Merged in DCD-1157-allow-bitbucket-elasticsearch-basic-auth (pull request #133)

Fix incorrect condition for using IAM authentication for bitbucket elasticsearch

Approved-by: Adam Brokes

bitbucket-pipelines.yml

@@ -18,7 +18,7 @@ pipelines:
     - step:
         name: Pre Parallelization stage
         script:
-          - echo "Running tests in 38 batches"
+          - echo "Running tests in 39 batches"
 
     - step:
         name: Check if the template is up-to-date
@@ -33,6 +33,14 @@ pipelines:
               fi
 
     - parallel:
+       - step:
+           name: bitbucket_config/iam_elasticsearch
+           services:
+             - docker
+           script:
+             - ./bin/install-ansible --dev
+             - cd roles/bitbucket_config
+             - pipenv run molecule test -s iam_elasticsearch
        - step:
            name: bitbucket_config/default
            services:

roles/bitbucket_config/defaults/main.yaml

@@ -6,4 +6,4 @@ atl_bitbucket_properties: "{{ atl_bitbucket_properties_raw.split(' ') | reject('
 
 atl_elasticsearch_username: "{{ lookup('env', 'ATL_ELASTICSEARCH_USERNAME') }}"
 atl_elasticsearch_password: "{{ lookup('env', 'ATL_ELASTICSEARCH_PASSWORD') }}"
-elasticsearch_should_auth_with_iam: "{{ atl_elasticsearch_username is not defined and atl_aws_region is defined }}"
+elasticsearch_should_auth_with_iam: "{{ (atl_elasticsearch_username == '' or atl_elasticsearch_password == '') and atl_aws_region is defined }}"

roles/bitbucket_config/molecule/default/converge.yml

@@ -12,6 +12,9 @@
     atl_jdbc_user: 'bb_db_user'
     atl_jdbc_password: 'molecule_password'
 
+    atl_elasticsearch_username: bitbucket
+    atl_elasticsearch_password: password
+
     atl_bitbucket_properties_raw: "key1=val1 key2=val2    key3=val3"
 
   roles:

roles/bitbucket_config/molecule/default/tests/test_default.py

@@ -15,6 +15,10 @@ def test_config_file(host):
     assert f.contains("jdbc.user=bb_db_user")
     assert f.contains("jdbc.password=molecule_password")
 
+    assert f.contains("plugin.search.elasticsearch.username=bitbucket")
+    assert f.contains("plugin.search.elasticsearch.password=password")
+    assert not f.contains("plugin.search.elasticsearch.aws.region")
+
     assert f.contains("^key1=val1$")
     assert f.contains("^key2=val2$")
     assert f.contains("^key3=val3$")

roles/bitbucket_config/molecule/iam_elasticsearch/Dockerfile.j2

@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi

roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml

@@ -0,0 +1,21 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    atl_product_family: "stash"
+    atl_product_edition: "bitbucket"
+    atl_product_user: "bitbucket"
+    atl_product_version: "6.3.1"
+
+    atl_product_home: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}"
+
+    atl_jdbc_user: 'bb_db_user'
+    atl_jdbc_password: 'molecule_password'
+
+    atl_aws_region: us-east-2
+
+  roles:
+    - role: linux_common
+    - role: product_common
+    - role: product_install
+    - role: bitbucket_config

roles/bitbucket_config/molecule/iam_elasticsearch/molecule.yml

@@ -0,0 +1,27 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: amazon_linux2
+    image: amazonlinux:2
+    groups:
+      - aws_node_local
+    ulimits:
+      - nofile:262144:262144
+  - name: ubuntu_lts
+    image: ubuntu:bionic
+    groups:
+      - aws_node_local
+    ulimits:
+      - nofile:262144:262144
+provisioner:
+  name: ansible
+  options:
+    skip-tags: runtime_pkg
+  inventory:
+    links:
+      group_vars: ../../../../group_vars/
+verifier:
+  name: testinfra

roles/bitbucket_config/molecule/iam_elasticsearch/tests/test_default.py

@@ -0,0 +1,15 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_config_file(host):
+    f = host.file('/media/atl/bitbucket/shared/bitbucket.properties')
+    assert f.exists
+
+    assert not f.contains("plugin.search.elasticsearch.username")
+    assert not f.contains("plugin.search.elasticsearch.password")
+    assert f.contains("plugin.search.elasticsearch.aws.region=us-east-2")

roles/bitbucket_config/templates/bitbucket.properties.j2

@@ -13,7 +13,7 @@ hazelcast.network.aws.tag.value={{ atl_aws_stack_name }}
 hazelcast.group.name={{ atl_aws_stack_name }}
 hazelcast.group.password={{ atl_aws_stack_name }}
 plugin.search.elasticsearch.baseurl={{ atl_elasticsearch_endpoint }}
-{% if elasticsearch_should_auth_with_iam == 'true' %}
+{% if elasticsearch_should_auth_with_iam %}
 plugin.search.elasticsearch.aws.region={{ atl_aws_region }}
 {% else %}
 plugin.search.elasticsearch.username={{ atl_elasticsearch_username }}