├── .ci └── jobs │ ├── defaults.yml │ └── elastic+kibana-docker+6.6+snapshot.yml ├── .gitignore ├── .tedi ├── tedi.yml └── template │ ├── Dockerfile.j2 │ ├── docker-compose.yml.j2 │ ├── kibana-docker │ ├── kibana.yml.j2 │ └── ssl │ ├── kibana.example.org.crt │ └── kibana.example.org.key ├── LICENSE ├── Makefile ├── README.md ├── bin ├── elastic-version ├── pytest └── tedi ├── requirements.txt ├── tests ├── __init__.py ├── conftest.py ├── constants.py ├── docker-compose.yml ├── exceptions.py ├── fixtures.py ├── retry.py ├── test_application.py ├── test_base_os.py ├── test_files.py ├── test_labels.py ├── test_process.py └── test_user.py ├── tox.ini └── version.json /.ci/jobs/defaults.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##### GLOBAL METADATA 4 | 5 | - meta: 6 | cluster: devops-ci 7 | 8 | ##### JOB DEFAULTS 9 | 10 | - job: 11 | logrotate: 12 | daysToKeep: 30 13 | numToKeep: 100 14 | parameters: 15 | - string: 16 | name: branch_specifier 17 | default: refs/heads/6.6 18 | description: the Git branch specifier to build (<branchName>, <tagName>, 19 | <commitId>, etc.) 20 | properties: 21 | - github: 22 | url: https://github.com/elastic/kibana-docker/ 23 | - inject: 24 | properties-content: HOME=$JENKINS_HOME 25 | node: ubuntu 26 | scm: 27 | - git: 28 | name: origin 29 | credentials-id: f6c7695a-671e-4f4f-a331-acdce44ff9ba 30 | reference-repo: /var/lib/jenkins/.git-references/kibana-docker.git 31 | branches: 32 | - ${branch_specifier} 33 | url: https://github.com/elastic/kibana-docker.git 34 | basedir: '' 35 | wipe-workspace: 'True' 36 | triggers: 37 | - timed: H H/12 * * * 38 | wrappers: 39 | - ansicolor 40 | - timeout: 41 | type: absolute 42 | timeout: 120 43 | fail: true 44 | - timestamps 45 | - workspace-cleanup 46 | builders: 47 | - shell: |- 48 | #!/usr/local/bin/runbld 49 | make from-snapshot test-snapshot 50 | publishers: 51 | - email: 52 | recipients: infra-root+build@elastic.co 53 | -------------------------------------------------------------------------------- /.ci/jobs/elastic+kibana-docker+6.6+snapshot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - job: 3 | name: elastic+kibana-docker+6.6+snapshot 4 | display-name: 'elastic / kibana-docker # 6.6 - snapshot' 5 | description: Periodic testing of snapshot builds for the Kibana Docker 6.6 branch. 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/.cache 2 | **/__pycache__ 3 | **/*.pyc 4 | /venv 5 | /build/kibana/Dockerfile* 6 | /docker-compose*.yml 7 | /snapshots 8 | /.pytest_cache 9 | /.tedi/build 10 | /.tedi/assets 11 | -------------------------------------------------------------------------------- /.tedi/tedi.yml: -------------------------------------------------------------------------------- 1 | images: 2 | kibana-full: 3 | aliases: 4 | - kibana 5 | - docker.elastic.co/kibana/kibana 6 | - docker.elastic.co/kibana/kibana-full 7 | facts: 8 | image_flavor: full 9 | 10 | kibana-oss: 11 | aliases: 12 | - docker.elastic.co/kibana/kibana-oss 13 | facts: 14 | image_flavor: oss 15 | 16 | facts: 17 | docker_registry: docker.elastic.co 18 | kibana_dir: /usr/local/src/kibana 19 | 20 | asset_sets: 21 | # By default, build from publicly released artifacts. 22 | # Note that they may not be available yet for the current {{ elastic_version }}. 23 | default: 24 | - filename: kibana-full-{{ elastic_version }}.tar.gz 25 | source: https://artifacts.elastic.co/downloads/kibana/kibana-{{ elastic_version }}-linux-x86_64.tar.gz 26 | - filename: kibana-oss-{{ elastic_version }}.tar.gz 27 | source: https://artifacts.elastic.co/downloads/kibana/kibana-oss-{{ elastic_version }}-linux-x86_64.tar.gz 28 | 29 | # Published nightly snapshot artifacts. 30 | remote_snapshot: 31 | - filename: kibana-full-{{ elastic_version }}.tar.gz 32 | source: https://snapshots.elastic.co/downloads/kibana/kibana-{{ elastic_version }}-SNAPSHOT-linux-x86_64.tar.gz 33 | - filename: kibana-oss-{{ elastic_version }}.tar.gz 34 | source: https://snapshots.elastic.co/downloads/kibana/kibana-oss-{{ elastic_version }}-SNAPSHOT-linux-x86_64.tar.gz 35 | 36 | # Snapshot artifacts on the local disk. 37 | local_snapshot: 38 | - filename: kibana-full-{{ elastic_version }}.tar.gz 39 | source: file://{{ kibana_dir}}/target/kibana-{{ elastic_version }}-SNAPSHOT-linux-x86_64.tar.gz 40 | - filename: kibana-oss-{{ elastic_version }}.tar.gz 41 | source: file://{{ kibana_dir}}/target/kibana-oss-{{ elastic_version }}-SNAPSHOT-linux-x86_64.tar.gz 42 | 43 | # Release