From a88942988684964457082c33965d6a115603e6ac Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Thu, 14 Dec 2023 12:37:04 -0500 Subject: [PATCH 1/6] Update instances of admin:admin in documentation and fix file location (#1696) Signed-off-by: Derek Ho --- .github/workflows/cypress-test-oidc-e2e.yml | 4 ++-- .github/workflows/cypress-test-saml-e2e.yml | 4 ++-- DEVELOPER_GUIDE.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 6ef90f4fd..1118d07d0 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -158,10 +158,10 @@ jobs: cat config.yml # TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT - - name: Write password to initialAdminPassword location + - name: Write password to opensearch_initial_admin_password.txt if: ${{ runner.os == 'Linux'}} run: - echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt + echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch_initial_admin_password.txt shell: bash # Run any configuration scripts diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 7a329a9cc..a8f051500 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -58,10 +58,10 @@ jobs: shell: bash # TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT - - name: Write password to initialAdminPassword location + - name: Write password to opensearch_initial_admin_password.txt if: ${{ runner.os == 'Linux'}} run: - echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt + echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch_initial_admin_password.txt shell: bash # Install the security plugin diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index 6c479f4b4..972f96c2d 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -35,7 +35,7 @@ For the sake of this guide, let's assume the latest version on main for OpenSear Ensure that an OpenSearch cluster with the security plugin installed is running locally. If you followed the steps from [the developer guide of the Security Plugin](https://github.com/opensearch-project/security/blob/main/DEVELOPER_GUIDE.md), then you can verify this by running: ``` -curl -XGET https://admin:admin@localhost:9200/ --insecure +curl -XGET https://admin:@localhost:9200/ --insecure ``` ## Install OpenSearch-Dashboards with Security Dashboards Plugin From 9c3ba49bef481071a1180a7ce1f17ff3c5b216dc Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Tue, 26 Dec 2023 15:31:31 -0500 Subject: [PATCH 2/6] Remove txt file option and pass in env variable (#1707) Signed-off-by: Derek Ho --- .github/workflows/cypress-test-oidc-e2e.yml | 9 ++------- .github/workflows/cypress-test-saml-e2e.yml | 9 ++------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 1118d07d0..5fe91f4d5 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -21,6 +21,8 @@ jobs: matrix: os: [ ubuntu-latest ] runs-on: ${{ matrix.os }} + env: + OPENSEARCH_INITIAL_ADMIN_PASSWORD: admin steps: - name: Set up JDK @@ -157,13 +159,6 @@ jobs: echo "THIS IS THE SECURITY CONFIG FILE: " cat config.yml - # TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT - - name: Write password to opensearch_initial_admin_password.txt - if: ${{ runner.os == 'Linux'}} - run: - echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch_initial_admin_password.txt - shell: bash - # Run any configuration scripts - name: Run Setup Script for Linux if: ${{ runner.os == 'Linux' }} diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index a8f051500..1029fa780 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -17,6 +17,8 @@ jobs: matrix: os: [ ubuntu-latest ] runs-on: ${{ matrix.os }} + env: + OPENSEARCH_INITIAL_ADMIN_PASSWORD: admin steps: - name: Set up JDK @@ -57,13 +59,6 @@ jobs: rm -f opensearch-*.tar.gz shell: bash - # TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT - - name: Write password to opensearch_initial_admin_password.txt - if: ${{ runner.os == 'Linux'}} - run: - echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch_initial_admin_password.txt - shell: bash - # Install the security plugin - name: Install Plugin into OpenSearch for Linux if: ${{ runner.os == 'Linux'}} From 09b2f59453b4b3d356ba7627d1e1af663fb075bd Mon Sep 17 00:00:00 2001 From: Yulong Ruan Date: Thu, 4 Jan 2024 00:23:18 +0800 Subject: [PATCH 3/6] fix Cannot find module when import ResourceType in server from public folder (#1705) * fix Cannot find module Signed-off-by: Yulong Ruan * fix prettier error Signed-off-by: Yulong Ruan * fix failed tests Signed-off-by: Yulong Ruan --------- Signed-off-by: Yulong Ruan Co-authored-by: Craig Perkins --- common/index.ts | 12 ++++++++++++ public/apps/configuration/app-router.tsx | 3 ++- .../audit-logging/audit-logging-edit-settings.tsx | 2 +- .../panels/audit-logging/audit-logging.tsx | 2 +- .../test/audit-logging-edit-settings.test.tsx | 2 +- .../panels/audit-logging/test/audit-logging.test.tsx | 2 +- public/apps/configuration/panels/get-started.tsx | 11 +++-------- .../panels/internal-user-edit/internal-user-edit.tsx | 3 ++- .../panels/role-edit/cluster-permission-panel.tsx | 3 ++- .../panels/role-edit/index-permission-panel.tsx | 7 ++++--- .../configuration/panels/role-edit/role-edit.tsx | 3 ++- public/apps/configuration/panels/role-list.tsx | 3 ++- .../panels/role-mapping/role-edit-mapped-user.tsx | 3 ++- .../panels/role-mapping/users-panel.tsx | 3 ++- .../panels/role-view/cluster-permission-panel.tsx | 3 ++- .../panels/role-view/index-permission-panel.tsx | 2 +- .../configuration/panels/role-view/role-view.tsx | 2 +- .../configuration/panels/role-view/tenants-panel.tsx | 8 ++------ .../role-view/test/cluster-permission-panel.test.tsx | 3 ++- .../role-view/test/index-permission-panel.test.tsx | 3 ++- .../panels/role-view/test/role-view.test.tsx | 3 ++- .../panels/role-view/test/tenants-panel.test.tsx | 3 ++- .../configuration/panels/service-account-list.tsx | 3 ++- .../configuration/panels/tenant-list/manage_tab.tsx | 7 +++---- .../configuration/panels/test/get-started.test.tsx | 3 ++- .../configuration/panels/test/role-list.test.tsx | 3 ++- .../panels/test/service-account-list.test.tsx | 3 ++- .../configuration/panels/test/user-list.test.tsx | 3 ++- public/apps/configuration/panels/user-list.tsx | 3 ++- public/apps/configuration/types.ts | 12 ------------ .../configuration/utils/internal-user-list-utils.tsx | 3 ++- public/apps/configuration/utils/url-builder.tsx | 3 ++- server/routes/index.ts | 2 +- 33 files changed, 71 insertions(+), 60 deletions(-) diff --git a/common/index.ts b/common/index.ts index 9b038a581..b5e6a475d 100644 --- a/common/index.ts +++ b/common/index.ts @@ -64,6 +64,18 @@ export enum AuthType { ANONYMOUS = 'anonymous', } +export enum ResourceType { + roles = 'roles', + users = 'users', + serviceAccounts = 'serviceAccounts', + permissions = 'permissions', + tenants = 'tenants', + tenantsManageTab = 'tenantsManageTab', + tenantsConfigureTab = 'tenantsConfigureTab', + auth = 'auth', + auditLogging = 'auditLogging', +} + /** * A valid resource name should not containing percent sign (%) as they raise url injection issue. * And also should not be empty. diff --git a/public/apps/configuration/app-router.tsx b/public/apps/configuration/app-router.tsx index a10cec08e..2e4ce7ca3 100644 --- a/public/apps/configuration/app-router.tsx +++ b/public/apps/configuration/app-router.tsx @@ -36,7 +36,8 @@ import { RoleView } from './panels/role-view/role-view'; import { TenantList } from './panels/tenant-list/tenant-list'; import { UserList } from './panels/user-list'; import { ServiceAccountList } from './panels/service-account-list'; -import { Action, ResourceType, RouteItem, SubAction } from './types'; +import { Action, RouteItem, SubAction } from './types'; +import { ResourceType } from '../../../common'; import { buildHashUrl, buildUrl } from './utils/url-builder'; import { CrossPageToast } from './cross-page-toast'; diff --git a/public/apps/configuration/panels/audit-logging/audit-logging-edit-settings.tsx b/public/apps/configuration/panels/audit-logging/audit-logging-edit-settings.tsx index 972442978..de5d0086f 100644 --- a/public/apps/configuration/panels/audit-logging/audit-logging-edit-settings.tsx +++ b/public/apps/configuration/panels/audit-logging/audit-logging-edit-settings.tsx @@ -31,7 +31,7 @@ import { SETTING_GROUPS, SettingMapItem } from './constants'; import { EditSettingGroup } from './edit-setting-group'; import { AuditLoggingSettings } from './types'; import { buildHashUrl, buildUrl } from '../../utils/url-builder'; -import { ResourceType } from '../../types'; +import { ResourceType } from '../../../../../common'; import { getAuditLogging, updateAuditLogging } from '../../utils/audit-logging-utils'; import { useToastState } from '../../utils/toast-utils'; import { setCrossPageToast } from '../../utils/storage-utils'; diff --git a/public/apps/configuration/panels/audit-logging/audit-logging.tsx b/public/apps/configuration/panels/audit-logging/audit-logging.tsx index e920c32e0..5ca10c84c 100644 --- a/public/apps/configuration/panels/audit-logging/audit-logging.tsx +++ b/public/apps/configuration/panels/audit-logging/audit-logging.tsx @@ -31,7 +31,7 @@ import { import React from 'react'; import { FormattedMessage } from '@osd/i18n/react'; import { AppDependencies } from '../../../types'; -import { ResourceType } from '../../types'; +import { ResourceType } from '../../../../../common'; import { getAuditLogging, updateAuditLogging } from '../../utils/audit-logging-utils'; import { displayBoolean, ExternalLink } from '../../utils/display-utils'; import { buildHashUrl } from '../../utils/url-builder'; diff --git a/public/apps/configuration/panels/audit-logging/test/audit-logging-edit-settings.test.tsx b/public/apps/configuration/panels/audit-logging/test/audit-logging-edit-settings.test.tsx index 038b0c5c8..a7b52d428 100644 --- a/public/apps/configuration/panels/audit-logging/test/audit-logging-edit-settings.test.tsx +++ b/public/apps/configuration/panels/audit-logging/test/audit-logging-edit-settings.test.tsx @@ -18,7 +18,7 @@ import { AuditLoggingEditSettings } from '../audit-logging-edit-settings'; import React from 'react'; import { ComplianceSettings, GeneralSettings } from '../types'; import { buildHashUrl } from '../../../utils/url-builder'; -import { ResourceType } from '../../../types'; +import { ResourceType } from '../../../../../../common'; jest.mock('../../../utils/audit-logging-utils'); diff --git a/public/apps/configuration/panels/audit-logging/test/audit-logging.test.tsx b/public/apps/configuration/panels/audit-logging/test/audit-logging.test.tsx index 35e6d0273..2bc5d4881 100644 --- a/public/apps/configuration/panels/audit-logging/test/audit-logging.test.tsx +++ b/public/apps/configuration/panels/audit-logging/test/audit-logging.test.tsx @@ -18,7 +18,7 @@ import { AuditLogging, renderComplianceSettings, renderGeneralSettings } from '. import React from 'react'; import { EuiSwitch } from '@elastic/eui'; import { buildHashUrl } from '../../../utils/url-builder'; -import { ResourceType } from '../../../types'; +import { ResourceType } from '../../../../../../common'; import { SUB_URL_FOR_COMPLIANCE_SETTINGS_EDIT, SUB_URL_FOR_GENERAL_SETTINGS_EDIT, diff --git a/public/apps/configuration/panels/get-started.tsx b/public/apps/configuration/panels/get-started.tsx index b2c562e35..dcf4fed41 100644 --- a/public/apps/configuration/panels/get-started.tsx +++ b/public/apps/configuration/panels/get-started.tsx @@ -27,17 +27,12 @@ import { } from '@elastic/eui'; import React from 'react'; import { FormattedMessage } from '@osd/i18n/react'; -import { flow } from 'lodash'; -import { HashRouter as Router, Route } from 'react-router-dom'; import { AppDependencies } from '../../types'; -import { buildHashUrl, buildUrl } from '../utils/url-builder'; -import { Action, ResourceType, RouteItem } from '../types'; +import { buildHashUrl } from '../utils/url-builder'; +import { Action } from '../types'; +import { ResourceType } from '../../../../common'; import { API_ENDPOINT_CACHE, DocLinks } from '../constants'; import { ExternalLink, ExternalLinkButton } from '../utils/display-utils'; -import { TenantList } from './tenant-list/tenant-list'; -import { getBreadcrumbs } from '../app-router'; - -import { CrossPageToast } from '../cross-page-toast'; const addBackendStep = { title: 'Add backends', diff --git a/public/apps/configuration/panels/internal-user-edit/internal-user-edit.tsx b/public/apps/configuration/panels/internal-user-edit/internal-user-edit.tsx index f93ef0407..1237ef9f3 100644 --- a/public/apps/configuration/panels/internal-user-edit/internal-user-edit.tsx +++ b/public/apps/configuration/panels/internal-user-edit/internal-user-edit.tsx @@ -26,7 +26,8 @@ import { } from '@elastic/eui'; import React, { useState } from 'react'; import { BreadcrumbsPageDependencies } from '../../../types'; -import { InternalUserUpdate, ResourceType } from '../../types'; +import { InternalUserUpdate } from '../../types'; +import { ResourceType } from '../../../../../common'; import { getUserDetail, updateUser } from '../../utils/internal-user-detail-utils'; import { PanelWithHeader } from '../../utils/panel-with-header'; import { PasswordEditPanel } from '../../utils/password-edit-panel'; diff --git a/public/apps/configuration/panels/role-edit/cluster-permission-panel.tsx b/public/apps/configuration/panels/role-edit/cluster-permission-panel.tsx index e80d0d0e1..3ac52f6d3 100644 --- a/public/apps/configuration/panels/role-edit/cluster-permission-panel.tsx +++ b/public/apps/configuration/panels/role-edit/cluster-permission-panel.tsx @@ -15,7 +15,8 @@ import React, { Dispatch, SetStateAction } from 'react'; import { EuiForm, EuiFlexGroup, EuiFlexItem, EuiComboBox } from '@elastic/eui'; -import { ComboBoxOptions, ResourceType } from '../../types'; +import { ComboBoxOptions } from '../../types'; +import { ResourceType } from '../../../../../common'; import { PanelWithHeader } from '../../utils/panel-with-header'; import { FormRow } from '../../utils/form-row'; import { LIMIT_WIDTH_INPUT_CLASS } from '../../constants'; diff --git a/public/apps/configuration/panels/role-edit/index-permission-panel.tsx b/public/apps/configuration/panels/role-edit/index-permission-panel.tsx index 75e2856e4..e52cb9128 100644 --- a/public/apps/configuration/panels/role-edit/index-permission-panel.tsx +++ b/public/apps/configuration/panels/role-edit/index-permission-panel.tsx @@ -25,7 +25,8 @@ import { } from '@elastic/eui'; import React, { Dispatch, Fragment, SetStateAction } from 'react'; import { isEmpty } from 'lodash'; -import { RoleIndexPermission, ResourceType } from '../../types'; +import { RoleIndexPermission } from '../../types'; +import { ResourceType } from '../../../../../common'; import { appendElementToArray, removeElementFromArray, @@ -141,9 +142,9 @@ export function IndexPermissionRow(props: { return ( diff --git a/public/apps/configuration/panels/role-edit/role-edit.tsx b/public/apps/configuration/panels/role-edit/role-edit.tsx index e5b3c832a..c237eaefd 100644 --- a/public/apps/configuration/panels/role-edit/role-edit.tsx +++ b/public/apps/configuration/panels/role-edit/role-edit.tsx @@ -46,7 +46,8 @@ import { } from './tenant-panel'; import { RoleIndexPermissionStateClass, RoleTenantPermissionStateClass } from './types'; import { buildHashUrl, buildUrl } from '../../utils/url-builder'; -import { ComboBoxOptions, ResourceType, Action, ActionGroupItem } from '../../types'; +import { ComboBoxOptions, Action, ActionGroupItem } from '../../types'; +import { ResourceType } from '../../../../../common'; import { useToastState, createUnknownErrorToast, diff --git a/public/apps/configuration/panels/role-list.tsx b/public/apps/configuration/panels/role-list.tsx index 1fb27a228..c9ecab34b 100644 --- a/public/apps/configuration/panels/role-list.tsx +++ b/public/apps/configuration/panels/role-list.tsx @@ -41,7 +41,8 @@ import { fetchRoleMapping, buildSearchFilterOptions, } from '../utils/role-list-utils'; -import { ResourceType, Action } from '../types'; +import { Action } from '../types'; +import { ResourceType } from '../../../../common'; import { buildHashUrl } from '../utils/url-builder'; import { ExternalLink, diff --git a/public/apps/configuration/panels/role-mapping/role-edit-mapped-user.tsx b/public/apps/configuration/panels/role-mapping/role-edit-mapped-user.tsx index 9b2a859da..44909bef5 100644 --- a/public/apps/configuration/panels/role-mapping/role-edit-mapped-user.tsx +++ b/public/apps/configuration/panels/role-mapping/role-edit-mapped-user.tsx @@ -35,7 +35,8 @@ import { ExternalIdentityStateClass } from './types'; import { ComboBoxOptions } from '../../types'; import { stringToComboBoxOption, comboBoxOptionToString } from '../../utils/combo-box-utils'; import { buildHashUrl, buildUrl } from '../../utils/url-builder'; -import { ResourceType, RoleMappingDetail, SubAction, Action } from '../../types'; +import { RoleMappingDetail, SubAction, Action } from '../../types'; +import { ResourceType } from '../../../../../common'; import { fetchUserNameList } from '../../utils/internal-user-list-utils'; import { updateRoleMapping, getRoleMappingData } from '../../utils/role-mapping-utils'; import { createErrorToast, createUnknownErrorToast, useToastState } from '../../utils/toast-utils'; diff --git a/public/apps/configuration/panels/role-mapping/users-panel.tsx b/public/apps/configuration/panels/role-mapping/users-panel.tsx index 39cec7538..6c65a152b 100644 --- a/public/apps/configuration/panels/role-mapping/users-panel.tsx +++ b/public/apps/configuration/panels/role-mapping/users-panel.tsx @@ -19,7 +19,8 @@ import { ComboBoxOptions } from '../../types'; import { PanelWithHeader } from '../../utils/panel-with-header'; import { FormRow } from '../../utils/form-row'; import { buildHashUrl } from '../../utils/url-builder'; -import { ResourceType, Action } from '../../types'; +import { Action } from '../../types'; +import { ResourceType } from '../../../../../common'; import { ExternalLinkButton } from '../../utils/display-utils'; import { DocLinks } from '../../constants'; import { appendOptionToComboBoxHandler } from '../../utils/combo-box-utils'; diff --git a/public/apps/configuration/panels/role-view/cluster-permission-panel.tsx b/public/apps/configuration/panels/role-view/cluster-permission-panel.tsx index 3d4a02df5..659f98c13 100644 --- a/public/apps/configuration/panels/role-view/cluster-permission-panel.tsx +++ b/public/apps/configuration/panels/role-view/cluster-permission-panel.tsx @@ -17,7 +17,8 @@ import React from 'react'; import { EuiEmptyPrompt, EuiButton } from '@elastic/eui'; import { PanelWithHeader } from '../../utils/panel-with-header'; import { PermissionTree } from '../permission-tree'; -import { ActionGroupItem, DataObject, ResourceType, Action } from '../../types'; +import { ActionGroupItem, DataObject, Action } from '../../types'; +import { ResourceType } from '../../../../../common'; import { buildHashUrl } from '../../utils/url-builder'; import { loadingSpinner } from '../../utils/loading-spinner-utils'; import { DocLinks } from '../../constants'; diff --git a/public/apps/configuration/panels/role-view/index-permission-panel.tsx b/public/apps/configuration/panels/role-view/index-permission-panel.tsx index b04583522..8c622afd3 100644 --- a/public/apps/configuration/panels/role-view/index-permission-panel.tsx +++ b/public/apps/configuration/panels/role-view/index-permission-panel.tsx @@ -30,9 +30,9 @@ import { ActionGroupItem, ExpandedRowMapInterface, RoleIndexPermissionView, - ResourceType, Action, } from '../../types'; +import { ResourceType } from '../../../../../common'; import { truncatedListView, displayArray, tableItemsUIProps } from '../../utils/display-utils'; import { PermissionTree } from '../permission-tree'; import { getFieldLevelSecurityMethod } from '../../utils/index-permission-utils'; diff --git a/public/apps/configuration/panels/role-view/role-view.tsx b/public/apps/configuration/panels/role-view/role-view.tsx index 04e5d1f99..723d546da 100644 --- a/public/apps/configuration/panels/role-view/role-view.tsx +++ b/public/apps/configuration/panels/role-view/role-view.tsx @@ -39,7 +39,6 @@ import { difference } from 'lodash'; import { BreadcrumbsPageDependencies } from '../../../types'; import { buildHashUrl, buildUrl } from '../../utils/url-builder'; import { - ResourceType, Action, SubAction, RoleMappingDetail, @@ -48,6 +47,7 @@ import { RoleIndexPermissionView, RoleTenantPermissionView, } from '../../types'; +import { ResourceType } from '../../../../../common'; import { getRoleMappingData, MappedUsersListing, diff --git a/public/apps/configuration/panels/role-view/tenants-panel.tsx b/public/apps/configuration/panels/role-view/tenants-panel.tsx index 667b34f45..45d19bb2b 100644 --- a/public/apps/configuration/panels/role-view/tenants-panel.tsx +++ b/public/apps/configuration/panels/role-view/tenants-panel.tsx @@ -26,12 +26,8 @@ import { import { CoreStart } from 'opensearch-dashboards/public'; import { getCurrentUser } from '../../../../utils/auth-info-utils'; import { PanelWithHeader } from '../../utils/panel-with-header'; -import { - RoleTenantPermissionView, - RoleTenantPermissionDetail, - ResourceType, - Action, -} from '../../types'; +import { RoleTenantPermissionView, RoleTenantPermissionDetail, Action } from '../../types'; +import { ResourceType } from '../../../../../common'; import { truncatedListView, tableItemsUIProps } from '../../utils/display-utils'; import { fetchTenants, diff --git a/public/apps/configuration/panels/role-view/test/cluster-permission-panel.test.tsx b/public/apps/configuration/panels/role-view/test/cluster-permission-panel.test.tsx index 5891ac502..8e7d5be0c 100644 --- a/public/apps/configuration/panels/role-view/test/cluster-permission-panel.test.tsx +++ b/public/apps/configuration/panels/role-view/test/cluster-permission-panel.test.tsx @@ -18,7 +18,8 @@ import { shallow } from 'enzyme'; import { ClusterPermissionPanel } from '../cluster-permission-panel'; import { EuiButton, EuiEmptyPrompt, EuiLoadingSpinner } from '@elastic/eui'; import { PermissionTree } from '../../permission-tree'; -import { Action, ResourceType } from '../../../types'; +import { Action } from '../../../types'; +import { ResourceType } from '../../../../../../common'; import { buildHashUrl } from '../../../utils/url-builder'; describe('Role view - cluster permission panel', () => { diff --git a/public/apps/configuration/panels/role-view/test/index-permission-panel.test.tsx b/public/apps/configuration/panels/role-view/test/index-permission-panel.test.tsx index 4c2f25555..dc9632eb2 100644 --- a/public/apps/configuration/panels/role-view/test/index-permission-panel.test.tsx +++ b/public/apps/configuration/panels/role-view/test/index-permission-panel.test.tsx @@ -15,7 +15,8 @@ import React from 'react'; import { shallow, mount } from 'enzyme'; -import { Action, ResourceType, RoleIndexPermissionView } from '../../../types'; +import { Action, RoleIndexPermissionView } from '../../../types'; +import { ResourceType } from '../../../../../../common'; import { renderFieldLevelSecurity, renderRowExpanstionArrow, diff --git a/public/apps/configuration/panels/role-view/test/role-view.test.tsx b/public/apps/configuration/panels/role-view/test/role-view.test.tsx index d793172ca..424154348 100644 --- a/public/apps/configuration/panels/role-view/test/role-view.test.tsx +++ b/public/apps/configuration/panels/role-view/test/role-view.test.tsx @@ -30,7 +30,8 @@ import { getRoleDetail } from '../../../utils/role-detail-utils'; import { transformRoleIndexPermissions } from '../../../utils/index-permission-utils'; import { useDeleteConfirmState } from '../../../utils/delete-confirm-modal-utils'; import { requestDeleteRoles } from '../../../utils/role-list-utils'; -import { Action, ResourceType, SubAction } from '../../../types'; +import { Action, SubAction } from '../../../types'; +import { ResourceType } from '../../../../../../common'; import { buildHashUrl } from '../../../utils/url-builder'; import { createUnknownErrorToast } from '../../../utils/toast-utils'; diff --git a/public/apps/configuration/panels/role-view/test/tenants-panel.test.tsx b/public/apps/configuration/panels/role-view/test/tenants-panel.test.tsx index 75cd9452e..5f5bb933d 100644 --- a/public/apps/configuration/panels/role-view/test/tenants-panel.test.tsx +++ b/public/apps/configuration/panels/role-view/test/tenants-panel.test.tsx @@ -18,7 +18,8 @@ import { mount, shallow } from 'enzyme'; import { TenantsPanel } from '../tenants-panel'; import { EuiEmptyPrompt, EuiInMemoryTable, EuiTableFieldDataColumnType } from '@elastic/eui'; import { buildHashUrl } from '../../../utils/url-builder'; -import { Action, ResourceType, RoleTenantPermissionDetail } from '../../../types'; +import { Action, RoleTenantPermissionDetail } from '../../../types'; +import { ResourceType } from '../../../../../../common'; import { RoleViewTenantInvalidText } from '../../../constants'; jest.mock('../../../utils/tenant-utils'); diff --git a/public/apps/configuration/panels/service-account-list.tsx b/public/apps/configuration/panels/service-account-list.tsx index 61c21a9e5..9feebba4a 100644 --- a/public/apps/configuration/panels/service-account-list.tsx +++ b/public/apps/configuration/panels/service-account-list.tsx @@ -34,7 +34,8 @@ import React, { useState } from 'react'; import { getAuthInfo } from '../../../utils/auth-info-utils'; import { AppDependencies } from '../../types'; import { API_ENDPOINT_SERVICEACCOUNTS, DocLinks } from '../constants'; -import { Action, ResourceType } from '../types'; +import { Action } from '../types'; +import { ResourceType } from '../../../../common'; import { EMPTY_FIELD_VALUE } from '../ui-constants'; import { useContextMenuState } from '../utils/context-menu'; import { ExternalLink, tableItemsUIProps, truncatedListView } from '../utils/display-utils'; diff --git a/public/apps/configuration/panels/tenant-list/manage_tab.tsx b/public/apps/configuration/panels/tenant-list/manage_tab.tsx index 8f813f82b..b235bd3ba 100644 --- a/public/apps/configuration/panels/tenant-list/manage_tab.tsx +++ b/public/apps/configuration/panels/tenant-list/manage_tab.tsx @@ -39,10 +39,10 @@ import React, { ReactNode, useState, useCallback } from 'react'; import { difference } from 'lodash'; import { HashRouter as Router, Route } from 'react-router-dom'; import { flow } from 'lodash'; -import { TenancyConfigSettings } from '../tenancy-config/types'; import { getCurrentUser } from '../../../../utils/auth-info-utils'; import { AppDependencies } from '../../../types'; -import { Action, ResourceType, Tenant } from '../../types'; +import { Action, Tenant } from '../../types'; +import { ResourceType } from '../../../../../common'; import { ExternalLink, renderCustomization, tableItemsUIProps } from '../../utils/display-utils'; import { fetchTenants, @@ -481,8 +481,7 @@ export function ManageTab(props: AppDependencies) { return ( <> {/*{tenancyDisabledWarning}*/} - - + diff --git a/public/apps/configuration/panels/test/get-started.test.tsx b/public/apps/configuration/panels/test/get-started.test.tsx index a3eb65bf1..e51af78f0 100644 --- a/public/apps/configuration/panels/test/get-started.test.tsx +++ b/public/apps/configuration/panels/test/get-started.test.tsx @@ -16,7 +16,8 @@ import { shallow } from 'enzyme'; import React from 'react'; import { EuiSteps } from '@elastic/eui'; -import { Action, ResourceType } from '../../types'; +import { Action } from '../../types'; +import { ResourceType } from '../../../../../common'; import { buildHashUrl } from '../../utils/url-builder'; import { GetStarted } from '../get-started'; diff --git a/public/apps/configuration/panels/test/role-list.test.tsx b/public/apps/configuration/panels/test/role-list.test.tsx index 445cdac43..a70dac666 100644 --- a/public/apps/configuration/panels/test/role-list.test.tsx +++ b/public/apps/configuration/panels/test/role-list.test.tsx @@ -18,7 +18,8 @@ import { mount, shallow } from 'enzyme'; import React from 'react'; import { EuiInMemoryTable, EuiTableFieldDataColumnType } from '@elastic/eui'; import { buildHashUrl } from '../../utils/url-builder'; -import { Action, ResourceType } from '../../types'; +import { Action } from '../../types'; +import { ResourceType } from '../../../../../common'; import { RoleListing } from '../../utils/role-list-utils'; import { useDeleteConfirmState } from '../../utils/delete-confirm-modal-utils'; diff --git a/public/apps/configuration/panels/test/service-account-list.test.tsx b/public/apps/configuration/panels/test/service-account-list.test.tsx index 2ffe595e8..d5407aeae 100644 --- a/public/apps/configuration/panels/test/service-account-list.test.tsx +++ b/public/apps/configuration/panels/test/service-account-list.test.tsx @@ -32,7 +32,8 @@ jest.mock('../../utils/context-menu', () => ({ import { getAuthInfo } from '../../../../utils/auth-info-utils'; import { buildHashUrl } from '../../utils/url-builder'; -import { ResourceType, Action } from '../../types'; +import { Action } from '../../types'; +import { ResourceType } from '../../../../../common'; describe('User list', () => { describe('dictView', () => { diff --git a/public/apps/configuration/panels/test/user-list.test.tsx