Skip to content

Commit

Permalink
Merge branch 'main' into cookie-splitting-for-jwt
Browse files Browse the repository at this point in the history
  • Loading branch information
cwperks authored Jan 4, 2024
2 parents 2fe8a7c + d64ee48 commit 9f51173
Show file tree
Hide file tree
Showing 39 changed files with 99 additions and 81 deletions.
10 changes: 2 additions & 8 deletions .github/workflows/cypress-test-oidc-e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ env:
PLUGIN_NAME: opensearch-security
# This is the SHA256 checksum of the known good kc.sh script for Keycloak version 21.0.1.
KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT: 'f825ea1a9ffa5ad91673737c06857ababbb69b6b8f09e0c637b4c998517f9608'
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!

jobs:
tests:
Expand Down Expand Up @@ -157,13 +158,6 @@ jobs:
echo "THIS IS THE SECURITY CONFIG FILE: "
cat config.yml
# TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT
- name: Write password to initialAdminPassword location
if: ${{ runner.os == 'Linux'}}
run:
echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt
shell: bash

# Run any configuration scripts
- name: Run Setup Script for Linux
if: ${{ runner.os == 'Linux' }}
Expand All @@ -189,7 +183,7 @@ jobs:
# Verify that the server is operational
- name: Check OpenSearch Running on Linux
if: ${{ runner.os != 'Windows'}}
run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v
run: curl https://localhost:9200/_cat/plugins -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k -v
shell: bash

- if: always()
Expand Down
12 changes: 3 additions & 9 deletions .github/workflows/cypress-test-saml-e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ env:
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security

OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!

jobs:
tests:
name: Run Cypress E2E SAML tests
Expand Down Expand Up @@ -57,13 +58,6 @@ jobs:
rm -f opensearch-*.tar.gz
shell: bash

# TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT
- name: Write password to initialAdminPassword location
if: ${{ runner.os == 'Linux'}}
run:
echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt
shell: bash

# Install the security plugin
- name: Install Plugin into OpenSearch for Linux
if: ${{ runner.os == 'Linux'}}
Expand Down Expand Up @@ -145,7 +139,7 @@ jobs:
# Verify that the server is operational
- name: Check OpenSearch Running on Linux
if: ${{ runner.os != 'Windows'}}
run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v
run: curl https://localhost:9200/_cat/plugins -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k -v
shell: bash

- if: always()
Expand Down
2 changes: 1 addition & 1 deletion DEVELOPER_GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ For the sake of this guide, let's assume the latest version on main for OpenSear
Ensure that an OpenSearch cluster with the security plugin installed is running locally. If you followed the steps from [the developer guide of the Security Plugin](https://github.com/opensearch-project/security/blob/main/DEVELOPER_GUIDE.md), then you can verify this by running:

```
curl -XGET https://admin:admin@localhost:9200/ --insecure
curl -XGET https://admin:<admin password>@localhost:9200/ --insecure
```

## Install OpenSearch-Dashboards with Security Dashboards Plugin
Expand Down
12 changes: 12 additions & 0 deletions common/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,18 @@ export enum AuthType {
ANONYMOUS = 'anonymous',
}

export enum ResourceType {
roles = 'roles',
users = 'users',
serviceAccounts = 'serviceAccounts',
permissions = 'permissions',
tenants = 'tenants',
tenantsManageTab = 'tenantsManageTab',
tenantsConfigureTab = 'tenantsConfigureTab',
auth = 'auth',
auditLogging = 'auditLogging',
}

/**
* A valid resource name should not containing percent sign (%) as they raise url injection issue.
* And also should not be empty.
Expand Down
2 changes: 1 addition & 1 deletion cypress.config.js
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,6 @@ module.exports = defineConfig({
env: {
openSearchUrl: 'https://localhost:9200',
adminUserName: 'admin',
adminPassword: 'admin',
adminPassword: 'myStrongPassword123!',
},
});
3 changes: 2 additions & 1 deletion public/apps/configuration/app-router.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@ import { RoleView } from './panels/role-view/role-view';
import { TenantList } from './panels/tenant-list/tenant-list';
import { UserList } from './panels/user-list';
import { ServiceAccountList } from './panels/service-account-list';
import { Action, ResourceType, RouteItem, SubAction } from './types';
import { Action, RouteItem, SubAction } from './types';
import { ResourceType } from '../../../common';
import { buildHashUrl, buildUrl } from './utils/url-builder';
import { CrossPageToast } from './cross-page-toast';