artifacts on the local disk. 44 | local_release: 45 | - filename: kibana-full-{{ elastic_version }}.tar.gz 46 | source: file://{{ kibana_dir}}/target/kibana-{{ elastic_version }}-linux-x86_64.tar.gz 47 | - filename: kibana-oss-{{ elastic_version }}.tar.gz 48 | source: file://{{ kibana_dir}}/target/kibana-oss-{{ elastic_version }}-linux-x86_64.tar.gz 49 | -------------------------------------------------------------------------------- /.tedi/template/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | # This Dockerfile was generated from the template at tedi/Dockerfile.j2 2 | {% set tarball = 'kibana-%s-%s.tar.gz' % (image_flavor, elastic_version) -%} 3 | 4 | ################################################################################ 5 | # Build stage 0 6 | # Extract Kibana and make various file manipulations. 7 | ################################################################################ 8 | FROM centos:7 AS prep_files 9 | COPY {{ tarball }} /opt 10 | RUN mkdir /usr/share/kibana 11 | WORKDIR /usr/share/kibana 12 | RUN tar --strip-components=1 -zxf /opt/{{ tarball }} 13 | # Ensure that group permissions are the same as user permissions. 14 | # This will help when relying on GID-0 to run Kibana, rather than UID-1000. 15 | # OpenShift does this, for example. 16 | # REF: https://docs.openshift.org/latest/creating_images/guidelines.html 17 | RUN chmod -R g=u /usr/share/kibana 18 | RUN find /usr/share/kibana -type d -exec chmod g+s {} \; 19 | 20 | ################################################################################ 21 | # Build stage 1 22 | # Copy prepared files from the previous stage and complete the image. 23 | ################################################################################ 24 | FROM centos:7 25 | EXPOSE 5601 26 | 27 | # Add Reporting dependencies. 28 | RUN yum update -y && yum install -y fontconfig freetype && yum clean all 29 | 30 | # Bring in Kibana from the initial stage. 31 | COPY --from=prep_files --chown=1000:0 /usr/share/kibana /usr/share/kibana 32 | WORKDIR /usr/share/kibana 33 | RUN ln -s /usr/share/kibana /opt/kibana 34 | 35 | ENV ELASTIC_CONTAINER true 36 | ENV PATH=/usr/share/kibana/bin:$PATH 37 | 38 | # Set some Kibana configuration defaults. 39 | COPY --chown=1000:0 kibana.yml /usr/share/kibana/config/kibana.yml 40 | 41 | # Add the launcher/wrapper script. It knows how to interpret environment 42 | # variables and translate them to Kibana CLI options. 43 | COPY --chown=1000:0 kibana-docker /usr/local/bin/ 44 | 45 | # Add a self-signed SSL certificate for use in examples. 46 | COPY --chown=1000:0 ssl/kibana.example.org.* /usr/share/kibana/config/ 47 | 48 | # Ensure gid 0 write permissions for OpenShift. 49 | RUN chmod g+ws /usr/share/kibana && \ 50 | find /usr/share/kibana -gid 0 -and -not -perm /g+w -exec chmod g+w {} \; 51 | 52 | # Provide a non-root user to run the process. 53 | RUN groupadd --gid 1000 kibana && \ 54 | useradd --uid 1000 --gid 1000 \ 55 | --home-dir /usr/share/kibana --no-create-home \ 56 | kibana 57 | USER kibana 58 | 59 | LABEL org.label-schema.schema-version="1.0" \ 60 | org.label-schema.vendor="Elastic" \ 61 | org.label-schema.name="kibana" \ 62 | org.label-schema.version="{{ elastic_version }}" \ 63 | org.label-schema.url="https://www.elastic.co/products/kibana" \ 64 | org.label-schema.vcs-url="https://github.com/elastic/kibana-docker" \ 65 | {% if image_flavor == 'oss' -%} 66 | license="Apache-2.0" 67 | {% else -%} 68 | license="Elastic License" 69 | {% endif -%} 70 | 71 | CMD ["/usr/local/bin/kibana-docker"] 72 | -------------------------------------------------------------------------------- /.tedi/template/docker-compose.yml.j2: -------------------------------------------------------------------------------- 1 | {% if image_flavor == 'oss' -%} 2 | {% set elasticsearch_suffix = '-oss' -%} 3 | {% else -%} 4 | {% set elasticsearch_suffix = '' -%} 5 | {% endif -%} 6 | --- 7 | version: '3' 8 | services: 9 | kibana: 10 | image: docker.elastic.co/kibana/kibana-{{ image_flavor }}:{{ image_tag }} 11 | container_name: kibana-test 12 | ports: 13 | - 5601:5601 14 | networks: [elastic] 15 | 16 | # Configure certificate and key files to enable SSL. The certificate 17 | # provided in the example is self-signed, and thus insecure. It should 18 | # only be used for experimentation, never in production. 