Skip to content

Commit

Permalink
Use start-opensearch and setup-opensearch-dashboards actions (opensea…
Browse files Browse the repository at this point in the history
…rch-project#1783)

* Revert to old version

Signed-off-by: Derek Ho <dxho@amazon.com>

* Fix order

Signed-off-by: Derek Ho <dxho@amazon.com>

* Revert deletion of custom dashboards file

Signed-off-by: Derek Ho <dxho@amazon.com>

* Replace other instances of the backend workflow

Signed-off-by: Derek Ho <dxho@amazon.com>

* Add file prefix

Signed-off-by: Derek Ho <dxho@amazon.com>

* Also add env variable references in workflow

Signed-off-by: Derek Ho <dxho@amazon.com>

* Try the branch that adds settings for security dashboards ci support

Signed-off-by: Derek Ho <dxho@amazon.com>

* Update workflow to v2

Signed-off-by: Derek Ho <dxho@amazon.com>

* Use setup opensearch dashboards workflow

Signed-off-by: Derek Ho <dxho@amazon.com>

* Remove duplciate functionality in binary installation

Signed-off-by: Derek Ho <dxho@amazon.com>

* Unsaved local changes

Signed-off-by: Derek Ho <dxho@amazon.com>

* install zip as true

Signed-off-by: Derek Ho <dxho@amazon.com>

* Consolidate writing yml file

Signed-off-by: Derek Ho <dxho@amazon.com>

* Remove duplicate install

Signed-off-by: Derek Ho <dxho@amazon.com>

* Modify workflow to pass in built plugin artifact name

Signed-off-by: Derek Ho <dxho@amazon.com>

* Use latest version of workflow and use directory output

Signed-off-by: Derek Ho <dxho@amazon.com>

* Fix syntax issue

Signed-off-by: Derek Ho <dxho@amazon.com>

* Run start dashboards command in correct directory

Signed-off-by: Derek Ho <dxho@amazon.com>

* Use v1 release

Signed-off-by: Derek Ho <dxho@amazon.com>

* Remove cats and rename config files

Signed-off-by: Derek Ho <dxho@amazon.com>

---------

Signed-off-by: Derek Ho <dxho@amazon.com>
(cherry picked from commit 9516bea)
Signed-off-by: Derek Ho <dxho@amazon.com>
  • Loading branch information
derek-ho committed Feb 26, 2024
1 parent 099f7a2 commit 5dbf946
Show file tree
Hide file tree
Showing 9 changed files with 87 additions and 208 deletions.
81 changes: 10 additions & 71 deletions .github/actions/run-cypress-tests/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,60 +34,22 @@ runs:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}

# Download OpenSearch
- name: Download OpenSearch for Linux
uses: peternied/download-file@v2
if: ${{ runner.os == 'Linux' }}
with:
url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz

# Extract downloaded tar/zip
- name: Extract downloaded tar
if: ${{ runner.os == 'Linux' }}
run: |
tar -xzf opensearch-*.tar.gz
rm -f opensearch-*.tar.gz
shell: bash

# Install the security plugin
- name: Install Plugin into OpenSearch for Linux
if: ${{ runner.os == 'Linux'}}
run: |
chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin
/bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip"
shell: bash

- name: Replace demo configuration
if: ${{ runner.os == 'Linux' }}
run: |
if [ -f ${{ inputs.security_config_file }} ]; then
mv ${{ inputs.security_config_file }} ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/config.yml
fi
shell: bash

# Run any configuration scripts
- name: Run Setup Script for Linux
if: ${{ runner.os == 'Linux' }}
run: |
echo "running linux setup"
chmod +x ./setup.sh
./setup.sh
shell: bash
- name: Run Opensearch with A Single Plugin
uses: derek-ho/start-opensearch@v2
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugins: "file:$(pwd)/opensearch-security.zip"
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
security_config_file: ${{ inputs.security_config_file }}

# OSD bootstrap
- name: Run Dashboard with Security Dashboards Plugin
uses: ./.github/actions/install-dashboards
uses: derek-ho/setup-opensearch-dashboards@v1
with:
plugin_name: security-dashboards-plugin

- name: Replace dashboards configuration
if: ${{ runner.os == 'Linux' }}
run: |
if [ -f ${{ inputs.dashboards_config_file }} ]; then
mv ${{ inputs.dashboards_config_file }} ./OpenSearch-Dashboards/config/opensearch_dashboards.yml
fi
shell: bash
opensearch_dashboards_yml: ${{ inputs.dashboards_config_file }}

