Adds Multiple Datasources Support for Security Dashboards Plugin (ope…

…nsearch-project#1888) Signed-off-by: Darshit Chanpura <[email protected]> Signed-off-by: Derek Ho <[email protected]> Co-authored-by: Darshit Chanpura <[email protected]> Co-authored-by: Darshit Chanpura <[email protected]>
DarshitChanpura · Apr 26, 2024 · 154a3ba · 154a3ba
1 parent a35d7c1
commit 154a3ba
Show file tree

Hide file tree

Showing 89 changed files with 3,498 additions and 543 deletions.
diff --git a/.github/actions/download-plugin/action.yml b/.github/actions/download-plugin/action.yml
@@ -14,6 +14,10 @@ inputs:
     description: 'The version of security plugin that should be used, e.g "3.0.0.0"'
     required: true
 
+  download-location:
+    description: 'The location of where to download the plugin'
+    required: true
+
 runs:
   using: "composite"
   steps:
@@ -22,26 +26,6 @@ runs:
         -DremoteRepositories=https://aws.oss.sonatype.org/content/repositories/snapshots/ \
         -Dartifact=org.opensearch.plugin:${{ inputs.plugin-name }}:${{ inputs.plugin-version }}-SNAPSHOT:zip \
         -Dtransitive=false \
-        -Ddest=${{ inputs.plugin-name }}.zip
+        -Ddest=${{ inputs.download-location }}.zip
       shell: bash
-
-    - name: Create Setup Script for Linux
-      if: ${{ runner.os == 'Linux' }}
-      run: |
-        cat > setup.sh <<'EOF'
-        chmod +x  ./opensearch-${{ inputs.opensearch-version}}-SNAPSHOT/plugins/${{ inputs.plugin-name }}/tools/install_demo_configuration.sh 
-        /bin/bash -c "yes | ./opensearch-${{ inputs.opensearch-version}}-SNAPSHOT/plugins/${{ inputs.plugin-name }}/tools/install_demo_configuration.sh -t"
-        echo "plugins.security.unsupported.restapi.allow_securityconfig_modification: true" >> ./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/config/opensearch.yml
-        echo "cluster.routing.allocation.disk.threshold_enabled: false" >> ./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/config/opensearch.yml
-        EOF
-      shell: bash
-
-    - name: Create Setup Script for Windows
-      if: ${{ runner.os == 'Windows' }}
-      run: |
-        New-Item .\setup.bat -type file
-        Set-Content .\setup.bat -Value "powershell.exe -noexit -command `".\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\plugins\${{ inputs.plugin-name }}\tools\install_demo_configuration.bat -y -i -c -t`""
-        Add-Content -Path .\setup.bat -Value "echo plugins.security.unsupported.restapi.allow_securityconfig_modification: true >> .\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\config\opensearch.yml"
-        Add-Content -Path .\setup.bat -Value "echo cluster.routing.allocation.disk.threshold_enabled: false >> .\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\config\opensearch.yml"
-        Get-Content .\setup.bat
-      shell: pwsh
+      
diff --git a/.github/actions/run-cypress-tests/action.yml b/.github/actions/run-cypress-tests/action.yml
@@ -34,6 +34,7 @@ runs:
         opensearch-version: ${{ env.OPENSEARCH_VERSION }}
         plugin-name: ${{ env.PLUGIN_NAME }}
         plugin-version: ${{ env.PLUGIN_VERSION }}
+        download-location: ${{ env.PLUGIN_NAME }}
 
     - name: Run Opensearch with A Single Plugin
       uses: derek-ho/start-opensearch@v2
@@ -62,7 +63,7 @@ runs:
       if: ${{ runner.os == 'Linux' }}
       run: |
         cd ./OpenSearch-Dashboards
-        nohup yarn start --no-base-path --no-watch | tee dashboard.log &
+        nohup yarn start --no-base-path --no-watch --csp.warnLegacyBrowsers=false | tee dashboard.log &
       shell: bash
 