19 | # 20 | # environment: 21 | # - SERVER_SSL_CERT=/usr/share/kibana/config/kibana.example.org.crt 22 | # - SERVER_SSL_KEY=/usr/share/kibana/config/kibana.example.org.key 23 | 24 | elasticsearch: 25 | image: docker.elastic.co/elasticsearch/elasticsearch{{ elasticsearch_suffix }}:{{ image_tag }} 26 | container_name: elasticsearch-test 27 | networks: [elastic] 28 | environment: 29 | - discovery.type=single-node 30 | 31 | networks: 32 | elastic: 33 | -------------------------------------------------------------------------------- /.tedi/template/kibana-docker: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Run Kibana, using environment variables to set longopts defining Kibana's 4 | # configuration. 5 | # 6 | # eg. Setting the environment variable: 7 | # 8 | # ELASTICSEARCH_STARTUPTIMEOUT=60 9 | # 10 | # will cause Kibana to be invoked with: 11 | # 12 | # --elasticsearch.startupTimeout=60 13 | 14 | kibana_vars=( 15 | console.enabled 16 | console.proxyConfig 17 | console.proxyFilter 18 | elasticsearch.customHeaders 19 | elasticsearch.hosts 20 | elasticsearch.logQueries 21 | elasticsearch.password 22 | elasticsearch.pingTimeout 23 | elasticsearch.preserveHost 24 | elasticsearch.requestHeadersWhitelist 25 | elasticsearch.requestTimeout 26 | elasticsearch.shardTimeout 27 | elasticsearch.sniffInterval 28 | elasticsearch.sniffOnConnectionFault 29 | elasticsearch.sniffOnStart 30 | elasticsearch.ssl.certificate 31 | elasticsearch.ssl.certificateAuthorities 32 | elasticsearch.ssl.key 33 | elasticsearch.ssl.keyPassphrase 34 | elasticsearch.ssl.verificationMode 35 | elasticsearch.startupTimeout 36 | elasticsearch.username 37 | i18n.locale 38 | kibana.defaultAppId 39 | kibana.index 40 | logging.dest 41 | logging.quiet 42 | logging.silent 43 | logging.useUTC 44 | logging.verbose 45 | map.includeElasticMapsService 46 | ops.interval 47 | path.data 48 | pid.file 49 | regionmap 50 | regionmap.includeElasticMapsService 51 | server.basePath 52 | server.customResponseHeaders 53 | server.defaultRoute 54 | server.host 55 | server.maxPayloadBytes 56 | server.name 57 | server.port 58 | server.rewriteBasePath 59 | server.ssl.cert 60 | server.ssl.certificate 61 | server.ssl.certificateAuthorities 62 | server.ssl.cipherSuites 63 | server.ssl.clientAuthentication 64 | server.customResponseHeaders 65 | server.ssl.enabled 66 | server.ssl.key 67 | server.ssl.keyPassphrase 68 | server.ssl.redirectHttpFromPort 69 | server.ssl.supportedProtocols 70 | server.xsrf.whitelist 71 | status.allowAnonymous 72 | status.v6ApiFormat 73 | tilemap.options.attribution 74 | tilemap.options.maxZoom 75 | tilemap.options.minZoom 76 | tilemap.options.subdomains 77 | tilemap.url 78 | timelion.enabled 79 | vega.enableExternalUrls 80 | xpack.apm.enabled 81 | xpack.apm.ui.enabled 82 | apm_oss.indexPattern 83 | apm_oss.errorIndices 84 | apm_oss.onboardingIndices 85 | apm_oss.spanIndices 86 | apm_oss.transactionIndices 87 | apm_oss.metricsIndices 88 | xpack.canvas.enabled 89 | xpack.graph.enabled 90 | xpack.grokdebugger.enabled 91 | xpack.infra.enabled 92 | xpack.infra.query.partitionFactor 93 | xpack.infra.query.partitionSize 94 | xpack.infra.sources.default.logAlias 95 | xpack.infra.sources.default.metricAlias 96 | xpack.infra.sources.default.fields.container 97 | xpack.infra.sources.default.fields.host 98 | xpack.infra.sources.default.fields.pod 99 | xpack.infra.sources.default.fields.tiebreaker 100 | xpack.infra.sources.default.fields.timestamp 101 | xpack.ml.enabled 102 | xpack.monitoring.elasticsearch.password 103 | xpack.monitoring.elasticsearch.pingTimeout 104 | xpack.monitoring.elasticsearch.hosts 105 | xpack.monitoring.elasticsearch.username 106 | xpack.monitoring.elasticsearch.ssl.certificateAuthorities 107 | xpack.monitoring.elasticsearch.ssl.verificationMode 108 | xpack.monitoring.enabled 109 | xpack.monitoring.kibana.collection.enabled 110 | xpack.monitoring.kibana.collection.interval 111 | xpack.monitoring.max_bucket_size 112 | xpack.monitoring.min_interval_seconds 113 | xpack.monitoring.node_resolver 114 | xpack.monitoring.report_stats 115 | xpack.monitoring.elasticsearch.pingTimeout 116 | xpack.monitoring.ui.container.elasticsearch.enabled 117 | xpack.monitoring.ui.container.logstash.enabled 118 | xpack.monitoring.ui.enabled 119 | xpack.reporting.capture.browser.chromium.disableSandbox 120 | xpack.reporting.capture.browser.chromium.proxy.enabled 121 | xpack.reporting.capture.browser.chromium.proxy.server 122 | xpack.reporting.capture.browser.chromium.proxy.bypass 123 | xpack.reporting.capture.browser.type 124 | xpack.reporting.capture.concurrency 125 | xpack.reporting.capture.loadDelay 126 | xpack.reporting.capture.settleTime 127 | xpack.reporting.capture.timeout 128 | xpack.reporting.csv.maxSizeBytes 129 | xpack.reporting.enabled 130 | xpack.reporting.encryptionKey 131 | xpack.reporting.index 132 | xpack.reporting.kibanaApp 133 | xpack.reporting.kibanaServer.hostname 134 | xpack.reporting.kibanaServer.port 135 | xpack.reporting.kibanaServer.protocol 136 | xpack.reporting.queue.indexInterval 137 | xpack.reporting.queue.pollInterval 138 | xpack.reporting.queue.timeout 139 | xpack.reporting.roles.allow 140 | xpack.searchprofiler.enabled 141 | xpack.security.authProviders 142 | xpack.security.cookieName 143 | xpack.security.enabled 144 | xpack.security.encryptionKey 145 | xpack.security.secureCookies 146 | xpack.security.sessionTimeout 147 | xpack.xpack_main.telemetry.enabled 148 | ) 149 | 150 | longopts='' 151 | for kibana_var in ${kibana_vars[*]}; do 152 | # 'elasticsearch.hosts' -> 'ELASTICSEARCH_HOSTS' 153 | env_var=$(echo ${kibana_var^^} | tr . _) 154 | 155 | # Indirectly lookup env var values via the name of the var. 156 | # REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78 157 | value=${!env_var} 158 | if [[ -n $value ]]; then 159 | longopt="--${kibana_var}=${value}" 160 | longopts+=" ${longopt}" 161 | fi 162 | done 163 | 164 | # Files created at run-time should be group-writable, for Openshift's sake. 165 | umask 0002 166 | 167 | # The virtual file /proc/self/cgroup should list the current cgroup 168 | # membership. For each hierarchy, you can follow the cgroup path from 169 | # this file to the cgroup filesystem (usually /sys/fs/cgroup/) and 170 | # introspect the statistics for the cgroup for the given 171 | # hierarchy. Alas, Docker breaks this by mounting the container 172 | # statistics at the root while leaving the cgroup paths as the actual 173 | # paths. Therefore, Kibana provides a mechanism to override 174 | # reading the cgroup path from /proc/self/cgroup and instead uses the 175 | # cgroup path defined the configuration properties 176 | # cpu.cgroup.path.override and cpuacct.cgroup.path.override. 177 | # Therefore, we set this value here so that cgroup statistics are 178 | # available for the container this process will run in. 179 | 180 | exec /usr/share/kibana/bin/kibana --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/ ${longopts} "$@" 181 | -------------------------------------------------------------------------------- /.tedi/template/kibana.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # Default Kibana configuration from kibana-docker. 3 | 4 | server.name: kibana 5 | server.host: "0" 6 | elasticsearch.hosts: [ "http://elasticsearch:9200" ] 7 | {% if image_flavor != 'oss' -%} 8 | xpack.monitoring.ui.container.elasticsearch.enabled: true 9 | {% endif -%} 10 | -------------------------------------------------------------------------------- /.tedi/template/ssl/kibana.example.org.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID/TCCAuWgAwIBAgIJALVJyrUvH8uGMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD 3 | VQQGEwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEd 4 | MBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5l 5 | eGFtcGxlLm9yZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzAe 6 | Fw0xNjA5MTgwMzU4NTNaFw0yNjA5MTYwMzU4NTNaMIGUMQswCQYDVQQGEwJBVTER 7 | MA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEdMBsGA1UECgwU 8 | RXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5leGFtcGxlLm9y 9 | ZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzCCASIwDQYJKoZI 10 | hvcNAQEBBQADggEPADCCAQoCggEBAK3AKz7Jq8CGR75NcbuUKiLTJhSS0/TBGA9M 11 | k+OmradT5qWhFKbxUDoMwT4YpUTzkUGUzkGEVbUsrKK4XaYXldRoHOm8mS0aBErk 12 | g2ffmpi+TiGk5LHykZ0avmYeEsqVESAjVEMuU3fWJzZd4NfUcTKsBA7Ccqfnb3CB 13 | TS5fbAz/zw1K//XR5ZNCEBOsFD+0oFGKTNLCeMBCwccFNyVI2mNZpDA++HilNiQj 14 | TEJytBXGcMVZaS+Tc0vENfVWHAAtVdk8+dd6jkpNnDhK1W1TB7HvhScewyEGh9yb 15 | cK5asE8TBebEvUIrPaVFz+ef/o3lRev0Gq1QUYAoaG7ps9JlDcsCAwEAAaNQME4w 16 | HQYDVR0OBBYEFIKSLrYMY9fXpCS7OGnyxhS7JzRrMB8GA1UdIwQYMBaAFIKSLrYM 17 | Y9fXpCS7OGnyxhS7JzRrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB 18 | ABiu7+GH8WGNPqPUUHP17HHYK41xAyYoKSzCrELKmFLphYhnUQA6EeBY8rjYr3X0 19 | Z2O0F9J6Cik/kG/uBYW0Oi8PQ0EeSZwzvd+CsAc2EJAryOBpafWRXa2XrOtFkKjq 20 | jKWHSa0QJsBALiu8+JVfcwXYshbhmdVBxrktxMoY9WpGI7EcZkf77SW5enY4LtSF 21 | wuRr2lv29YADsa/Q7JV2I4oAbWUjW3513mR5JsefHPk7hXZbRCXqUxFTmWpnDomF 22 | HDeEDAdSgMgzODnbU/qHI9tmP6iDaCTz/eVfyCMKGYA0oIX1j5GdJ6HXK1OHafJK 23 | W/M9gDRhQKU0bTXC2CoEOAs= 24 | -----END CERTIFICATE----- 25 | -------------------------------------------------------------------------------- /.tedi/template/ssl/kibana.example.org.