b/public/apps/configuration/panels/test/user-list.test.tsx index fd28e74cf..32455fa53 100644 --- a/public/apps/configuration/panels/test/user-list.test.tsx +++ b/public/apps/configuration/panels/test/user-list.test.tsx @@ -40,7 +40,8 @@ jest.mock('../../utils/context-menu', () => ({ import { getAuthInfo } from '../../../../utils/auth-info-utils'; import { buildHashUrl } from '../../utils/url-builder'; -import { ResourceType, Action } from '../../types'; +import { Action } from '../../types'; +import { ResourceType } from '../../../../../common'; describe('User list', () => { describe('dictView', () => { diff --git a/public/apps/configuration/panels/user-list.tsx b/public/apps/configuration/panels/user-list.tsx index eb369f7ad..b75f62283 100644 --- a/public/apps/configuration/panels/user-list.tsx +++ b/public/apps/configuration/panels/user-list.tsx @@ -35,7 +35,8 @@ import React, { useState } from 'react'; import { getAuthInfo } from '../../../utils/auth-info-utils'; import { AppDependencies } from '../../types'; import { API_ENDPOINT_INTERNALUSERS, DocLinks } from '../constants'; -import { Action, ResourceType } from '../types'; +import { Action } from '../types'; +import { ResourceType } from '../../../../common'; import { EMPTY_FIELD_VALUE } from '../ui-constants'; import { useContextMenuState } from '../utils/context-menu'; import { useDeleteConfirmState } from '../utils/delete-confirm-modal-utils'; diff --git a/public/apps/configuration/types.ts b/public/apps/configuration/types.ts index fd64e1095..967072d18 100644 --- a/public/apps/configuration/types.ts +++ b/public/apps/configuration/types.ts @@ -19,18 +19,6 @@ export type ComboBoxOptions = EuiComboBoxOptionOption[]; export type FieldLevelSecurityMethod = 'exclude' | 'include'; -export enum ResourceType { - roles = 'roles', - users = 'users', - serviceAccounts = 'serviceAccounts', - permissions = 'permissions', - tenants = 'tenants', - tenantsManageTab = 'tenantsManageTab', - tenantsConfigureTab = 'tenantsConfigureTab', - auth = 'auth', - auditLogging = 'auditLogging', -} - export enum Action { view = 'view', create = 'create', diff --git a/public/apps/configuration/utils/internal-user-list-utils.tsx b/public/apps/configuration/utils/internal-user-list-utils.tsx index 02042e928..19b0488c7 100644 --- a/public/apps/configuration/utils/internal-user-list-utils.tsx +++ b/public/apps/configuration/utils/internal-user-list-utils.tsx @@ -20,7 +20,8 @@ import { API_ENDPOINT_INTERNALUSERS, API_ENDPOINT_SERVICEACCOUNTS, } from '../constants'; -import { DataObject, InternalUser, ObjectsMessage, ResourceType } from '../types'; +import { DataObject, InternalUser, ObjectsMessage } from '../types'; +import { ResourceType } from '../../../../common'; import { httpDelete, httpGet } from './request-utils'; import { getResourceUrl } from './resource-utils'; diff --git a/public/apps/configuration/utils/url-builder.tsx b/public/apps/configuration/utils/url-builder.tsx index 5337f627d..e15aa7975 100644 --- a/public/apps/configuration/utils/url-builder.tsx +++ b/public/apps/configuration/utils/url-builder.tsx @@ -13,7 +13,8 @@ * permissions and limitations under the License. */ -import { ResourceType, Action } from '../types'; +import { Action } from '../types'; +import { ResourceType } from '../../../../common'; /** * Build hash based url, encode the resourceId part diff --git a/server/routes/index.ts b/server/routes/index.ts index ad3dfbd58..934c63da7 100644 --- a/server/routes/index.ts +++ b/server/routes/index.ts @@ -21,7 +21,7 @@ import { OpenSearchDashboardsResponseFactory, } from 'opensearch-dashboards/server'; import { API_PREFIX, CONFIGURATION_API_PREFIX, isValidResourceName } from '../../common'; -import { ResourceType } from '../../public/apps/configuration/types'; +import { ResourceType } from '../../common'; // TODO: consider to extract entity CRUD operations and put it into a client class export function defineRoutes(router: IRouter) { From ac38d9d058013e0d6a9893b40a31df644981b2ad Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 4 Jan 2024 09:56:16 -0500 Subject: [PATCH 4/6] Handle other permission group types (#1715) Signed-off-by: Craig Perkins --- .../configuration/panels/role-edit/role-edit.tsx | 8 ++++++-- .../role-edit/test/role-edit-filtering.test.tsx | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/public/apps/configuration/panels/role-edit/role-edit.tsx b/public/apps/configuration/panels/role-edit/role-edit.tsx index c237eaefd..a3364fe0b 100644 --- a/public/apps/configuration/panels/role-edit/role-edit.tsx +++ b/public/apps/configuration/panels/role-edit/role-edit.tsx @@ -176,7 +176,9 @@ export function RoleEdit(props: RoleEditDeps) { { label: 'Other permission groups', options: actionGroups - .filter((actionGroup) => actionGroup[1].type === undefined) + .filter( + (actionGroup) => !