     # Check if OSD is ready with a max timeout of 600 seconds
@@ -84,8 +85,11 @@ runs:
         done
       shell: bash
 
-    - name: Run Cypress
-      run : |
-        yarn add cypress --save-dev
-        eval ${{ inputs.yarn_command }}
-      shell: bash
+    - name: Run Cypress Tests with retry
+      uses: Wandalen/[email protected]
+      with:
+        attempt_limit: 5
+        attempt_delay: 2000
+        command: |
+          yarn add cypress --save-dev
+          eval ${{ inputs.yarn_command }} 
diff --git a/.github/workflows/cypress-test-multidatasources-disabled-e2e.yml b/.github/workflows/cypress-test-multidatasources-disabled-e2e.yml
@@ -0,0 +1,49 @@
+name: E2E multi datasources disabled workflow
+
+on: [ push, pull_request ]
+
+env:
+  OPENSEARCH_VERSION: '3.0.0'
+  CI: 1
+  # avoid warnings like "tput: No value for $TERM and no -T specified"
+  TERM: xterm
+  PLUGIN_NAME: opensearch-security
+  OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
+
+jobs:
+  tests:
+    name: Run Cypress multidatasources tests
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v3
+
+      # Configure the Dashboard for multi datasources disabled (default)
+      - name: Create OpenSearch Dashboards Config
+        if: ${{ runner.os == 'Linux' }}
+        run: |
+          cat << 'EOT' > opensearch_dashboards_multidatasources.yml
+          server.host: "0.0.0.0"
+          opensearch.hosts: ["https://localhost:9200"]
+          opensearch.ssl.verificationMode: none
+          opensearch.username: "kibanaserver"
+          opensearch.password: "kibanaserver"
+          opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+          opensearch_security.multitenancy.enabled: false
+          opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
+          opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+          opensearch_security.cookie.secure: false
+          data_source.enabled: false
+          home.disableWelcomeScreen: true
+          EOT
+
+      - name: Run Cypress Tests
+        uses: ./.github/actions/run-cypress-tests
+        with:
+          dashboards_config_file: opensearch_dashboards_multidatasources.yml
+          yarn_command: 'yarn cypress:run --browser chrome --headless --env LOGIN_AS_ADMIN=true --spec "test/cypress/e2e/multi-datasources/multi_datasources_disabled.spec.js"'
diff --git a/.github/workflows/cypress-test-multidatasources-enabled-e2e.yml b/.github/workflows/cypress-test-multidatasources-enabled-e2e.yml
@@ -0,0 +1,109 @@
+name: E2E multi datasources enabled workflow
+
+on: [ push, pull_request ]
+
+env:
+  OPENSEARCH_VERSION: '3.0.0'
+  CI: 1
+  # avoid warnings like "tput: No value for $TERM and no -T specified"
+  TERM: xterm
+  PLUGIN_NAME: opensearch-security
+  OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
+
+jobs:
+  tests:
+    name: Run Cypress multidatasources tests
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v3
+
+      - name: Set env
+        run: |
+          opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version")
+          plugin_version=$(node -p "require('./package.json').version")
+          echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV
+          echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
+        shell: bash
+
+      # Add Custom Configuration to differentiate between local and remote cluster
+      - name: Create Custom Configuration for Linux
+        if: ${{ runner.os == 'Linux'}}
+        run: |
+          echo "Creating new custom configuration"
+          cat << 'EOT' > config_custom.yml
+          ---
+          _meta:
+            type: "config"
+            config_version: 2
+          config:
+            dynamic:
+              http:
+                anonymous_auth_enabled: false
+              authc:
+                basic_internal_auth_domain:
+                  description: "Authenticate via HTTP Basic against internal users database"
+                  http_enabled: true
+                  transport_enabled: true
+                  order: 0
+                  http_authenticator:
+                    type: basic
+                    challenge: false
+                  authentication_backend:
+                    type: intern
+          EOT
+
+      - name: Download security plugin and create setup scripts
+        uses: ./.github/actions/download-plugin
+        with:
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugin-name: ${{ env.PLUGIN_NAME }}
+          plugin-version: ${{ env.PLUGIN_VERSION }}
+          download-location: ${{env.PLUGIN_NAME}}
+
+      - name: Run Opensearch with A Single Plugin
+        uses: derek-ho/start-opensearch@v4
+        with:
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugins: "file:$(pwd)/opensearch-security.zip"
+          security-enabled: true
+          admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
+          security_config_file: config_custom.yml
+          port: 9202
+
+      - name: Check OpenSearch is running
+          # Verify that the server is operational
+        run: |
+          curl https://localhost:9202/_cat/plugins -v -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k
+        shell: bash
+
+      # Configure the Dashboard for multi datasources
+      - name: Create OpenSearch Dashboards Config
+        if: ${{ runner.os == 'Linux' }}
+        run: |
+          cat << 'EOT' > opensearch_dashboards_multidatasources.yml
+          server.host: "localhost"
+          opensearch.hosts: ["https://localhost:9200"]
+          opensearch.ssl.verificationMode: none
+          opensearch.username: "kibanaserver"
+          opensearch.password: "kibanaserver"
+          opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+          opensearch_security.multitenancy.enabled: true
+          opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
+          opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+          opensearch_security.cookie.secure: false
+          data_source.enabled: true
+          home.disableWelcomeScreen: true
+          data_source.ssl.verificationMode: none
+          EOT
+
+      - name: Run Cypress Tests
+        uses: ./.github/actions/run-cypress-tests
+        with:
+          dashboards_config_file: opensearch_dashboards_multidatasources.yml
+          yarn_command: 'yarn cypress:run --browser chrome --headless --env LOGIN_AS_ADMIN=true --spec "test/cypress/e2e/multi-datasources/multi_datasources_enabled.spec.js"'
diff --git a/.github/workflows/cypress-test-tenancy-disabled.yml b/.github/workflows/cypress-test-tenancy-disabled.yml
@@ -44,6 +44,7 @@ jobs:
           opensearch-version: ${{ env.OPENSEARCH_VERSION }}
           plugin-name: ${{ env.PLUGIN_NAME }}
           plugin-version: ${{ env.PLUGIN_VERSION }}
+          download-location: ${{ env.PLUGIN_NAME }}
 