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCtwCs+yavAhke+ 3 | TXG7lCoi0yYUktP0wRgPTJPjpq2nU+aloRSm8VA6DME+GKVE85FBlM5BhFW1LKyi 4 | uF2mF5XUaBzpvJktGgRK5INn35qYvk4hpOSx8pGdGr5mHhLKlREgI1RDLlN31ic2 5 | XeDX1HEyrAQOwnKn529wgU0uX2wM/88NSv/10eWTQhATrBQ/tKBRikzSwnjAQsHH 6 | BTclSNpjWaQwPvh4pTYkI0xCcrQVxnDFWWkvk3NLxDX1VhwALVXZPPnXeo5KTZw4 7 | StVtUwex74UnHsMhBofcm3CuWrBPEwXmxL1CKz2lRc/nn/6N5UXr9BqtUFGAKGhu 8 | 6bPSZQ3LAgMBAAECggEAKE5S+d7ItAGydOf8QTpux+NZix5Agx+kGDB4gi/xSsbA 9 | 051ZcBy8sqqwzVnkROmHwcHmUvaC92NkrN6+AsCn5j08r9ArbHYDlugJv7f0YgiL 10 | kWxyDQGrW9mPX5sMWuhXr6/iZS9C96K7N/ZxKUBD/jA/RLlA5chfZqboI6DJLP5s 11 | u03ZW4toaGItLZtPxF07eElE4MGG/TbkoBZ5t79Y98TJP2oO95IpPQa8omqQcDEM 12 | w0DsbV/dJV9AtyZBfmIRNaG5beiIUH26OQzUJP7FP2eIN4F/CAXLdlMnHtQA1XJz 13 | QRwMxbfBQ+JfKD7YWedqivrjR0iPMx80M4HSU9DFaQKBgQDa+7F7zDRy4WU0GtfP 14 | g+ArDUMjQv5pTXA0b2hKjHJRXM3LVo5qNJYWlirHtPjkVL4BJSY+iVl9/lfV2Xrf 15 | gDXQLcUhABx5HNzZ5p+NyDHWrpZamFkfw9wLwQHXZGG8I+dla/iToHRWEH2QYxdz 16 | VvfntpyE7XbxzhPPiS5haHGerwKBgQDLHxPn/jm2dSHa6jAidJXFJCMblcDuwIBy 17 | 7Cm7vnRro9Mbx/hZkRPXYWHQ/4WEVlWO9Sgkf4ambPSmdFg8ksQwBBd+l3K5K4Un 18 | 2AIL/PqgZg+anoEYYn1sqiWSc+YiO2GiRaHh5wOWtekEBBH9HcYkmKIXm3JHVdSw 19 | SpQsryxppQKBgDi7qqDLJ+93a7PTHIRbwzEEL5esHKOFd4NuNZPSzS89HugGVcE4 20 | PIY/g3fX7/+f4NYFHOJozTGyOmlh/c53tfloUkEZeUb7blBZyo5+BkN7WeLAw55S 21 | LOkyqNp33EZU+vcwwObmVB2UCiPlOEceif2TNvvNVdqRrFpBTS3ZVE5rAoGAJivk 22 | 9cgU2HESt60i9paqPq4X2us9oqCSgwZWoW2dO01CMwpVZZ+Z9vPaCgi68q+2zHLN 23 | 5G4Cw+vd3honKtr5+3wJXkTfzmSbVW2GlPIpt1L2w7vdztNTdsRS4z7clLpMEs67 24 | KVTcm8n7zEFnkAW0YtQ8Qet4gmdi3O5nAi65TfECgYEA0Pw2X4R37IrYM7tFDJSz 25 | zDF4mRmk2qfhHBd8IaIDBpsXSgLcVRduro4HBzf/JeCt8rvw3VMLEFyqwyszpHro 26 | xNnqPvbMPMCtOvUcr1VtXnO7CzaFNCJrfjYdV8vmDgvbYmBEHzG+LGbnVZIBUhQa 27 | igVjtqU1uT83+VpR703IcBI= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2016-2017 Elasticsearch BV 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL=/bin/bash 2 | ELASTIC_VERSION := $(shell ./bin/elastic-version) 3 | 4 | export PATH := ./bin:./venv/bin:$(PATH) 5 | 6 | PYTHON ?= $(shell command -v python3.5 || command -v python3.6) 7 | FIGLET := pyfiglet -w 160 -f puffy 8 | 9 | # Build different images for OSS-only and full versions. 10 | IMAGE_FLAVORS ?= oss full 11 | 12 | default: from-release 13 | 14 | test: lint clean-test 15 | $(foreach FLAVOR, $(IMAGE_FLAVORS), \ 16 | $(FIGLET) "test: $(FLAVOR)"; \ 17 | ./bin/pytest tests --image-flavor=$(FLAVOR); \ 18 | ) 19 | 20 | # Test a snapshot image, which requires modifying the ELASTIC_VERSION to find the right images. 21 | test-snapshot: lint clean-test 22 | ELASTIC_VERSION=$(ELASTIC_VERSION)-SNAPSHOT make test 23 | 24 | lint: venv 25 | flake8 tests 26 | 27 | clean-test: 28 | $(foreach FLAVOR, $(IMAGE_FLAVORS), \ 29 | COMPOSE_FILE=".tedi/build/kibana-$(FLAVOR)/docker-compose.yml"; \ 30 | if test -f $$COMPOSE_FILE; then docker-compose -f $$COMPOSE_FILE down -v; fi; \ 31 | ) 32 | 33 | clean: 34 | tedi clean --clean-assets 35 | 36 | # Build images from releases on www.elastic.co. 37 | # The default ELASTIC_VERSION might not have been released yet, so you may need 38 | # to override it in the environment. 39 | from-release: 40 | tedi build --fact=image_tag:$(ELASTIC_VERSION) \ 41 | --asset-set=default 42 | 43 | # Build images from snapshots on snapshots.elastic.co 44 | from-snapshot: 45 | tedi build --fact=image_tag:$(ELASTIC_VERSION)-SNAPSHOT \ 46 | --asset-set=remote_snapshot 47 | 48 | venv: requirements.txt 49 | test -d venv || virtualenv --python=$(PYTHON) venv 50 | pip install -r requirements.txt 51 | touch venv 52 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | This repository is no longer used to generate the official [Kibana][kibana] Docker image from [Elastic][elastic]. 2 | 3 | To build Kibana docker images for pre-6.6 releases, switch branches in this repo to the matching release. 4 | 5 | [kibana]: https://www.elastic.co/products/kibana 6 | [elastic]: https://www.elastic.co/ 7 | -------------------------------------------------------------------------------- /bin/elastic-version: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Print the Elastic Stack version for the current branch, as defined in 4 | # the 'version.json' file. 5 | # 6 | # The version can also be forced by setting the ELASTIC_VERSION environment variable. 