From 6919bac1a2b0cd1ca4718105405a03c32d2d5fea Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Wed, 7 Dec 2022 11:42:27 +0100 Subject: [PATCH] Fixup opensearch when using advanced security options (#1613) Fixup opensearch when using advanced security options Fix #1560 Reviewed-by: Markus Bergholz Reviewed-by: Alina Buzachis --- changelogs/fragments/1613-opensearch.yml | 2 ++ plugins/modules/opensearch.py | 1 + .../opensearch/tasks/test_opensearch.yml | 33 +++++++++++++++++-- 3 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/1613-opensearch.yml diff --git a/changelogs/fragments/1613-opensearch.yml b/changelogs/fragments/1613-opensearch.yml new file mode 100644 index 00000000000..323241a982e --- /dev/null +++ b/changelogs/fragments/1613-opensearch.yml @@ -0,0 +1,2 @@ +bugfixes: + - opensearch - Fix cluster creation when using advanced security options (https://github.com/ansible-collections/community.aws/pull/1613). diff --git a/plugins/modules/opensearch.py b/plugins/modules/opensearch.py index 95fc45a2f68..7ed8c0722a2 100644 --- a/plugins/modules/opensearch.py +++ b/plugins/modules/opensearch.py @@ -948,6 +948,7 @@ def set_advanced_security_options( ] = advanced_security_opts.get("internal_user_database_enabled") master_user_opts = advanced_security_opts.get("master_user_options") if master_user_opts is not None: + advanced_security_config.setdefault("MasterUserOptions", {}) if master_user_opts.get("master_user_arn") is not None: advanced_security_config["MasterUserOptions"][ "MasterUserARN" diff --git a/tests/integration/targets/opensearch/tasks/test_opensearch.yml b/tests/integration/targets/opensearch/tasks/test_opensearch.yml index 1418e6d8016..7ce1f8d9482 100644 --- a/tests/integration/targets/opensearch/tasks/test_opensearch.yml +++ b/tests/integration/targets/opensearch/tasks/test_opensearch.yml @@ -3,7 +3,7 @@ - name: test without specifying required module options opensearch: engine_version: "Elasticsearch_7.1" - ignore_errors: yes + ignore_errors: true register: result - name: assert domain_name is a required module option @@ -959,7 +959,7 @@ wait_timeout: "{{ 60 * 60 }}" register: opensearch_domain until: opensearch_domain is not failed - ignore_errors: yes + ignore_errors: true retries: 10 # After enabling at rest encryption, there is a period during which the API fails, so retry. delay: 30 @@ -996,6 +996,11 @@ - "opensearch_domain.domain_endpoint_options.tls_security_policy == 'Policy-Min-TLS-1-2-2019-07'" - opensearch_domain is changed +- name: Set common facts for advanced security tests + set_fact: + test_master_user_name: my_custom_admin_username + test_master_user_password: "{{ lookup('ansible.builtin.password', '/dev/null chars=ascii_lowercase,digits length=16') }}" + - name: Configure advanced security block: - name: Enable advanced security, check mode @@ -1003,6 +1008,10 @@ domain_name: "es-{{ tiny_prefix }}-vpc" advanced_security_options: enabled: true + internal_user_database_enabled: false + master_user_options: + master_user_name: "{{ test_master_user_name }}" + master_user_password: "{{ test_master_user_password }}" wait: true check_mode: true register: opensearch_domain @@ -1019,12 +1028,20 @@ domain_name: "es-{{ tiny_prefix }}-vpc" advanced_security_options: enabled: true + internal_user_database_enabled: false + master_user_options: + master_user_name: "{{ test_master_user_name }}" + master_user_password: "{{ test_master_user_password }}" wait: true wait_timeout: "{{ 60 * 60 }}" register: opensearch_domain - assert: that: - "opensearch_domain.advanced_security_options.enabled == True" + - "opensearch_domain.advanced_security_options.internal_user_database_enabled == False" + - "opensearch_domain.advanced_security_options.master_user_options is defined" + - "opensearch_domain.advanced_security_options.master_user_options.master_user_name is test_master_user_name" + - "opensearch_domain.advanced_security_options.master_user_options.master_user_password is test_master_user_password" - opensearch_domain is changed - name: Enable advanced security, check mode again @@ -1032,6 +1049,10 @@ domain_name: "es-{{ tiny_prefix }}-vpc" advanced_security_options: enabled: true + internal_user_database_enabled: false + master_user_options: + master_user_name: "{{ test_master_user_name }}" + master_user_password: "{{ test_master_user_password }}" wait: true check_mode: true register: opensearch_domain @@ -1044,11 +1065,19 @@ domain_name: "es-{{ tiny_prefix }}-vpc" advanced_security_options: enabled: true + internal_user_database_enabled: false + master_user_options: + master_user_name: "{{ test_master_user_name }}" + master_user_password: "{{ test_master_user_password }}" wait: true register: opensearch_domain - assert: that: - "opensearch_domain.advanced_security_options.enabled == True" + - "opensearch_domain.advanced_security_options.internal_user_database_enabled == False" + - "opensearch_domain.advanced_security_options.master_user_options is defined" + - "opensearch_domain.advanced_security_options.master_user_options.master_user_name is test_master_user_name" + - "opensearch_domain.advanced_security_options.master_user_options.master_user_password is test_master_user_password" - opensearch_domain is not changed - name: Configure warm and cold storage