       - name: Run Opensearch with security
         uses: derek-ho/start-opensearch@v2

diff --git a/.github/workflows/cypress-test.yml b/.github/workflows/cypress-test.yml
@@ -44,6 +44,7 @@ jobs:
           opensearch-version: ${{ env.OPENSEARCH_VERSION }}
           plugin-name: ${{ env.PLUGIN_NAME }}
           plugin-version: ${{ env.PLUGIN_VERSION }}
+          download-location: ${{ env.PLUGIN_NAME }}
 
       - name: Run Opensearch with security
         uses: derek-ho/start-opensearch@v2

diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -34,13 +34,37 @@ jobs:
           echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
         shell: bash
 
-      - name: Download security plugin and create setup scripts
+      - name: Download security plugin and create setup scripts for remote cluster
         uses: ./.github/actions/download-plugin
         with:
           opensearch-version: ${{ env.OPENSEARCH_VERSION }}
           plugin-name: ${{ env.PLUGIN_NAME }}
+          download-location: ${{env.PLUGIN_NAME}}-${{ env.OPENSEARCH_VERSION }}
           plugin-version: ${{ env.PLUGIN_VERSION }}
 
+      - name: Download security plugin and create setup scripts for local cluster
+        uses: ./.github/actions/download-plugin
+        with:
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugin-name: ${{ env.PLUGIN_NAME }}
+          download-location: ${{env.PLUGIN_NAME}}
+          plugin-version: ${{ env.PLUGIN_VERSION }}
+
+      - name: Run Opensearch with A Single Plugin Remote Cluster
+        uses: derek-ho/start-opensearch@v4
+        with:
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugins: "file:$(pwd)/opensearch-security-${{ env.OPENSEARCH_VERSION }}.zip"
+          security-enabled: true
+          admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
+          security_config_file: ${{ inputs.security_config_file }}
+          port: 9202
+
+      - name: Check OpenSearch remote is running
+        run: |
+          curl https://localhost:9202/_cat/plugins -v -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k
+        shell: bash
+
       - name: Run Opensearch with security
         uses: derek-ho/start-opensearch@v2
         with:

diff --git a/.github/workflows/verify-binary-installation.yml b/.github/workflows/verify-binary-installation.yml
@@ -36,6 +36,7 @@ jobs:
           opensearch-version: ${{ env.OPENSEARCH_VERSION }}
           plugin-name: ${{ env.PLUGIN_NAME }}
           plugin-version: ${{ env.PLUGIN_VERSION }}
+          download-location: ${{ env.PLUGIN_NAME }}
 