- name: Run pretest script
if: ${{ runner.os == 'Linux' }}
Expand All @@ -96,29 +58,6 @@ runs:
yarn pretest:jest_server
shell: bash

# Run OpenSearch
- name: Run OpenSearch with plugin on Linux
if: ${{ runner.os == 'Linux'}}
run: |
/bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &"
shell: bash

# Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time!
- name: Sleep while OpenSearch starts
uses: peternied/action-sleep@v1
with:
seconds: 30

# Verify that the server is operational
- name: Check OpenSearch Running on Linux
if: ${{ runner.os != 'Windows'}}
run: curl https://localhost:9200/_cat/plugins -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k -v
shell: bash

- if: always()
run: cat ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/logs/opensearch.log
shell: bash

- name: Run OpenSearch Dashboards with provided configuration
if: ${{ runner.os == 'Linux' }}
run: |
Expand Down
4 changes: 0 additions & 4 deletions .github/workflows/cypress-test-multiauth-e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,6 @@ jobs:
authentication_backend:
type: noop
EOT
echo "THIS IS THE SECURITY CONFIG FILE: "
cat config_multiauth.yml
# Configure the Dashboard for SAML setup
- name: Configure OpenSearch Dashboards with multi-auth configuration including SAML
Expand All @@ -90,8 +88,6 @@ jobs:
opensearch_security.auth.anonymous_auth_enabled: false
home.disableWelcomeScreen: true
EOT
echo 'HERE IS THE DASHBOARD CONFIG FILE: '
cat opensearch_dashboards_multiauth.yml
- name: Run Cypress Tests
uses: ./.github/actions/run-cypress-tests
Expand Down
4 changes: 0 additions & 4 deletions .github/workflows/cypress-test-oidc-e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -110,8 +110,6 @@ jobs:
authentication_backend:
type: noop
EOT
echo "THIS IS THE SECURITY CONFIG FILE: "
cat config_openid.yml
# Configure the Dashboard for OpenID setup
- name: Create OpenSearch Dashboards Config for OpenID
Expand All @@ -136,8 +134,6 @@ jobs:
opensearch_security.ui.openid.login.buttonname: "OIDC"
home.disableWelcomeScreen: true
EOT
echo 'HERE IS THE DASHBOARD CONFIG FILE: '
cat opensearch_dashboards_openid.yml
- name: Run Cypress Tests
uses: ./.github/actions/run-cypress-tests
Expand Down
4 changes: 0 additions & 4 deletions .github/workflows/cypress-test-saml-e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,6 @@ jobs:
authentication_backend:
type: noop
EOT
echo "THIS IS THE SECURITY CONFIG FILE: "
cat config_saml.yml
# Configure the Dashboard for SAML setup
- name: Configure and Run OpenSearch Dashboards with SAML Configuration
Expand All @@ -90,8 +88,6 @@ jobs:
opensearch_security.auth.anonymous_auth_enabled: false
home.disableWelcomeScreen: true
EOT
echo 'HERE IS THE DASHBOARD CONFIG FILE: '
cat opensearch_dashboards_saml.yml
- name: Run Cypress Tests
uses: ./.github/actions/run-cypress-tests
Expand Down
38 changes: 23 additions & 15 deletions .github/workflows/cypress-test-tenancy-disabled.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ env:
OPENSEARCH_SNAPSHOT_CMD: 'node ../scripts/opensearch snapshot'
SPEC: 'cypress/integration/plugins/security-dashboards-plugin/aggregation_view.js,'
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!

jobs:
cypress-tests-multitenancy-disabled:
Expand Down Expand Up @@ -44,31 +45,38 @@ jobs:
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}

- name: Run Opensearch with A Single Plugin
uses: opensearch-project/security/.github/actions/start-opensearch-with-one-plugin@main
- name: Run Opensearch with security
uses: derek-ho/start-opensearch@v2
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
setup-script-name: setup
admin-password: myStrongPassword123!
plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip"
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}

# Configure the Dashboard
- name: Configure OpenSearch Dashboards with tenancy disabled
run: |
cat << 'EOT' > tenancy-disabled-opensearch-dashboards-config.yml
server.host: "0.0.0.0"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
EOT
- name: Run Dashboard with Security Dashboards Plugin
uses: ./.github/actions/install-dashboards
uses: derek-ho/setup-opensearch-dashboards@v1
with:
plugin_name: security-dashboards-plugin
opensearch_dashboards_yml: tenancy-disabled-opensearch-dashboards-config.yml