['cluster', 'index', 'kibana'].includes(actionGroup[1].type || '') + ) .map((actionGroup) => actionGroup[0]) .map(stringToComboBoxOption), }, @@ -197,7 +199,9 @@ export function RoleEdit(props: RoleEditDeps) { { label: 'Other permission groups', options: actionGroups - .filter((actionGroup) => actionGroup[1].type === undefined) + .filter( + (actionGroup) => !['cluster', 'index', 'kibana'].includes(actionGroup[1].type || '') + ) .map((actionGroup) => actionGroup[0]) .map(stringToComboBoxOption), }, diff --git a/public/apps/configuration/panels/role-edit/test/role-edit-filtering.test.tsx b/public/apps/configuration/panels/role-edit/test/role-edit-filtering.test.tsx index 4f3a4f909..68a521ab6 100644 --- a/public/apps/configuration/panels/role-edit/test/role-edit-filtering.test.tsx +++ b/public/apps/configuration/panels/role-edit/test/role-edit-filtering.test.tsx @@ -74,6 +74,14 @@ describe('Role edit filtering', () => { description: 'Custom group', static: true, }, + unlimited: { + reserved: false, + hidden: false, + allowed_actions: ['*'], + type: 'all', + description: 'Unlimited group', + static: true, + }, }); it('basic cluster permission panel rendering', async () => { @@ -118,6 +126,9 @@ describe('Role edit filtering', () => { { label: 'custom', }, + { + label: 'unlimited', + }, ], }, { @@ -171,6 +182,9 @@ describe('Role edit filtering', () => { { label: 'custom', }, + { + label: 'unlimited', + }, ], }, { From 96a449f5bf6c25aede181da93b0bf93545d66f7f Mon Sep 17 00:00:00 2001 From: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Date: Thu, 4 Jan 2024 13:33:08 -0500 Subject: [PATCH 5/6] Update cypress E2E workflow to reflect changes to default admin password (#1714) Signed-off-by: Darshit Chanpura --- .github/workflows/cypress-test-oidc-e2e.yml | 5 ++--- .github/workflows/cypress-test-saml-e2e.yml | 7 +++---- cypress.config.js | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 5fe91f4d5..e93744965 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -12,6 +12,7 @@ env: PLUGIN_NAME: opensearch-security # This is the SHA256 checksum of the known good kc.sh script for Keycloak version 21.0.1. KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT: 'f825ea1a9ffa5ad91673737c06857ababbb69b6b8f09e0c637b4c998517f9608' + OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! jobs: tests: @@ -21,8 +22,6 @@ jobs: matrix: os: [ ubuntu-latest ] runs-on: ${{ matrix.os }} - env: - OPENSEARCH_INITIAL_ADMIN_PASSWORD: admin steps: - name: Set up JDK @@ -184,7 +183,7 @@ jobs: # Verify that the server is operational - name: Check OpenSearch Running on Linux if: ${{ runner.os != 'Windows'}} - run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v + run: curl https://localhost:9200/_cat/plugins -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k -v shell: bash - if: always() diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 1029fa780..046b466e6 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -8,7 +8,8 @@ env: # avoid warnings like "tput: No value for $TERM and no -T specified" TERM: xterm PLUGIN_NAME: opensearch-security - + OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! + jobs: tests: name: Run Cypress E2E SAML tests @@ -17,8 +18,6 @@ jobs: matrix: os: [ ubuntu-latest ] runs-on: ${{ matrix.os }} - env: - OPENSEARCH_INITIAL_ADMIN_PASSWORD: admin steps: - name: Set up JDK @@ -140,7 +139,7 @@ jobs: # Verify that the server is operational - name: Check OpenSearch Running on Linux if: ${{ runner.os != 'Windows'}} - run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v + run: curl https://localhost:9200/_cat/plugins -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k -v shell: bash - if: always() diff --git a/cypress.config.js b/cypress.config.js index 56d619ab5..e5a86728b 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -30,6 +30,6 @@ module.exports = defineConfig({ env: { openSearchUrl: 'https://localhost:9200', adminUserName: 'admin', - adminPassword: 'admin', + adminPassword: 'myStrongPassword123!', }, }); From d64ee4863db869d8e154381bd695fa5759be7034 Mon Sep 17 00:00:00 2001 From: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Date: Thu, 4 Jan 2024 14:13:35 -0500 Subject: [PATCH 6/6] Adds system index permission as allowed action under static drop down list (#1695) Signed-off-by: Darshit Chanpura Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> --- public/apps/configuration/constants.tsx | 1 + 1 file changed, 1 insertion(+) diff --git a/public/apps/configuration/constants.tsx b/public/apps/configuration/constants.tsx index 84d3fb75a..1649e5365 100644 --- a/public/apps/configuration/constants.tsx +++ b/public/apps/configuration/constants.tsx @@ -315,6 +315,7 @@ export const INDEX_PERMISSIONS: string[] = [ 'indices:monitor/shard_stores', 'indices:monitor/stats', 'indices:monitor/upgrade', + 'system:admin/system_index', ]; export function includeIndexPermissions(indexPermissionsToInclude: string[]) {