytest.go b/dev-tools/mage/pytest.go index d4b8dd3fcee7..eb0d605c80cd 100644 --- a/dev-tools/mage/pytest.go +++ b/dev-tools/mage/pytest.go @@ -133,6 +133,14 @@ func PythonTest(params PythonTestArgs) error { pytestOptions := []string{ "--timeout=90", "--durations=20", + // Enable -x to stop at the first failing test + // "-x", + // Enable --tb=long to produce long tracebacks + //"--tb=long", + // Enable -v to produce verbose output + //"-v", + // Don't capture test output + //"-s", } if mg.Verbose() { pytestOptions = append(pytestOptions, "-v") diff --git a/filebeat/docker-compose.yml b/filebeat/docker-compose.yml index 19302ae1e6fa..a73f0bc39d6b 100644 --- a/filebeat/docker-compose.yml +++ b/filebeat/docker-compose.yml @@ -40,6 +40,10 @@ services: extends: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] + retries: 300 + interval: 1s kafka: build: ${ES_BEATS}/testing/environments/docker/kafka @@ -53,6 +57,9 @@ services: extends: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: kibana + healthcheck: + test: ["CMD-SHELL", "curl -u beats:testing -s http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] + retries: 600 mosquitto: build: ${ES_BEATS}/testing/environments/docker/mosquitto diff --git a/filebeat/fileset/modules_integration_test.go b/filebeat/fileset/modules_integration_test.go index f17be7c8d73f..be22b9c16803 100644 --- a/filebeat/fileset/modules_integration_test.go +++ b/filebeat/fileset/modules_integration_test.go @@ -258,7 +258,9 @@ func TestLoadMultiplePipelinesWithRollback(t *testing.T) { func getTestingElasticsearch(t eslegtest.TestLogger) *eslegclient.Connection { conn, err := eslegclient.NewConnection(eslegclient.ConnectionSettings{ - URL: eslegtest.GetURL(), + URL: eslegtest.GetURL(), + Username: eslegtest.GetUser(), + Password: eslegtest.GetPass(), }) if err != nil { t.Fatal(err) diff --git a/filebeat/tests/system/config/filebeat_modules.yml.j2 b/filebeat/tests/system/config/filebeat_modules.yml.j2 index 710a3609ea42..93ded5a13799 100644 --- a/filebeat/tests/system/config/filebeat_modules.yml.j2 +++ b/filebeat/tests/system/config/filebeat_modules.yml.j2 @@ -12,8 +12,10 @@ filebeat.overwrite_pipelines: true filebeat.config.modules: path: {{ beat.working_dir + '/modules.d/*.yml' }} -output.elasticsearch.hosts: ["{{ elasticsearch_url }}"] +output.elasticsearch.hosts: ["{{ elasticsearch.host }}"] output.elasticsearch.index: {{ index_name }} +output.elasticsearch.username: {{ elasticsearch.user }} +output.elasticsearch.password: {{ elasticsearch.pass }} setup.template.name: {{ index_name }} setup.template.pattern: {{ index_name }}* diff --git a/filebeat/tests/system/test_base.py b/filebeat/tests/system/test_base.py index 6082c07f609e..61a38c6c8951 100644 --- a/filebeat/tests/system/test_base.py +++ b/filebeat/tests/system/test_base.py @@ -1,13 +1,19 @@ import os import unittest from filebeat import BaseTest -from elasticsearch import Elasticsearch from beat.beat import INTEGRATION_TESTS from beat import common_tests class Test(BaseTest, common_tests.TestExportsMixin, common_tests.TestDashboardMixin): + def setUp(self): + super(Test, self).setUp() + self.render_config_template( + elasticsearch=self.get_elasticsearch_template_config(), + ) + self.es = self.get_elasticsearch_instance() + def test_base(self): """ Test if the basic fields exist. @@ -32,12 +38,11 @@ def test_index_management(self): """ Test that the template can be loaded with `setup --index-management` """ - es = Elasticsearch([self.get_elasticsearch_url()]) self.render_config_template( - elasticsearch={"host": self.get_elasticsearch_url()}, + elasticsearch=self.get_elasticsearch_template_config(), ) exit_code = self.run_beat(extra_args=["setup", "--index-management"]) assert exit_code == 0 assert self.log_contains('Loaded index template') - assert len(es.cat.templates(name='filebeat-*', h='name')) > 0 + assert len(self.es.cat.templates(name='filebeat-*', h='name')) > 0 diff --git a/filebeat/tests/system/test_crawler.py b/filebeat/tests/system/test_crawler.py index f3b5d0877a6a..51f7a979590d 100644 --- a/filebeat/tests/system/test_crawler.py +++ b/filebeat/tests/system/test_crawler.py @@ -19,7 +19,7 @@ def test_fetched_lines(self): """ self.render_config_template( - path=os.path.abspath(self.working_dir) + "/log/*" + path=os.path.abspath(self.working_dir) + "/log/*", ) os.mkdir(self.working_dir + "/log/") @@ -55,7 +55,7 @@ def test_unfinished_line_and_continue(self): """ self.render_config_template( - path=os.path.abspath(self.working_dir) + "/log/*" + path=os.path.abspath(self.working_dir) + "/log/*", ) os.mkdir(self.working_dir + "/log/") @@ -162,7 +162,7 @@ def test_file_renaming(self): """ self.render_config_template( - path=os.path.abspath(self.working_dir) + "/log/*" + path=os.path.abspath(self.working_dir) + "/log/*", ) os.mkdir(self.working_dir + "/log/") @@ -339,7 +339,7 @@ def test_new_line_on_existing_file(self): """ self.render_config_template( - path=os.path.abspath(self.working_dir) + "/log/*" + path=os.path.abspath(self.working_dir) + "/log/*", ) os.mkdir(self.working_dir + "/log/") @@ -373,7 +373,7 @@ def test_multiple_appends(self): """ self.render_config_template( - path=os.path.abspath(self.working_dir) + "/log/*" + path=os.path.abspath(self.working_dir) + "/log/*", ) os.mkdir(self.working_dir + "/log/") @@ -419,7 +419,7 @@ def test_new_line_on_open_file(self): """ self.render_config_template( - path=os.path.abspath(self.working_dir) + "/log/*" + path=os.path.abspath(self.working_dir) + "/log/*", ) os.mkdir(self.working_dir + "/log/") @@ -457,7 +457,7 @@ def test_tail_files(self): self.render_config_template( path=os.path.abspath(self.working_dir) + "/log/*", - tail_files="true" + tail_files="true", ) os.mkdir(self.working_dir + "/log/") @@ -501,7 +501,7 @@ def test_utf8(self): self.render_config_template( path=os.path.abspath(self.working_dir) + "/log/*", - encoding="utf-8" + encoding="utf-8", ) os.mkdir(self.working_dir + "/log/") @@ -613,7 +613,7 @@ def test_include_lines(self): self.render_config_template( path=os.path.abspath(self.working_dir) + "/log/*", - include_lines=["^ERR", "^WARN"] + include_lines=["^ERR", "^WARN"], ) os.mkdir(self.working_dir + "/log/") @@ -648,9 +648,8 @@ def test_default_include_exclude_lines(self): """ Checks if all the log lines are exported by default """ - self.render_config_template( - path=os.path.abspath(self.working_dir) + "/log/*" + path=os.path.abspath(self.working_dir) + "/log/*", ) os.mkdir(self.working_dir + "/log/") @@ -688,7 +687,7 @@ def test_exclude_lines(self): self.render_config_template( path=os.path.abspath(self.working_dir) + "/log/*", - exclude_lines=["^DBG"] + exclude_lines=["^DBG"], ) os.mkdir(self.working_dir + "/log/") @@ -727,7 +726,7 @@ def test_include_exclude_lines(self): self.render_config_template( path=os.path.abspath(self.working_dir) + "/log/*", exclude_lines=["^DBG"], - include_lines=["apache"] + include_lines=["apache"], ) os.mkdir(self.working_dir + "/log/") diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index 79f6c0ece389..5263cdbb61ce 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -5,7 +5,6 @@ import glob import subprocess -from elasticsearch import Elasticsearch import json import logging from parameterized import parameterized @@ -118,9 +117,7 @@ def load_fileset_test_cases(): class Test(BaseTest): def init(self): - self.elasticsearch_url = self.get_elasticsearch_url() - print("Using elasticsearch: {}".format(self.elasticsearch_url)) - self.es = Elasticsearch([self.elasticsearch_url]) + self.es = self.get_elasticsearch_instance(user='admin') logging.getLogger("urllib3").setLevel(logging.WARNING) logging.getLogger("elasticsearch").setLevel(logging.ERROR) @@ -146,7 +143,7 @@ def test_fileset_file(self, module, fileset, test_file): template_name="filebeat_modules", output=cfgfile, index_name=self.index_name, - elasticsearch_url=self.elasticsearch_url, + elasticsearch=self.get_elasticsearch_template_config(user='admin') ) self.run_on_file( diff --git a/filebeat/tests/system/test_pipeline.py b/filebeat/tests/system/test_pipeline.py index afb3219e62d1..83cc25ff7d4d 100644 --- a/filebeat/tests/system/test_pipeline.py +++ b/filebeat/tests/system/test_pipeline.py @@ -2,7 +2,6 @@ from beat.beat import INTEGRATION_TESTS import os import unittest -from elasticsearch import Elasticsearch import json import logging @@ -12,8 +11,7 @@ class Test(BaseTest): def init(self): self.elasticsearch_url = self.get_elasticsearch_url() self.kibana_url = self.get_kibana_url() - print("Using elasticsearch: {}".format(self.elasticsearch_url)) - self.es = Elasticsearch([self.elasticsearch_url]) + self.es = self.get_elasticsearch_instance() logging.getLogger("urllib3").setLevel(logging.WARNING) logging.getLogger("elasticsearch").setLevel(logging.ERROR) @@ -47,10 +45,13 @@ def test_input_pipeline_config(self): self.render_config_template( path=os.path.abspath(self.working_dir) + "/log/*", - elasticsearch=dict( - host=self.elasticsearch_url, - pipeline="estest", - index=index_name), + elasticsearch={ + 'host': self.elasticsearch_url, + 'pipeline': "estest", + 'index': index_name, + 'user': os.getenv("ES_USER"), + 'pass': os.getenv("ES_PASS") + }, pipeline="test", setup_template_name=index_name, setup_template_pattern=index_name + "*", diff --git a/filebeat/tests/system/test_reload_modules.py b/filebeat/tests/system/test_reload_modules.py index b22294e7d9aa..5b8e08f49f40 100644 --- a/filebeat/tests/system/test_reload_modules.py +++ b/filebeat/tests/system/test_reload_modules.py @@ -6,7 +6,6 @@ from filebeat import BaseTest from beat.beat import INTEGRATION_TESTS -from elasticsearch import Elasticsearch moduleConfigTemplate = """ @@ -27,7 +26,7 @@ class Test(BaseTest): def setUp(self): super(BaseTest, self).setUp() if INTEGRATION_TESTS: - self.es = Elasticsearch([self.get_elasticsearch_url()]) + self.es = self.get_elasticsearch_instance() # Copy system module shutil.copytree(os.path.join(self.beat_path, "tests", "system", "module", "test"), @@ -72,7 +71,7 @@ def test_reload_writes_pipeline(self): reload_path=self.working_dir + "/configs/*.yml", reload_type="modules", inputs=False, - elasticsearch={"host": self.get_elasticsearch_url()} + elasticsearch=self.get_elasticsearch_template_config(), ) proc = self.start_beat() diff --git a/filebeat/tests/system/test_setup.py b/filebeat/tests/system/test_setup.py index bd1a96a91943..7422c8d33291 100644 --- a/filebeat/tests/system/test_setup.py +++ b/filebeat/tests/system/test_setup.py @@ -3,8 +3,6 @@ import yaml from shutil import copytree, copyfile -from elasticsearch import Elasticsearch - from filebeat import BaseTest INTEGRATION_TESTS = os.environ.get('INTEGRATION_TESTS', False) @@ -15,7 +13,7 @@ class Test(BaseTest): def init(self): self.elasticsearch_url = self.get_elasticsearch_url() print("Using elasticsearch: {}".format(self.elasticsearch_url)) - self.es = Elasticsearch([self.elasticsearch_url]) + self.es = self.get_elasticsearch_instance() @unittest.skipIf(not INTEGRATION_TESTS, "integration tests are disabled, run with INTEGRATION_TESTS=1 to enable them.") @@ -28,9 +26,7 @@ def test_setup_modules_d_config(self): self.init() self.render_config_template( modules=True, - elasticsearch={ - "host": self.get_elasticsearch_url(), - }, + elasticsearch=self.get_elasticsearch_template_config(), ) self._setup_dummy_module() diff --git a/heartbeat/docker-compose.yml b/heartbeat/docker-compose.yml index c7da39a8798e..ace731f7bbbb 100644 --- a/heartbeat/docker-compose.yml +++ b/heartbeat/docker-compose.yml @@ -8,6 +8,8 @@ services: - REDIS_HOST=redis - REDIS_PORT=6379 - ES_HOST=elasticsearch + - ES_USER=heartbeat_user + - ES_PASS=testing - ES_PORT=9200 working_dir: /go/src/github.com/elastic/beats/heartbeat volumes: @@ -28,6 +30,10 @@ services: extends: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] + retries: 