Expand Down
1 change: 1 addition & 0 deletions public/apps/configuration/constants.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,7 @@ export const INDEX_PERMISSIONS: string[] = [
'indices:monitor/shard_stores',
'indices:monitor/stats',
'indices:monitor/upgrade',
'system:admin/system_index',
];

export function includeIndexPermissions(indexPermissionsToInclude: string[]) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ import { SETTING_GROUPS, SettingMapItem } from './constants';
import { EditSettingGroup } from './edit-setting-group';
import { AuditLoggingSettings } from './types';
import { buildHashUrl, buildUrl } from '../../utils/url-builder';
import { ResourceType } from '../../types';
import { ResourceType } from '../../../../../common';
import { getAuditLogging, updateAuditLogging } from '../../utils/audit-logging-utils';
import { useToastState } from '../../utils/toast-utils';
import { setCrossPageToast } from '../../utils/storage-utils';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ import {
import React from 'react';
import { FormattedMessage } from '@osd/i18n/react';
import { AppDependencies } from '../../../types';
import { ResourceType } from '../../types';
import { ResourceType } from '../../../../../common';
import { getAuditLogging, updateAuditLogging } from '../../utils/audit-logging-utils';
import { displayBoolean, ExternalLink } from '../../utils/display-utils';
import { buildHashUrl } from '../../utils/url-builder';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import { AuditLoggingEditSettings } from '../audit-logging-edit-settings';
import React from 'react';
import { ComplianceSettings, GeneralSettings } from '../types';
import { buildHashUrl } from '../../../utils/url-builder';
import { ResourceType } from '../../../types';
import { ResourceType } from '../../../../../../common';

jest.mock('../../../utils/audit-logging-utils');

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import { AuditLogging, renderComplianceSettings, renderGeneralSettings } from '.
import React from 'react';
import { EuiSwitch } from '@elastic/eui';
import { buildHashUrl } from '../../../utils/url-builder';
import { ResourceType } from '../../../types';
import { ResourceType } from '../../../../../../common';
import {
SUB_URL_FOR_COMPLIANCE_SETTINGS_EDIT,
SUB_URL_FOR_GENERAL_SETTINGS_EDIT,
Expand Down
11 changes: 3 additions & 8 deletions public/apps/configuration/panels/get-started.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,12 @@ import {
} from '@elastic/eui';
import React from 'react';
import { FormattedMessage } from '@osd/i18n/react';
import { flow } from 'lodash';
import { HashRouter as Router, Route } from 'react-router-dom';
import { AppDependencies } from '../../types';
import { buildHashUrl, buildUrl } from '../utils/url-builder';
import { Action, ResourceType, RouteItem } from '../types';
import { buildHashUrl } from '../utils/url-builder';
import { Action } from '../types';
import { ResourceType } from '../../../../common';
import { API_ENDPOINT_CACHE, DocLinks } from '../constants';
import { ExternalLink, ExternalLinkButton } from '../utils/display-utils';
import { TenantList } from './tenant-list/tenant-list';
import { getBreadcrumbs } from '../app-router';

import { CrossPageToast } from '../cross-page-toast';

const addBackendStep = {
title: 'Add backends',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ import {
} from '@elastic/eui';
import React, { useState } from 'react';
import { BreadcrumbsPageDependencies } from '../../../types';
import { InternalUserUpdate, ResourceType } from '../../types';
import { InternalUserUpdate } from '../../types';
import { ResourceType } from '../../../../../common';
import { getUserDetail, updateUser } from '../../utils/internal-user-detail-utils';
import { PanelWithHeader } from '../../utils/panel-with-header';
import { PasswordEditPanel } from '../../utils/password-edit-panel';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@