       - name: Run Opensearch with security
         uses: derek-ho/start-opensearch@v2

diff --git a/common/index.ts b/common/index.ts
@@ -56,6 +56,8 @@ export const MAX_INTEGER = 2147483647;
 export const MAX_LENGTH_OF_COOKIE_BYTES = 4000;
 export const ESTIMATED_IRON_COOKIE_OVERHEAD = 1.5;
 
+export const LOCAL_CLUSTER_ID = '';
+
 export enum AuthType {
   BASIC = 'basicauth',
   OPEN_ID = 'openid',

diff --git a/cypress.config.js b/cypress.config.js
@@ -31,5 +31,9 @@ module.exports = defineConfig({
     openSearchUrl: 'https://localhost:9200',
     adminUserName: 'admin',
     adminPassword: 'myStrongPassword123!',
+    externalDataSourceAdminUserName: 'admin',
+    externalDataSourceAdminPassword: 'myStrongPassword123!',
+    externalDataSourceLabel: '9202',
+    externalDataSourceEndpoint: 'https://localhost:9202'
   },
 });
diff --git a/opensearch_dashboards.json b/opensearch_dashboards.json
@@ -10,7 +10,9 @@
     "savedObjectsManagement"
   ],
   "optionalPlugins": [
-    "managementOverview"
+    "managementOverview",
+    "dataSource",
+    "dataSourceManagement"
   ],
   "server": true,
   "ui": true

diff --git a/public/apps/account/utils.tsx b/public/apps/account/utils.tsx
@@ -16,20 +16,30 @@
 import { HttpStart } from 'opensearch-dashboards/public';
 import { API_AUTH_LOGOUT } from '../../../common';
 import { setShouldShowTenantPopup } from '../../utils/storage-utils';
-import { httpGet, httpGetWithIgnores, httpPost } from '../configuration/utils/request-utils';
 import { API_ENDPOINT_ACCOUNT_INFO } from './constants';
 import { AccountInfo } from './types';
+import { createLocalClusterRequestContext } from '../configuration/utils/request-utils';
 
 export function fetchAccountInfo(http: HttpStart): Promise<AccountInfo> {
-  return httpGet(http, API_ENDPOINT_ACCOUNT_INFO);
+  return createLocalClusterRequestContext().httpGet({
+    http,
+    url: API_ENDPOINT_ACCOUNT_INFO,
+  });
 }
 
 export async function fetchAccountInfoSafe(http: HttpStart): Promise<AccountInfo | undefined> {
-  return httpGetWithIgnores<AccountInfo>(http, API_ENDPOINT_ACCOUNT_INFO, [401]);
+  return createLocalClusterRequestContext().httpGetWithIgnores<AccountInfo>({
+    http,
+    url: API_ENDPOINT_ACCOUNT_INFO,
+    ignores: [401],
+  });
 }
 
 export async function logout(http: HttpStart, logoutUrl?: string): Promise<void> {
-  await httpPost(http, API_AUTH_LOGOUT);
+  await createLocalClusterRequestContext().httpPost({
+    http,
+    url: API_AUTH_LOGOUT,
+  });
   setShouldShowTenantPopup(null);
   // Clear everything in the sessionStorage since they can contain sensitive information
   sessionStorage.clear();
@@ -52,8 +62,12 @@ export async function updateNewPassword(
   newPassword: string,
   currentPassword: string
 ): Promise<void> {
-  await httpPost(http, API_ENDPOINT_ACCOUNT_INFO, {
-    password: newPassword,
-    current_password: currentPassword,
+  await createLocalClusterRequestContext().httpPost({
+    http,
+    url: API_ENDPOINT_ACCOUNT_INFO,
+    body: {
+      password: newPassword,
+      current_password: currentPassword,
+    },
   });
 }