7 | 8 | import json 9 | import os 10 | 11 | 12 | def get_hard_coded_version(): 13 | version_info = json.load(open('version.json')) 14 | return version_info['version'] 15 | 16 | 17 | def qualify(version): 18 | qualifier = os.getenv('VERSION_QUALIFIER') 19 | if qualifier: 20 | # ignore None or '' 21 | return "-".join([version, qualifier]) 22 | return version 23 | 24 | 25 | def get_version(): 26 | version = os.getenv('ELASTIC_VERSION') 27 | if version: 28 | return version 29 | return qualify(get_hard_coded_version()) 30 | 31 | 32 | if __name__ == '__main__': 33 | # Provide a shell compatible interface 34 | print(get_version()) 35 | -------------------------------------------------------------------------------- /bin/pytest: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # A wrapper for `pytest` to handle the appropriate Testinfra arguments. 4 | 5 | ./venv/bin/pytest --verbose --connection=docker --hosts=kibana-test $@ 6 | -------------------------------------------------------------------------------- /bin/tedi: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # This wrapper runs the Tedi build system inside Docker. 4 | # 5 | # https://github.com/elastic/tedi/blob/master/README.md 6 | 7 | set -euo pipefail 8 | 9 | tedi_version="${TEDI_VERSION:-0.13}" 10 | tedi_debug="${TEDI_DEBUG:-false}" 11 | elastic_version=$($(dirname ${BASH_SOURCE})/elastic-version) 12 | 13 | # Build up a Docker run command. 14 | declare -a command 15 | command+=(docker run) 16 | 17 | # Mount the Docker socket inside the container, since Tedi interacts with Docker. 18 | command+=(-v /var/run/docker.sock:/var/run/docker.sock) 19 | 20 | # Tedi expects to find our project definition at '/mnt/.tedi' 21 | command+=(-v $(realpath $(dirname ${BASH_SOURCE})/..):/mnt) 22 | 23 | # Pass through some settings from the host environment to the container. 24 | command+=(-e TEDI_DEBUG=${tedi_debug}) 25 | command+=(-e TEDI_FACT_elastic_version=${elastic_version}) 26 | 27 | # If you built Kibana from source, set KIBANA_DIR to the root of the 28 | # Elasticsearch project to build an image from it. 29 | if [[ -n "${KIBANA_DIR:-}" ]]; then 30 | command+=(-v ${KIBANA_DIR}:${KIBANA_DIR}) 31 | command+=(-e TEDI_FACT_kibana_dir=${KIBANA_DIR}) 32 | fi 33 | 34 | command+=(docker.elastic.co/tedi/tedi:${tedi_version}) 35 | 36 | echo ${command[@]} "${@}" 37 | exec ${command[@]} "${@}" 38 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | docker-compose==1.11.2 2 | flake8==3.3.0 3 | jinja2-cli[yaml]==0.6.0 4 | jinja2==2.9.5 5 | requests==2.13.0 6 | retrying==1.3.3 7 | testinfra==1.6.0 8 | pyfiglet 9 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/kibana-docker/79df79dc0237b1849925fe21691b818a40efedc6/tests/__init__.py -------------------------------------------------------------------------------- /tests/conftest.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | from subprocess import run 4 | from retrying import retry 5 | from .exceptions import ExplicitRetryError 6 | from .retry import retry_settings 7 | 8 | 9 | def docker_compose(config, *args): 10 | image_flavor = config.getoption('--image-flavor') 11 | compose_flags = ('-f .tedi/build/kibana-%s/docker-compose.yml' % image_flavor).split() 12 | run(['docker-compose'] + compose_flags + list(args)) 13 | 14 | 15 | def pytest_addoption(parser): 16 | """Customize testinfra with config options via cli args""" 17 | # Let us specify which docker-compose-(image_flavor).yml file to use 18 | parser.addoption('--image-flavor', action='store', default='full', 19 | help='Docker image flavor; the suffix used in docker-compose-.yml') 20 | 21 | 22 | @retry(**retry_settings) 23 | def wait_for_kibana(): 24 | response = requests.get('http://localhost:5601/') 25 | if response.status_code != requests.codes.ok: 26 | raise ExplicitRetryError 27 | 28 | 29 | def pytest_configure(config): 30 | docker_compose(config, 'up', '-d') 31 | wait_for_kibana() 32 | 33 | 34 | def pytest_unconfigure(config): 35 | docker_compose(config, 'down', '-v') 36 | docker_compose(config, 'rm', '-f', '-v') 37 | -------------------------------------------------------------------------------- /tests/constants.py: -------------------------------------------------------------------------------- 1 | import os 2 | from subprocess import run, PIPE 3 | 4 | try: 5 | version = os.environ['ELASTIC_VERSION'] 6 | except KeyError: 7 | version = run('./bin/elastic-version', stdout=PIPE).stdout.decode().strip() 8 | -------------------------------------------------------------------------------- /tests/docker-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3' 3 | services: 4 | kibana: 5 | container_name: kibana-test 6 | 7 | elasticsearch: 8 | -------------------------------------------------------------------------------- /tests/exceptions.py: -------------------------------------------------------------------------------- 1 | class DockerStackError(Exception): 2 | pass 3 | 4 | 5 | class ExplicitRetryError(Exception): 6 | pass 7 | -------------------------------------------------------------------------------- /tests/fixtures.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import json 3 | import urllib 4 | import os 5 | from retrying import retry 6 | from pytest import fixture, config 7 | from subprocess import run, PIPE 8 | from .retry import retry_settings 9 | 10 | 11 | @fixture 12 | def kibana(host): 13 | class Kibana(object): 14 | def __init__(self): 15 | self.version = run('./bin/elastic-version', stdout=PIPE).stdout.decode().strip() 16 | self.flavor = config.getoption('--image-flavor') 17 | self.url = 'http://localhost:5601' 18 | self.process = host.process.get(comm='node') 19 | self.image_flavor = config.getoption('--image-flavor') 20 | self.environment = dict( 21 | [line.split('=', 1) for line in self.stdout_of('env').split('\n')] 22 | ) 23 | 24 | if 'STAGING_BUILD_NUM' in os.environ: 25 | self.tag = '%s-%s' % (self.version, os.environ['STAGING_BUILD_NUM']) 26 | else: 27 | self.tag = self.version 28 | 29 | if self.flavor != 'full': 30 | self.image = 'docker.elastic.co/kibana/kibana-%s:%s' % (self.flavor, self.tag) 31 | else: 32 | self.image = 'docker.elastic.co/kibana/kibana:%s' % (self.tag) 33 | 34 | self.docker_metadata = json.loads( 35 | run(['docker', 'inspect', self.image], stdout=PIPE).stdout.decode())[0] 36 | 37 | @retry(**retry_settings) 38 | def get(self, location='/', allow_redirects=True): 39 | """GET a page from Kibana.""" 40 | url = urllib.parse.urljoin(self.url, location) 41 | return requests.get(url) 42 | 43 | def stdout_of(self, command): 44 | result = host.run(command) 45 | assert result.rc is 0 46 | return result.stdout.strip() 47 | 48 | return Kibana() 49 | -------------------------------------------------------------------------------- /tests/retry.py: -------------------------------------------------------------------------------- 1 | from .exceptions import DockerStackError, ExplicitRetryError 2 | from requests.exceptions import ConnectionError, TooManyRedirects 3 | 4 | 5 | retriable_exceptions = [ 6 | ExplicitRetryError, 7 | DockerStackError, 8 | ConnectionError, 9 | ConnectionResetError, 10 | TooManyRedirects 11 | ] 12 | 13 | 14 | def is_retriable(exception): 15 | for retriable in retriable_exceptions: 16 | if isinstance(exception, retriable): 17 | return True 18 | return False 19 | 20 | 21 | retry_settings = { 22 | 'stop_max_delay': 120000, 23 | 'wait_exponential_multiplier': 100, 24 | 'wait_exponential_max': 1000, 25 | 'retry_on_exception': is_retriable 26 | } 27 | -------------------------------------------------------------------------------- /tests/test_application.py: -------------------------------------------------------------------------------- 1 | from .fixtures import kibana # noqa: F401 2 | from requests import codes 3 | 4 | 5 | def test_kibana_is_200_ok(kibana): # noqa: F811 6 | assert kibana.get().status_code == codes.ok 7 | -------------------------------------------------------------------------------- /tests/test_base_os.py: -------------------------------------------------------------------------------- 1 | def test_base_os(host): 2 | assert host.system_info.distribution == 'centos' 3 | assert host.system_info.release == '7' 4 | -------------------------------------------------------------------------------- /tests/test_files.py: -------------------------------------------------------------------------------- 1 | from .constants import version 2 | from .fixtures import kibana 3 | 4 | 5 | def exclude_browser_files(files): 6 | '''Return all files that are not part of a browser 7 | 8 | Useful for permission tests, since browsers get installed at runtime and 9 | can have unexpected ownership, group or mode. 10 | ''' 11 | # REF: https://github.com/elastic/kibana/blob/fe4609647dd2a7a7fedfb23d63f5886a24eacbe1/x-pack/plugins/reporting/server/browsers/install.js#L41 # noqa 12 | files = [f for f in files if not f.startswith('/usr/share/kibana/data/phantomjs-')] 13 | files = [f for f in files if not f.startswith('/usr/share/kibana/data/headless_shell-')] 14 | return files 15 | 16 | 17 | def test_kibana_is_the_correct_version(kibana): 18 | assert version in kibana.stdout_of('kibana --version') 19 | 20 | 21 | def test_opt_kibana_is_a_symlink_to_usr_share_kibana(kibana): 22 | assert kibana.stdout_of('realpath /opt/kibana') == '/usr/share/kibana' 23 | 24 | 25 | def test_all_files_in_optimize_directory_are_owned_by_kibana(kibana): 26 | bad_files = kibana.stdout_of('find /usr/share/kibana/optimize ! -user kibana').split() 27 | assert len(bad_files) is 0 28 | 29 | 30 | def test_all_files_in_kibana_directory_are_gid_zero(kibana): 31 | bad_files = kibana.stdout_of('find /usr/share/kibana ! -gid 0').split() 32 | assert len(exclude_browser_files(bad_files)) is 0 33 | 34 | 35 | def test_all_files_in_kibana_directory_are_writable(kibana): 36 | bad_files = kibana.stdout_of('find -not -writable').split() 37 | assert len(bad_files) is 0 38 | 39 | 40 | def test_all_directories_in_kibana_directory_are_setgid(kibana): 41 | bad_files = kibana.stdout_of('find /usr/share/kibana -type d ! -perm /g+s').split() 42 | assert len(exclude_browser_files(bad_files)) is 0 43 | 44 | 45 | def test_all_files_in_kibana_directory_are_group_writable(kibana): 46 | bad_files = kibana.stdout_of('find /usr/share/kibana ! -perm /g+w').split() 47 | assert len(exclude_browser_files(bad_files)) is 0 48 | -------------------------------------------------------------------------------- /tests/test_labels.py: -------------------------------------------------------------------------------- 1 | from .fixtures import kibana 2 | 3 | 4 | def test_labels(kibana): 5 | labels = kibana.docker_metadata['Config']['Labels'] 6 | assert labels['org.label-schema.name'] == 'kibana' 7 | assert labels['org.label-schema.schema-version'] == '1.0' 8 | assert labels['org.label-schema.url'] == 'https://www.elastic.co/products/kibana' 9 | assert labels['org.label-schema.vcs-url'] == 'https://github.com/elastic/kibana-docker' 10 | assert labels['org.label-schema.vendor'] == 'Elastic' 11 | assert labels['org.label-schema.version'] == kibana.tag.replace('-SNAPSHOT', '') 12 | if kibana.flavor == 'oss': 13 | assert labels['license'] == 'Apache-2.0' 14 | else: 15 | assert labels['license'] == 'Elastic License' 16 | -------------------------------------------------------------------------------- /tests/test_process.py: -------------------------------------------------------------------------------- 1 | from .constants import version 2 | from .fixtures import kibana 3 | 4 | 5 | def test_process_is_pid_1(kibana): 6 | assert kibana.process.pid == 1 7 | 8 | 9 | def test_process_is_running_as_the_correct_user(kibana): 10 | assert kibana.process.user == 'kibana' 11 | 12 | 13 | def test_default_environment_contains_no_kibana_config(kibana): 14 | acceptable_vars = ['ELASTIC_CONTAINER', 'HOME', 'HOSTNAME', 'TERM', 'PATH', 'PWD', 'SHLVL', '_'] 15 | for var in kibana.environment.keys(): 16 | assert var in acceptable_vars 17 | -------------------------------------------------------------------------------- /tests/test_user.py: -------------------------------------------------------------------------------- 1 | from .fixtures import kibana 2 | 3 | 4 | def test_group_properties(host): 5 | group = host.group('kibana') 6 | assert group.exists 7 | assert group.gid == 1000 8 | 9 | 10 | def test_user_properties(host): 11 | user = host.user('kibana') 12 | assert user.uid == 1000 13 | assert user.gid == 1000 14 | assert user.home == '/usr/share/kibana' 15 | assert user.shell == '/bin/bash' 16 | 17 | 18 | def test_default_user_is_kibana(kibana): 19 | assert kibana.stdout_of('whoami') == 'kibana' 20 | 21 | 22 | def test_that_the_user_home_directory_is_usr_share_kibana(kibana): 23 | assert kibana.environment['HOME'] == '/usr/share/kibana' 24 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | # pytest fixtures (which are wonderful) trigger false positives for these 2 | # pyflakes checks. 3 | [flake8] 4 | ignore = F401,F811 5 | max-line-length = 120 6 | -------------------------------------------------------------------------------- /version.json: -------------------------------------------------------------------------------- 1 | {"version": "7.0.0"} 2 | --------------------------------------------------------------------------------