import React, { Dispatch, SetStateAction } from 'react';
import { EuiForm, EuiFlexGroup, EuiFlexItem, EuiComboBox } from '@elastic/eui';
import { ComboBoxOptions, ResourceType } from '../../types';
import { ComboBoxOptions } from '../../types';
import { ResourceType } from '../../../../../common';
import { PanelWithHeader } from '../../utils/panel-with-header';
import { FormRow } from '../../utils/form-row';
import { LIMIT_WIDTH_INPUT_CLASS } from '../../constants';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ import {
} from '@elastic/eui';
import React, { Dispatch, Fragment, SetStateAction } from 'react';
import { isEmpty } from 'lodash';
import { RoleIndexPermission, ResourceType } from '../../types';
import { RoleIndexPermission } from '../../types';
import { ResourceType } from '../../../../../common';
import {
appendElementToArray,
removeElementFromArray,
Expand Down Expand Up @@ -141,9 +142,9 @@ export function IndexPermissionRow(props: {
return (
<FormRow
headerText="Index permissions"
headerSubText="You can specify permissions using both action groups or single permissions.
headerSubText="You can specify permissions using both action groups or single permissions.
A permission group is a list of single permissions.
You can often achieve your desired security posture using some combination of the default permission groups.
You can often achieve your desired security posture using some combination of the default permission groups.
You can also create your own reusable permission groups."
>
<EuiFlexGroup>
Expand Down
11 changes: 8 additions & 3 deletions public/apps/configuration/panels/role-edit/role-edit.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@ import {
} from './tenant-panel';
import { RoleIndexPermissionStateClass, RoleTenantPermissionStateClass } from './types';
import { buildHashUrl, buildUrl } from '../../utils/url-builder';
import { ComboBoxOptions, ResourceType, Action, ActionGroupItem } from '../../types';
import { ComboBoxOptions, Action, ActionGroupItem } from '../../types';
import { ResourceType } from '../../../../../common';
import {
useToastState,
createUnknownErrorToast,
Expand Down Expand Up @@ -175,7 +176,9 @@ export function RoleEdit(props: RoleEditDeps) {
{
label: 'Other permission groups',
options: actionGroups
.filter((actionGroup) => actionGroup[1].type === undefined)
.filter(
(actionGroup) => !['cluster', 'index', 'kibana'].includes(actionGroup[1].type || '')
)
.map((actionGroup) => actionGroup[0])
.map(stringToComboBoxOption),
},
Expand All @@ -196,7 +199,9 @@ export function RoleEdit(props: RoleEditDeps) {
{
label: 'Other permission groups',
options: actionGroups
.filter((actionGroup) => actionGroup[1].type === undefined)
.filter(
(actionGroup) => !['cluster', 'index', 'kibana'].includes(actionGroup[1].type || '')
)
.map((actionGroup) => actionGroup[0])
.map(stringToComboBoxOption),
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,14 @@ describe('Role edit filtering', () => {
description: 'Custom group',
static: true,
},
unlimited: {
reserved: false,
hidden: false,
allowed_actions: ['*'],
type: 'all',
description: 'Unlimited group',
static: true,
},
});