300 + interval: 1s redis: build: ${PWD}/tests/docker_support/redis diff --git a/heartbeat/tests/system/config/heartbeat.yml.j2 b/heartbeat/tests/system/config/heartbeat.yml.j2 index 44dfe3a836de..6736ab8452e9 100644 --- a/heartbeat/tests/system/config/heartbeat.yml.j2 +++ b/heartbeat/tests/system/config/heartbeat.yml.j2 @@ -105,6 +105,8 @@ queue.mem: {%- if elasticsearch %} output.elasticsearch: hosts: ["{{ elasticsearch.host }}"] + username: {{ elasticsearch.user }} + password: {{ elasticsearch.pass }} {%- else %} output.file: path: '{{ output_file_path|default(beat.working_dir + "/output") }}' diff --git a/heartbeat/tests/system/test_base.py b/heartbeat/tests/system/test_base.py index 172960209d39..7819ccb291e4 100644 --- a/heartbeat/tests/system/test_base.py +++ b/heartbeat/tests/system/test_base.py @@ -2,7 +2,6 @@ import unittest from heartbeat import BaseTest -from elasticsearch import Elasticsearch from beat.beat import INTEGRATION_TESTS from beat import common_tests from time import sleep @@ -198,13 +197,13 @@ def test_index_management(self): """ Test that the template can be loaded with `setup --index-management` """ - es = Elasticsearch([self.get_elasticsearch_url()]) + es = self.get_elasticsearch_instance() self.render_config_template( monitors=[{ "type": "http", "urls": ["http://localhost:9200"], }], - elasticsearch={"host": self.get_elasticsearch_url()}, + elasticsearch=self.get_elasticsearch_template_config() ) exit_code = self.run_beat(extra_args=["setup", "--index-management"]) diff --git a/libbeat/docker-compose.yml b/libbeat/docker-compose.yml index c96b40e3ea8e..73c8f1e2dfe4 100644 --- a/libbeat/docker-compose.yml +++ b/libbeat/docker-compose.yml @@ -21,7 +21,9 @@ services: - KIBANA_PASS=testing - ES_HOST=elasticsearch - ES_PORT=9200 - - ES_USER=beats + # ES_USER must be admin in order for the Go Integration tests to + # function because they require indices:data/read/search + - ES_USER=admin - ES_PASS=testing - ES_MONITORING_HOST=elasticsearch_monitoring - ES_MONITORING_PORT=9200 @@ -30,7 +32,7 @@ services: # - ES_KERBEROS_HOST=elasticsearch_kerberos.elastic - ES_PORT_SSL=9200 - ES_SUPERUSER_USER=admin - - ES_SUPERUSER_PASS=changeme + - ES_SUPERUSER_PASS=testing volumes: - ${PWD}/..:/go/src/github.com/elastic/beats/ # Used for docker integration tests: @@ -61,19 +63,24 @@ services: extends: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] + retries: 300 + interval: 1s elasticsearch_monitoring: extends: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: elasticsearch healthcheck: - test: ["CMD-SHELL", "curl -s http://localhost:9200/_cat/health?h=status | grep -q green"] + test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] + elasticsearchssl: extends: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: elasticsearch healthcheck: - test: ["CMD", "curl", "-u", "admin:changeme", "-f", "https://localhost:9200", "--insecure"] + test: ["CMD", "curl", "-u", "admin:testing", "-f", "https://localhost:9200", "--insecure"] retries: 1200 interval: 5s start_period: 60s @@ -94,9 +101,11 @@ services: - "xpack.security.authc.realms.file.file1.order=0" volumes: - ${ES_BEATS}/testing/environments/docker/elasticsearch/pki:/usr/share/elasticsearch/config/pki:ro + - ${ES_BEATS}/testing/environments/docker/elasticsearch/roles.yml:/usr/share/elasticsearch/config/roles.yml + - ${ES_BEATS}/testing/environments/docker/elasticsearch/users:/usr/share/elasticsearch/config/users + - ${ES_BEATS}/testing/environments/docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles expose: - 9200 - command: bash -c "bin/elasticsearch-users useradd admin -r superuser -p changeme | /usr/local/bin/docker-entrypoint.sh eswrapper" # This host name is static because of the certificate. logstash: @@ -163,3 +172,6 @@ services: extends: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: kibana + healthcheck: + test: ["CMD-SHELL", "curl -u beats:testing -s http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] + retries: 600 diff --git a/libbeat/kibana/client.go b/libbeat/kibana/client.go index 111db2e3816c..d7da444fa8bc 100644 --- a/libbeat/kibana/client.go +++ b/libbeat/kibana/client.go @@ -370,7 +370,6 @@ func (client *Client) ImportMultiPartFormFile(url string, params url.Values, fil headers := http.Header{} headers.Add("Content-Type", w.FormDataContentType()) - statusCode, response, err := client.Connection.Request("POST", url, params, headers, buf) if err != nil || statusCode >= 300 { return fmt.Errorf("returned %d to import file: %v. Response: %s", statusCode, err, response) diff --git a/libbeat/licenser/elastic_fetcher_integration_test.go b/libbeat/licenser/elastic_fetcher_integration_test.go index c12f6651bfe4..b1a21d937cd3 100644 --- a/libbeat/licenser/elastic_fetcher_integration_test.go +++ b/libbeat/licenser/elastic_fetcher_integration_test.go @@ -43,8 +43,8 @@ func getTestClient() *eslegclient.Connection { host := "http://" + cli.GetEnvOr("ES_HOST", elasticsearchHost) + ":" + cli.GetEnvOr("ES_POST", elasticsearchPort) client, err := eslegclient.NewConnection(eslegclient.ConnectionSettings{ URL: host, - Username: "myelastic", // NOTE: I will refactor this in a followup PR - Password: "changeme", + Username: "admin", + Password: "testing", CompressionLevel: 3, Transport: transport, }) diff --git a/libbeat/template/load_integration_test.go b/libbeat/template/load_integration_test.go index 07caf39c3e75..7f80f84d99da 100644 --- a/libbeat/template/load_integration_test.go +++ b/libbeat/template/load_integration_test.go @@ -401,6 +401,8 @@ func getTestingElasticsearch(t eslegtest.TestLogger) *eslegclient.Connection { conn, err := eslegclient.NewConnection(eslegclient.ConnectionSettings{ URL: eslegtest.GetURL(), Transport: httpcommon.DefaultHTTPTransportSettings(), + Username: eslegtest.GetUser(), + Password: eslegtest.GetPass(), }) if err != nil { t.Fatal(err) diff --git a/libbeat/tests/system/base.py b/libbeat/tests/system/base.py index a768d80e31ea..c5f72d020089 100644 --- a/libbeat/tests/system/base.py +++ b/libbeat/tests/system/base.py @@ -1,7 +1,6 @@ import os from datetime import datetime from beat.beat import TestCase -from elasticsearch import Elasticsearch, NotFoundError class BaseTest(TestCase): @@ -26,5 +25,5 @@ def es_client(self): if self._es: return self._es - self._es = Elasticsearch([self.get_elasticsearch_url()]) + self._es = self.get_elasticsearch_instance() return self._es diff --git a/libbeat/tests/system/beat/beat.py b/libbeat/tests/system/beat/beat.py index e7a2c60640aa..4f151bdd9366 100644 --- a/libbeat/tests/system/beat/beat.py +++ b/libbeat/tests/system/beat/beat.py @@ -16,6 +16,8 @@ from .compose import ComposeMixin +from elasticsearch import Elasticsearch + BEAT_REQUIRED_FIELDS = ["@timestamp", "agent.type", "agent.name", "agent.version"] @@ -669,8 +671,7 @@ def output_count(self, pred, output_file=None): def get_elasticsearch_url(self): """ - Returns an elasticsearch.Elasticsearch instance built from the - env variables like the integration tests. + Returns a string with the Elasticsearch URL """ return "http://{host}:{port}".format( host=os.getenv("ES_HOST", "localhost"), @@ -679,14 +680,46 @@ def get_elasticsearch_url(self): def get_elasticsearch_url_ssl(self): """ - Returns an elasticsearch.Elasticsearch instance built from the - env variables like the integration tests. + Returns a string with the Elasticsearch URL """ return "https://{host}:{port}".format( host=os.getenv("ES_HOST_SSL", "localhost"), port=os.getenv("ES_PORT_SSL", "9205"), ) + def get_elasticsearch_template_config(self, security=True, user=None): + """ + Returns a template suitable for a Beats config + """ + template = { + "host": self.get_elasticsearch_url(), + } + + if security: + template["user"] = user or os.getenv("ES_USER", "") + template["pass"] = os.getenv("ES_PASS", "") + + return template + + def get_elasticsearch_instance(self, security=True, ssl=False, url=None, user=None): + """ + Returns an elasticsearch.Elasticsearch instance built from the + env variables like the integration tests. + """ + if url is None: + if ssl: + url = self.get_elasticsearch_url_ssl() + else: + url = self.get_elasticsearch_url() + + if security: + username = user or os.getenv("ES_USER", "") + password = os.getenv("ES_PASS", "") + es_instance = Elasticsearch([url], http_auth=(username, password)) + else: + es_instance = Elasticsearch([url]) + return es_instance + def get_kibana_url(self): """ Returns kibana host URL @@ -696,6 +729,20 @@ def get_kibana_url(self): port=os.getenv("KIBANA_PORT", "5601"), ) + def get_kibana_template_config(self, security=True, user=None): + """ + Returns a Kibana template suitable for a Beat + """ + template = { + "host": self.get_kibana_url() + } + + if security: + template["user"] = user or os.getenv("ES_USER", "") + template["pass"] = os.getenv("ES_PASS", "") + + return template + def assert_fields_are_documented(self, evt): """ Assert that all keys present in evt are documented in fields.yml. diff --git a/libbeat/tests/system/beat/common_tests.py b/libbeat/tests/system/beat/common_tests.py index a5caff92c9a4..bdfa88f093b9 100644 --- a/libbeat/tests/system/beat/common_tests.py +++ b/libbeat/tests/system/beat/common_tests.py @@ -116,8 +116,8 @@ def test_dashboards(self): es = Elasticsearch([self.get_elasticsearch_url()]) self.render_config_template( - elasticsearch={"host": self.get_elasticsearch_url()}, - kibana={"host": self.get_kibana_url()}, + elasticsearch=self.get_elasticsearch_template_config(), + kibana=self.get_kibana_template_config(), ) exit_code = self.run_beat(extra_args=["setup", "--dashboards"]) @@ -131,7 +131,7 @@ def is_saved_object_api_available(self): def get_version(self): url = self.get_kibana_url() + "/api/status" - r = requests.get(url) + r = requests.get(url, auth=(os.getenv('ES_USER'), os.getenv('ES_PASS'))) body = r.json() version = body["version"]["number"] diff --git a/libbeat/tests/system/config/libbeat.yml.j2 b/libbeat/tests/system/config/libbeat.yml.j2 index e6d62a5eae6b..8fe9174b723d 100644 --- a/libbeat/tests/system/config/libbeat.yml.j2 +++ b/libbeat/tests/system/config/libbeat.yml.j2 @@ -60,6 +60,8 @@ queue.mem: {% if kibana -%} setup.kibana.host: "{{ kibana.host }}" +setup.kibana.username: "{{ kibana.user }}" +setup.kibana.password: "{{ kibana.pass }}" {%- endif %} #================================ Outputs ===================================== @@ -71,6 +73,8 @@ setup.kibana.host: "{{ kibana.host }}" output: elasticsearch: hosts: ["{{ elasticsearch.host }}"] + username: {{ elasticsearch.user }} + password: {{ elasticsearch.pass }} {% if elasticsearch.pipeline %} pipeline: {{elasticsearch.pipeline}} {% endif %} diff --git a/libbeat/tests/system/config/mockbeat.yml.j2 b/libbeat/tests/system/config/mockbeat.yml.j2 index 5657105832e9..9e1c21f488af 100644 --- a/libbeat/tests/system/config/mockbeat.yml.j2 +++ b/libbeat/tests/system/config/mockbeat.yml.j2 @@ -37,15 +37,36 @@ output: {% endfor -%} {%- endif %} - {% if elasticsearch -%} +{% if elasticsearch -%} +output: elasticsearch: - {% for k, v in elasticsearch.items() -%} - {{ k }}: {{ v }} - {% endfor -%} + hosts: ["{{ elasticsearch.host }}"] + username: {{ elasticsearch.user }} + password: {{ elasticsearch.pass }} + {% if elasticsearch.pipeline %} + pipeline: {{elasticsearch.pipeline}} + {% endif %} + {% if elasticsearch.index %} + index: {{elasticsearch.index}} + {% endif %} + {% if elasticsearch.ilm %} + ilm.enabled: {{elasticsearch.ilm}} + {% endif %} + {% if elasticsearch.timeout %} + timeout: {{elasticsearch.timeout}} + {% endif %} + {% if elasticsearch.ssl_certificate_authorities %} + ssl.certificate_authorities: {{elasticsearch.ssl_certificate_authorities}} + {% endif %} + {% if elasticsearch.ssl_ca_sha256 %} + ssl.ca_sha256: {{ elasticsearch.ssl_ca_sha256 }} + {% endif %} + # older versions have to be allowed because mockbeat is on v9.9.9 allow_older_versions: true {%- endif %} + # Redis as output # Options: # host, port: where Redis is listening on diff --git a/libbeat/tests/system/test_ca_pinning.py b/libbeat/tests/system/test_ca_pinning.py index 4c1480b82a05..484e90b03378 100644 --- a/libbeat/tests/system/test_ca_pinning.py +++ b/libbeat/tests/system/test_ca_pinning.py @@ -33,11 +33,11 @@ def test_sending_events_with_a_good_sha256(self): self.render_config_template( elasticsearch={ - "hosts": self.get_elasticsearch_url_ssl(), - "username": "admin", - "password": "changeme", - "ssl.certificate_authorities": [ca], - "ssl.ca_sha256": "8hZS8gpciuzlu+7Xi0sdv8T7RKRRxG1TWKumUQsDam0=", + "host": self.get_elasticsearch_url_ssl(), + "user": "admin", + "pass": "testing", + "ssl_certificate_authorities": [ca], + "ssl_ca_sha256": "8hZS8gpciuzlu+7Xi0sdv8T7RKRRxG1TWKumUQsDam0=", }, ) @@ -65,11 +65,11 @@ def test_sending_events_with_a_bad_sha256(self): self.render_config_template( elasticsearch={ - "hosts": self.get_elasticsearch_url_ssl(), - "username": "admin", - "password": "changeme", - "ssl.certificate_authorities": [ca], - "ssl.ca_sha256": "not-good-sha", + "host": self.get_elasticsearch_url_ssl(), + "user": "beats", + "pass": "testing", + "ssl_certificate_authorities": [ca], + "ssl_ca_sha256": "not-good-sha", }, ) diff --git a/libbeat/tests/system/test_cmd_setup_index_management.py b/libbeat/tests/system/test_cmd_setup_index_management.py index 2abe88281758..6c2512b2d74f 100644 --- a/libbeat/tests/system/test_cmd_setup_index_management.py +++ b/libbeat/tests/system/test_cmd_setup_index_management.py @@ -27,6 +27,7 @@ def setUp(self): self.custom_template = self.beat_name + "_foobar" self.es = self.es_client() + self.es = self.get_elasticsearch_instance() self.idxmgmt = IdxMgmt(self.es, self.data_stream) self.idxmgmt.delete(indices=[], policies=[self.policy_name, self.custom_policy], @@ -42,8 +43,11 @@ def tearDown(self): def render_config(self, **kwargs): self.render_config_template( - elasticsearch={"hosts": self.get_elasticsearch_url()}, + # Note that the template is such that we need to pass in 'username' as opposed to 'user' and + # 'password' instead of 'pass'. + elasticsearch=self.get_elasticsearch_template_config(), es_template_name=self.data_stream, + **kwargs ) diff --git a/libbeat/tests/system/test_cmd_test.py b/libbeat/tests/system/test_cmd_test.py index 38f15ef095ff..944d7791fb62 100644 --- a/libbeat/tests/system/test_cmd_test.py +++ b/libbeat/tests/system/test_cmd_test.py @@ -52,7 +52,7 @@ def test_output(self): self.render_config_template("mockbeat", os.path.join(self.working_dir, "mockbeat.yml"), - elasticsearch={"hosts": self.get_elasticsearch_url()}) + elasticsearch=self.get_elasticsearch_template_config()) exit_code = self.run_beat( extra_args=["test", "output"], config="mockbeat.yml") @@ -62,6 +62,7 @@ def test_output(self): assert self.log_contains('TLS... WARN secure connection disabled') assert self.log_contains('talk to server... OK') + @unittest.skipIf(not INTEGRATION_TESTS, "integration test") def test_wrong_output(self): """ Test test wrong output works @@ -69,7 +70,11 @@ def test_wrong_output(self): self.render_config_template("mockbeat", os.path.join(self.working_dir, "mockbeat.yml"), - elasticsearch={"hosts": '["badhost:9200"]'}) + elasticsearch={ + "host": 'badhost:9200', + "user": 'admin', + "pass": 'testing' + }) exit_code = self.run_beat( extra_args=["test", "output"], config="mockbeat.yml") diff --git a/libbeat/tests/system/test_cmd_version.py b/libbeat/tests/system/test_cmd_version.py index 240b8759668e..ace84b99062d 100644 --- a/libbeat/tests/system/test_cmd_version.py +++ b/libbeat/tests/system/test_cmd_version.py @@ -1,5 +1,4 @@ from base import BaseTest -from elasticsearch import Elasticsearch, TransportError import logging import os @@ -18,7 +17,7 @@ def setUp(self): self.elasticsearch_url = self.get_elasticsearch_url() print("Using elasticsearch: {}".format(self.elasticsearch_url)) - self.es = Elasticsearch([self.elasticsearch_url]) + self.es = self.get_elasticsearch_instance(url=self.elasticsearch_url, user='beats') logging.getLogger("urllib3").setLevel(logging.WARNING) logging.getLogger("elasticsearch").setLevel(logging.ERROR) diff --git a/libbeat/tests/system/test_dashboard.py b/libbeat/tests/system/test_dashboard.py index e02a644213e8..60fa57265188 100644 --- a/libbeat/tests/system/test_dashboard.py +++ b/libbeat/tests/system/test_dashboard.py @@ -33,7 +33,11 @@ def test_load_without_dashboard(self): "-E", "setup.kibana.protocol=http", "-E", "setup.kibana.host=" + self.get_kibana_host(), "-E", "setup.kibana.port=" + self.get_kibana_port(), + "-E", "setup.kibana.username=beats", + "-E", "setup.kibana.password=testing", "-E", "output.elasticsearch.hosts=['" + self.get_host() + "']", + "-E", "output.elasticsearch.username=admin", + "-E", "output.elasticsearch.password=testing", "-E", "output.file.enabled=false"] ) @@ -58,10 +62,13 @@ def test_load_dashboard(self): "-E", "setup.kibana.protocol=http", "-E", "setup.kibana.host=" + self.get_kibana_host(), "-E", "setup.kibana.port=" + self.get_kibana_port(), + "-E", "setup.kibana.username=beats", + "-E", "setup.kibana.password=testing", "-E", "output.elasticsearch.hosts=['" + self.get_host() + "']", + "-E", "output.elasticsearch.username=admin", + "-E", "output.elasticsearch.password=testing", "-E", "output.file.enabled=false"] ) - beat.check_wait(exit_code=0) assert self.log_contains("Kibana dashboards successfully loaded") is True @@ -91,8 +98,12 @@ def test_load_dashboard_into_space(self, create_space=True): "-E", "setup.kibana.protocol=http", "-E", "setup.kibana.host=" + self.get_kibana_host(), "-E", "setup.kibana.port=" + self.get_kibana_port(), + "-E", "setup.kibana.username=beats", + "-E", "setup.kibana.password=testing", "-E", "setup.kibana.space.id=foo-bar", "-E", "output.elasticsearch.hosts=['" + self.get_host() + "']", + "-E", "output.elasticsearch.username=admin", + "-E", "output.elasticsearch.password=testing", "-E", "output.file.enabled=false"] ) @@ -118,7 +129,11 @@ def test_load_only_index_patterns(self): "-E", "setup.kibana.protocol=http", "-E", "setup.kibana.host=" + self.get_kibana_host(), "-E", "setup.kibana.port=" + self.get_kibana_port(), + "-E", "setup.kibana.username=beats", + "-E", "setup.kibana.password=testing", "-E", "output.elasticsearch.hosts=['" + self.get_host() + "']", + "-E", "output.elasticsearch.username=admin", + "-E", "output.elasticsearch.password=testing", "-E", "output.file.enabled=false"] ) @@ -141,6 +156,8 @@ def test_export_dashboard_cmd_export_dashboard_by_id(self): "-E", "setup.kibana.protocol=http", "-E", "setup.kibana.host=" + self.get_kibana_host(), "-E", "setup.kibana.port=" + self.get_kibana_port(), + "-E", "setup.kibana.username=beats", + "-E", "setup.kibana.password=testing", "-id", "Metricbeat-system-overview", "-folder", "system-overview"] ) @@ -162,6 +179,8 @@ def test_export_dashboard_cmd_export_dashboard_by_id_unknown_id(self): "-E", "setup.kibana.protocol=http", "-E", "setup.kibana.host=" + self.get_kibana_host(), "-E", "setup.kibana.port=" + self.get_kibana_port(), + "-E", "setup.kibana.username=beats", + "-E", "setup.kibana.password=testing", "-id", "No-such-dashboard", "-folder", "system-overview"] ) @@ -187,7 +206,6 @@ def test_dev_tool_export_dashboard_by_id(self): p = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) content, err = p.communicate() - assert p.returncode == 0 self._check_if_dashboard_exported(folder_name) @@ -267,7 +285,7 @@ def create_kibana_space(self): "kbn-xsrf": "1" } - r = requests.post(url, json=data, headers=headers) + r = requests.post(url, json=data, headers=headers, auth=("beats", "testing")) if r.status_code != 200 and r.status_code != 409: self.fail('Bad Kibana status code when creating space: {}'.format(r.status_code)) @@ -275,7 +293,7 @@ def get_version(self): url = "http://" + self.get_kibana_host() + ":" + self.get_kibana_port() + \ "/api/status" - r = requests.get(url) + r = requests.get(url, auth=("beats", "testing")) body = r.json() version = body["version"]["number"] diff --git a/libbeat/tests/system/test_ilm.py b/libbeat/tests/system/test_ilm.py index 461fc0212f0d..4b19f1700305 100644 --- a/libbeat/tests/system/test_ilm.py +++ b/libbeat/tests/system/test_ilm.py @@ -37,7 +37,7 @@ def tearDown(self): def render_config(self, **kwargs): self.render_config_template( - elasticsearch={"hosts": self.get_elasticsearch_url()}, + elasticsearch=self.get_elasticsearch_template_config(), es_template_name=self.data_stream, **kwargs ) @@ -126,7 +126,7 @@ def tearDown(self): def render_config(self, **kwargs): self.render_config_template( - elasticsearch={"hosts": self.get_elasticsearch_url()}, + elasticsearch=self.get_elasticsearch_template_config(), es_template_name=self.data_stream, **kwargs ) diff --git a/libbeat/tests/system/test_keystore.py b/libbeat/tests/system/test_keystore.py index b0589123c832..66295b5d34ec 100644 --- a/libbeat/tests/system/test_keystore.py +++ b/libbeat/tests/system/test_keystore.py @@ -43,12 +43,12 @@ def test_keystore_with_key_not_present(self): key = "elasticsearch_host" self.render_config_template(keystore_path=self.keystore_path, elasticsearch={ - 'hosts': "${%s}:9200" % key + 'host': "${%s}:9200" % key }) exit_code = self.run_beat() assert self.log_contains( - "missing field accessing 'output.elasticsearch.hosts'") + "missing field accessing 'output.elasticsearch.hosts.0'") assert exit_code == 1 def test_keystore_with_nested_key(self): @@ -80,9 +80,10 @@ def test_export_config_with_keystore(self): key = "asecret" secret = "asecretvalue" - self.render_config_template(keystore_path=self.keystore_path, elasticsearch={ - 'hosts': "${%s}" % key - }) + self.render_config_template( + keystore_path=self.keystore_path, + elasticsearch=self.get_elasticsearch_template_config() + ) exit_code = self.run_beat(extra_args=["keystore", "create"]) assert exit_code == 0 @@ -92,4 +93,3 @@ def test_export_config_with_keystore(self): assert exit_code == 0 assert self.log_contains(secret) == False - assert self.log_contains("${%s}" % key) diff --git a/libbeat/tests/system/test_monitoring.py b/libbeat/tests/system/test_monitoring.py index 2232b19712f7..1fd2bc415d19 100644 --- a/libbeat/tests/system/test_monitoring.py +++ b/libbeat/tests/system/test_monitoring.py @@ -7,7 +7,6 @@ import unittest from base import BaseTest -from elasticsearch import Elasticsearch INTEGRATION_TESTS = os.environ.get('INTEGRATION_TESTS', False) @@ -18,8 +17,8 @@ class Test(BaseTest): def setUp(self): super(BaseTest, self).setUp() - self.es = Elasticsearch([self.get_elasticsearch_url()]) - self.es_monitoring = Elasticsearch([self.get_elasticsearch_monitoring_url()]) + self.es = self.get_elasticsearch_instance() + self.es_monitoring = self.get_elasticsearch_instance(url=self.get_elasticsearch_monitoring_url()) @unittest.skipUnless(INTEGRATION_TESTS, "integration test") @pytest.mark.tag('integration') diff --git a/libbeat/tests/system/test_template.py b/libbeat/tests/system/test_template.py index abed68332a89..5e1ab7ca909c 100644 --- a/libbeat/tests/system/test_template.py +++ b/libbeat/tests/system/test_template.py @@ -32,7 +32,7 @@ def test_index_not_modified(self): Test that beat starts running if elasticsearch output is set """ self.render_config_template( - elasticsearch={"hosts": "localhost:9200"}, + elasticsearch=self.get_elasticsearch_template_config(), ) proc = self.start_beat() @@ -74,7 +74,7 @@ def test_index_with_pattern_name(self): Test that beat starts running if elasticsearch output with modified index and pattern and name are set """ self.render_config_template( - elasticsearch={"hosts": "localhost:9200"}, + elasticsearch=self.get_elasticsearch_template_config(), es_template_name="test", es_template_pattern="test-*", ) @@ -97,7 +97,7 @@ def test_json_template(self): print(path) self.render_config_template( - elasticsearch={"hosts": self.get_host()}, + elasticsearch=self.get_elasticsearch_template_config(), template_overwrite="true", template_json_enabled="true", template_json_path=path, @@ -136,7 +136,7 @@ def tearDown(self): def render_config(self, **kwargs): self.render_config_template( - elasticsearch={"hosts": self.get_elasticsearch_url()}, + elasticsearch=self.get_elasticsearch_template_config(), **kwargs ) @@ -195,7 +195,7 @@ def tearDown(self): def render_config(self, **kwargs): self.render_config_template( - elasticsearch={"hosts": self.get_elasticsearch_url()}, + elasticsearch=self.get_elasticsearch_template_config(), **kwargs ) diff --git a/metricbeat/docker-compose.yml b/metricbeat/docker-compose.yml index 299bbb4f4b19..96fbc149cfa3 100644 --- a/metricbeat/docker-compose.yml +++ b/metricbeat/docker-compose.yml @@ -4,6 +4,8 @@ services: beat: build: ${PWD}/. environment: + - ES_USER=metricbeat_user + - ES_PASS=testing - BEAT_STRICT_PERMS=false - TEST_ENVIRONMENT=false working_dir: /go/src/github.com/elastic/beats/metricbeat diff --git a/packetbeat/docker-compose.yml b/packetbeat/docker-compose.yml index 8abfad194102..038d3e37450f 100644 --- a/packetbeat/docker-compose.yml +++ b/packetbeat/docker-compose.yml @@ -30,8 +30,15 @@ services: extends: file: ../testing/environments/${TESTING_ENVIRONMENT}.yml service: elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] + retries: 300 + interval: 1s kibana: extends: file: ../testing/environments/${TESTING_ENVIRONMENT}.yml service: kibana + healthcheck: + test: ["CMD-SHELL", "curl -u beats:testing -s http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] + retries: 600 diff --git a/testing/environments/Makefile b/testing/environments/Makefile index bef47686095f..6387289ac01e 100644 --- a/testing/environments/Makefile +++ b/testing/environments/Makefile @@ -9,6 +9,8 @@ start: stop: ${BASE_COMMAND} down -v +status: + ${BASE_COMMAND} ps up: ${BASE_COMMAND} build diff --git a/testing/environments/docker/README.md b/testing/environments/docker/README.md new file mode 100644 index 000000000000..8ecb7bb52410 --- /dev/null +++ b/testing/environments/docker/README.md @@ -0,0 +1,6 @@ +# XPack security + +This directory contains default usernames and passwords with roles configured +according to the Beats documentation. + +The default password for all accounts is `testing`. \ No newline at end of file diff --git a/testing/environments/docker/elasticsearch/roles.yml b/testing/environments/docker/elasticsearch/roles.yml new file mode 100644 index 000000000000..2f324761053b --- /dev/null +++ b/testing/environments/docker/elasticsearch/roles.yml @@ -0,0 +1,31 @@ +--- +beats: + cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm', 'manage_security', 'manage_api_key'] + indices: + - names: ['filebeat-*', 'shrink-filebeat-*'] + privileges: ['all'] +filebeat: + cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] + indices: + - names: ['filebeat-*', 'shrink-filebeat-*'] + privileges: ['all'] +heartbeat: + cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] + indices: + - names: ['heartbeat-*', 'shrink-heartbeat-*'] + privileges: ['all'] +auditbeat: + cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] + indices: + - names: ['auditbeat-*', 'shrink-auditbeat-*'] + privileges: ['all'] +journalbeat: + cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] + indices: + - names: ['journalbeat-*', 'shrink-journalbeat-*'] + privileges: ['all'] +metricbeat: + cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] + indices: + - names: ['metricbeat-*', 'shrink-metricbeat-*'] + privileges: ['all'] diff --git a/testing/environments/docker/elasticsearch/users b/testing/environments/docker/elasticsearch/users new file mode 100644 index 000000000000..b912ebffd778 --- /dev/null +++ b/testing/environments/docker/elasticsearch/users @@ -0,0 +1,8 @@ +admin:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 +beats:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 +filebeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 +heartbeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 +kibana_system_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 +metricbeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 +auditbeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 +journalbeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 diff --git a/testing/environments/docker/elasticsearch/users_roles b/testing/environments/docker/elasticsearch/users_roles new file mode 100644 index 000000000000..36dd721ecb5e --- /dev/null +++ b/testing/environments/docker/elasticsearch/users_roles @@ -0,0 +1,11 @@ +beats:beats +beats_system:beats,filebeat_user,heartbeat_user,metricbeat_user,auditbeat_user,journalbeat_user +filebeat:filebeat_user +heartbeat:heartbeat_user +ingest_admin:apm_server_user +kibana_system:kibana_system_user +kibana_admin:apm_server_user,apm_user_ro,beats,filebeat_user,heartbeat_user,metricbeat_user,auditbeat_user,journalbeat_user +metricbeat:metricbeat_user +auditbeat:auditbeat_user +journalbeat:journalbeat_user +superuser:admin diff --git a/testing/environments/docker/logstash/pipeline-xpack/default.conf b/testing/environments/docker/logstash/pipeline-xpack/default.conf new file mode 100644 index 000000000000..01d46fc4c4ba --- /dev/null +++ b/testing/environments/docker/logstash/pipeline-xpack/default.conf @@ -0,0 +1,26 @@ +input { + beats { + port => 5044 + ssl => false + } + + beats { + port => 5055 + ssl => true + ssl_certificate => "/etc/pki/tls/certs/logstash.crt" + ssl_key => "/etc/pki/tls/private/logstash.key" + } +} + + +output { + elasticsearch { + hosts => ["${ES_HOST:elasticsearch}:${ES_PORT:9200}"] + index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" + user => admin + password => testing + } + + # Used for easier debugging + #stdout { codec => rubydebug { metadata => true } } +} diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index b55137d4a919..d335efc04fad 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -4,17 +4,19 @@ version: '2.3' services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.1.0-f5a18001-SNAPSHOT - healthcheck: - test: ["CMD-SHELL", "curl -s http://localhost:9200/_cat/health?h=status | grep -q green"] - retries: 300 - interval: 1s + # When extend is used it merges healthcheck.tests, see: + # https://github.com/docker/compose/issues/8962 + # healthcheck: + # test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] + # retries: 300 + # interval: 1s environment: - "ES_JAVA_OPTS=-Xms1g -Xmx1g" - "network.host=" - "transport.host=127.0.0.1" - "http.host=0.0.0.0" - - "xpack.security.enabled=false" - # We want something as unlimited compilation rate, but 'unlimited' is not valid. + - "xpack.security.enabled=true" + # We want something as unlimited compilation rate, but 'unlimited' is not valid. - "script.max_compilations_rate=100000/1m" - "action.destructive_requires_name=false" # Disable geoip updates to prevent golden file test failures when the database @@ -25,6 +27,9 @@ services: - "./GeoLite2-ASN.mmdb:/usr/share/elasticsearch/config/ingest-geoip/GeoLite2-ASN.mmdb:ro" - "./GeoLite2-City.mmdb:/usr/share/elasticsearch/config/ingest-geoip/GeoLite2-City.mmdb:ro" - "./GeoLite2-Country.mmdb:/usr/share/elasticsearch/config/ingest-geoip/GeoLite2-Country.mmdb:ro" + - "./docker/elasticsearch/roles.yml:/usr/share/elasticsearch/config/roles.yml" + - "./docker/elasticsearch/users:/usr/share/elasticsearch/config/users" + - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles" logstash: image: docker.elastic.co/logstash/logstash@sha256:e01cf165142edf8d67485115b938c94deeda66153e9516aa2ce69ee417c5fc33 @@ -33,12 +38,22 @@ services: retries: 600 interval: 1s volumes: - - ./docker/logstash/pipeline:/usr/share/logstash/pipeline:ro + - ./docker/logstash/pipeline-xpack:/usr/share/logstash/pipeline:ro - ./docker/logstash/pki:/etc/pki:ro kibana: image: docker.elastic.co/kibana/kibana:8.1.0-f5a18001-SNAPSHOT - healthcheck: - test: ["CMD-SHELL", "curl -s http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] - retries: 600 - interval: 1s + environment: + - "ELASTICSEARCH_USERNAME=kibana_system_user" + - "ELASTICSEARCH_PASSWORD=testing" + - "XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=gwaXhuYzE6l3r1wh5ZdSkJvtK6uSw11d" + - "XPACK_SECURITY_ENCRYPTIONKEY=wZSVeczkXAmebqNgfcKEzNMmQCBZKkSH" +# - "XPACK_XPACK_MAIN_TELEMETRY_ENABLED=false" + - "XPACK_REPORTING_ENCRYPTIONKEY=xCyqJUFqrUJJKxjZVGfnhrRkyqqaKeAG" + - "LOGGING_ROOT_LEVEL=all" + # When extend is used it merges healthcheck.tests, see: + # https://github.com/docker/compose/issues/8962 + # healthcheck: + # test: ["CMD-SHELL", "curl -u beats:testing -s http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] + # retries: 600 + diff --git a/x-pack/filebeat/docker-compose.yml b/x-pack/filebeat/docker-compose.yml index 0c0b477a6114..c53bb1ca983c 100644 --- a/x-pack/filebeat/docker-compose.yml +++ b/x-pack/filebeat/docker-compose.yml @@ -9,6 +9,8 @@ services: - BEAT_STRICT_PERMS=false - ES_HOST=elasticsearch - ES_PORT=9200 + - ES_USER=beats + - ES_PASS=testing working_dir: /go/src/github.com/elastic/beats/x-pack/filebeat volumes: - ${PWD}/../..:/go/src/github.com/elastic/beats/ @@ -26,4 +28,8 @@ services: extends: file: ${ES_BEATS}/testing/environments/${STACK_ENVIRONMENT}.yml service: elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] + retries: 300 + interval: 1s diff --git a/x-pack/filebeat/tests/system/config/filebeat_modules.yml.j2 b/x-pack/filebeat/tests/system/config/filebeat_modules.yml.j2 index 6df0f3ba0d9d..800dbb0d46d1 100644 --- a/x-pack/filebeat/tests/system/config/filebeat_modules.yml.j2 +++ b/x-pack/filebeat/tests/system/config/filebeat_modules.yml.j2 @@ -12,8 +12,10 @@ filebeat.registry: {% endif %} {%endif%} -output.elasticsearch.hosts: ["{{ elasticsearch_url }}"] +output.elasticsearch.hosts: ["{{ elasticsearch.host }}"] output.elasticsearch.index: {{ index_name }} +output.elasticsearch.username: {{ elasticsearch.user }} +output.elasticsearch.password: {{ elasticsearch.pass }} setup.template.name: {{ index_name }} setup.template.pattern: {{ index_name }}* diff --git a/x-pack/functionbeat/docker-compose.yml b/x-pack/functionbeat/docker-compose.yml index e49a7cdac295..aa6cc364a7e7 100644 --- a/x-pack/functionbeat/docker-compose.yml +++ b/x-pack/functionbeat/docker-compose.yml @@ -22,3 +22,7 @@ services: extends: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] + retries: 300 + interval: 1s diff --git a/x-pack/libbeat/docker-compose.yml b/x-pack/libbeat/docker-compose.yml index d89e6a30746e..b7c84484d58d 100644 --- a/x-pack/libbeat/docker-compose.yml +++ b/x-pack/libbeat/docker-compose.yml @@ -29,7 +29,7 @@ services: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: elasticsearch healthcheck: - test: ["CMD-SHELL", "curl -u myelastic:changeme -f http://localhost:9200/_cat/health?h=status | grep -q green"] + test: ["CMD-SHELL", "curl -u kibana_system_user:testing -f http://localhost:9200/_cat/health?h=status | grep -q green"] retries: 1200 interval: 5s start_period: 60s @@ -50,8 +50,8 @@ services: file: ${ES_BEATS}/testing/environments/${TESTING_ENVIRONMENT}.yml service: kibana healthcheck: - test: ["CMD-SHELL", "curl -s -u myelastic:changeme -f http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] + test: ["CMD-SHELL", "curl -s -u kibana_system_user:testing -f http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] retries: 1200 interval: 5s start_period: 60s - command: /usr/local/bin/kibana-docker --xpack.security.enabled=true --elasticsearch.username=myelastic --elasticsearch.password=changeme + command: /usr/local/bin/kibana-docker