- name: Configure and Run OpenSearch Dashboards with Cypress Test Cases
run: |
cd ./OpenSearch-Dashboards
echo 'server.host: "0.0.0.0"' >> ./config/opensearch_dashboards.yml
echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml
echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml
echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml
echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.multitenancy.enabled: false' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml
nohup yarn start --no-base-path --no-watch &
sleep 500
git clone https://github.com/opensearch-project/opensearch-dashboards-functional-test.git
Expand Down
42 changes: 25 additions & 17 deletions .github/workflows/cypress-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ env:
OPENSEARCH_SNAPSHOT_CMD: 'node ../scripts/opensearch snapshot'
SPEC: 'cypress/integration/plugins/security-dashboards-plugin/aggregation_view.js,'
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!

jobs:
cypress-tests:
Expand Down Expand Up @@ -44,33 +45,40 @@ jobs:
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}

- name: Run Opensearch with A Single Plugin
uses: opensearch-project/security/.github/actions/start-opensearch-with-one-plugin@main
- name: Run Opensearch with security
uses: derek-ho/start-opensearch@v2
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
setup-script-name: setup
admin-password: myStrongPassword123!
plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip"
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}

# Configure the Dashboard
- name: Configure OpenSearch Dashboards for cypress
run: |
cat << 'EOT' > cypress-opensearch-dashboards-config.yml
server.host: "0.0.0.0"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
opensearch_security.multitenancy.enable_aggregation_view: true
EOT
- name: Run Dashboard with Security Dashboards Plugin
uses: ./.github/actions/install-dashboards
uses: derek-ho/setup-opensearch-dashboards@v1
with:
plugin_name: security-dashboards-plugin
opensearch_dashboards_yml: cypress-opensearch-dashboards-config.yml

- name: Configure and Run OpenSearch Dashboards with Cypress Test Cases
run: |
cd ./OpenSearch-Dashboards
echo 'server.host: "0.0.0.0"' >> ./config/opensearch_dashboards.yml
echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml
echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml
echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml
echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.multitenancy.enable_aggregation_view: true' >> ./config/opensearch_dashboards.yml
nohup yarn start --no-base-path --no-watch &
sleep 500
git clone https://github.com/opensearch-project/opensearch-dashboards-functional-test.git
Expand Down
17 changes: 9 additions & 8 deletions .github/workflows/integration-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ env:
TEST_BROWSER_HEADLESS: 1
CI: 1
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: admin

jobs:
tests:
Expand Down Expand Up @@ -60,13 +61,13 @@ jobs:
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}

- name: Run Opensearch with A Single Plugin
uses: opensearch-project/security/.github/actions/start-opensearch-with-one-plugin@main
- name: Run Opensearch with security
uses: derek-ho/start-opensearch@v2
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
setup-script-name: setup
admin-password: admin
plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip"
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}

# https://github.com/actions/runner-images/issues/2840#issuecomment-790492173
- name: Remove unnecessary files Linux
Expand All @@ -76,7 +77,7 @@ jobs:
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
- id: install-dashboards
uses: ./.github/actions/install-dashboards
uses: derek-ho/setup-opensearch-dashboards@v1
with:
plugin_name: security-dashboards-plugin

Expand All @@ -91,14 +92,14 @@ jobs:
if: ${{ runner.os == 'Linux' }}
run: |
echo "check if opensearch is ready"
curl -XGET https://localhost:9200 -u 'admin:admin' -k
curl -XGET https://localhost:9200 -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k
yarn test:jest_server --coverage
working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }}

- name: Run integration tests on Windows
if: ${{ runner.os == 'Windows' }}
run: |
echo "check if opensearch is ready"
curl -XGET https://localhost:9200 -u 'admin:admin' -k
curl -XGET https://localhost:9200 -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k
node .\test\run_jest_tests.js --runInBand --detectOpenHandles --forceExit --config .\test\jest.config.server.js
working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }}
2 changes: 1 addition & 1 deletion .github/workflows/unit-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
uses: actions/checkout@v2

- id: install-dashboards
uses: ./.github/actions/install-dashboards
uses: derek-ho/setup-opensearch-dashboards@v1
with:
plugin_name: security-dashboards-plugin

Expand Down
Loading

0 comments on commit 5dbf946

Please sign in to comment.