it('basic cluster permission panel rendering', async () => {
Expand Down Expand Up @@ -118,6 +126,9 @@ describe('Role edit filtering', () => {
{
label: 'custom',
},
{
label: 'unlimited',
},
],
},
{
Expand Down Expand Up @@ -171,6 +182,9 @@ describe('Role edit filtering', () => {
{
label: 'custom',
},
{
label: 'unlimited',
},
],
},
{
Expand Down
3 changes: 2 additions & 1 deletion public/apps/configuration/panels/role-list.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,8 @@ import {
fetchRoleMapping,
buildSearchFilterOptions,
} from '../utils/role-list-utils';
import { ResourceType, Action } from '../types';
import { Action } from '../types';
import { ResourceType } from '../../../../common';
import { buildHashUrl } from '../utils/url-builder';
import {
ExternalLink,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ import { ExternalIdentityStateClass } from './types';
import { ComboBoxOptions } from '../../types';
import { stringToComboBoxOption, comboBoxOptionToString } from '../../utils/combo-box-utils';
import { buildHashUrl, buildUrl } from '../../utils/url-builder';
import { ResourceType, RoleMappingDetail, SubAction, Action } from '../../types';
import { RoleMappingDetail, SubAction, Action } from '../../types';
import { ResourceType } from '../../../../../common';
import { fetchUserNameList } from '../../utils/internal-user-list-utils';
import { updateRoleMapping, getRoleMappingData } from '../../utils/role-mapping-utils';
import { createErrorToast, createUnknownErrorToast, useToastState } from '../../utils/toast-utils';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ import { ComboBoxOptions } from '../../types';
import { PanelWithHeader } from '../../utils/panel-with-header';
import { FormRow } from '../../utils/form-row';
import { buildHashUrl } from '../../utils/url-builder';
import { ResourceType, Action } from '../../types';
import { Action } from '../../types';
import { ResourceType } from '../../../../../common';
import { ExternalLinkButton } from '../../utils/display-utils';
import { DocLinks } from '../../constants';
import { appendOptionToComboBoxHandler } from '../../utils/combo-box-utils';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ import React from 'react';
import { EuiEmptyPrompt, EuiButton } from '@elastic/eui';
import { PanelWithHeader } from '../../utils/panel-with-header';
import { PermissionTree } from '../permission-tree';
import { ActionGroupItem, DataObject, ResourceType, Action } from '../../types';
import { ActionGroupItem, DataObject, Action } from '../../types';
import { ResourceType } from '../../../../../common';
import { buildHashUrl } from '../../utils/url-builder';
import { loadingSpinner } from '../../utils/loading-spinner-utils';
import { DocLinks } from '../../constants';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,9 @@ import {
ActionGroupItem,
ExpandedRowMapInterface,
RoleIndexPermissionView,
ResourceType,
Action,
} from '../../types';
import { ResourceType } from '../../../../../common';
import { truncatedListView, displayArray, tableItemsUIProps } from '../../utils/display-utils';
import { PermissionTree } from '../permission-tree';
import { getFieldLevelSecurityMethod } from '../../utils/index-permission-utils';
Expand Down
2 changes: 1 addition & 1 deletion public/apps/configuration/panels/role-view/role-view.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ import { difference } from 'lodash';
import { BreadcrumbsPageDependencies } from '../../../types';
import { buildHashUrl, buildUrl } from '../../utils/url-builder';
import {
ResourceType,
Action,
SubAction,
RoleMappingDetail,
Expand All @@ -48,6 +47,7 @@ import {
RoleIndexPermissionView,
RoleTenantPermissionView,
} from '../../types';
import { ResourceType } from '../../../../../common';
import {
getRoleMappingData,
MappedUsersListing,
Expand Down
8 changes: 2 additions & 6 deletions public/apps/configuration/panels/role-view/tenants-panel.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,8 @@ import {
import { CoreStart } from 'opensearch-dashboards/public';
import { getCurrentUser } from '../../../../utils/auth-info-utils';
import { PanelWithHeader } from '../../utils/panel-with-header';
import {
RoleTenantPermissionView,
RoleTenantPermissionDetail,
ResourceType,
Action,
} from '../../types';
import { RoleTenantPermissionView, RoleTenantPermissionDetail, Action } from '../../types';
import { ResourceType } from '../../../../../common';
import { truncatedListView, tableItemsUIProps } from '../../utils/display-utils';
import {
fetchTenants,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ import { shallow } from 'enzyme';
import { ClusterPermissionPanel } from '../cluster-permission-panel';
import { EuiButton, EuiEmptyPrompt, EuiLoadingSpinner } from '@elastic/eui';
import { PermissionTree } from '../../permission-tree';
import { Action, ResourceType } from '../../../types';
import { Action } from '../../../types';
import { ResourceType } from '../../../../../../common';
import { buildHashUrl } from '../../../utils/url-builder';

describe('Role view - cluster permission panel', () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@

import React from 'react';
import { shallow, mount } from 'enzyme';
import { Action, ResourceType, RoleIndexPermissionView } from '../../../types';
import { Action, RoleIndexPermissionView } from '../../../types';
import { ResourceType } from '../../../../../../common';
import {
renderFieldLevelSecurity,
renderRowExpanstionArrow,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ import { getRoleDetail } from '../../../utils/role-detail-utils';
import { transformRoleIndexPermissions } from '../../../utils/index-permission-utils';
import { useDeleteConfirmState } from '../../../utils/delete-confirm-modal-utils';
import { requestDeleteRoles } from '../../../utils/role-list-utils';
import { Action, ResourceType, SubAction } from '../../../types';
import { Action, SubAction } from '../../../types';
import { ResourceType } from '../../../../../../common';
import { buildHashUrl } from '../../../utils/url-builder';
import { createUnknownErrorToast } from '../../../utils/toast-utils';

Expand Down
Loading

0 comments on commit 9f51173

Please sign in to comment.