From 924a7bfc4d608bc6f1d46dbe44f3523de239dc93 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 7 Sep 2023 14:10:44 -0700 Subject: [PATCH 001/114] Setup cypress13 Signed-off-by: Ryan Liang --- cypress.config.ts | 9 + cypress/e2e/oidc/oidc_test.spec.js | 86 ++ cypress/support/e2e.js | 19 + package-lock.json | 1485 ++++++++++++++++++++++++++++ package.json | 6 +- 5 files changed, 1604 insertions(+), 1 deletion(-) create mode 100644 cypress.config.ts create mode 100644 cypress/e2e/oidc/oidc_test.spec.js create mode 100644 cypress/support/e2e.js create mode 100644 package-lock.json diff --git a/cypress.config.ts b/cypress.config.ts new file mode 100644 index 000000000..b423fd42c --- /dev/null +++ b/cypress.config.ts @@ -0,0 +1,9 @@ +import { defineConfig } from 'cypress' + +export default defineConfig({ + e2e: { + setupNodeEvents(on, config) {}, + baseUrl: 'http://localhost:5601', + specPattern: 'cypress/e2e/**/*.spec.js', + }, +}) diff --git a/cypress/e2e/oidc/oidc_test.spec.js b/cypress/e2e/oidc/oidc_test.spec.js new file mode 100644 index 000000000..084c3d597 --- /dev/null +++ b/cypress/e2e/oidc/oidc_test.spec.js @@ -0,0 +1,86 @@ +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + */ + +describe('Log in via OIDC', () => { + const login = 'admin'; + const password = 'admin'; + + const kcLogin = () => { + cy.get('#kc-page-title').should('be.visible'); + cy.get('#username').type(login); + cy.get('#password').type(password); + cy.get('#kc-login').click(); + }; + + const logout = () => { + cy.get('#user-icon-btn').should('be.visible', { timeout: 15000 }); + cy.get('#user-icon-btn').click(); + cy.get('button[data-test-subj^="log-out-"]').click(); + cy.get('#kc-page-title').should('be.visible'); + }; + + afterEach(async () => { + logout(); + }); + + it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/'); + + kcLogin(); + + cy.get('#osdOverviewPageHeader__title').should('be.visible'); + + cy.getCookie('security_authentication').should('exist'); + cy.clearCookies(); + }); + + it('Login to app/dev_tools#/console when OIDC is enabled', () => { + cy.visit('http://localhost:5601/app/dev_tools#/console'); + + kcLogin(); + + cy.get('button[data-test-subj="sendRequestButton"]').should('be.visible'); + + cy.getCookie('security_authentication').should('exist'); + cy.clearCookies(); + }); + + it('Login to Dashboard with Hash', () => { + cy.visit( + `http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),refreshInterval:(pause:!f,value:900000),time:(from:now-24h,to:now))&_a=(description:'Analyze%20mock%20flight%20data%20for%20OpenSearch-Air,%20Logstash%20Airways,%20OpenSearch%20Dashboards%20Airlines%20and%20BeatsWest',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!t,title:'%5BFlights%5D%20Global%20Flight%20Dashboard',viewMode:view)` + ); + + kcLogin(); + + cy.get( + '.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader' + ).should('be.visible'); + + cy.getCookie('security_authentication').should('exist'); + cy.clearCookies(); + }); + + it('Tenancy persisted after logout in OIDC', () => { + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/'); + + kcLogin(); + + cy.get('#global').should('be.enabled'); + cy.get('#global').click({ force: true }); + + cy.get('button[data-test-subj="confirm"]').click(); + + cy.get('#osdOverviewPageHeader__title').should('be.visible'); + + logout(); + + kcLogin(); + + cy.get('#user-icon-btn').should('be.visible'); + cy.get('#user-icon-btn').click(); + + cy.get('#tenantName').should('have.text', 'Global'); + }); + }); diff --git a/cypress/support/e2e.js b/cypress/support/e2e.js new file mode 100644 index 000000000..bc3f43d62 --- /dev/null +++ b/cypress/support/e2e.js @@ -0,0 +1,19 @@ +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + */ + +// *********************************************************** +// This example support/e2e.js is processed and +// loaded automatically before your test files. +// +// This is a great place to put global configuration and +// behavior that modifies Cypress. +// +// You can change the location of this file or turn off +// automatically serving support files with the +// 'supportFile' configuration option. +// +// You can read more here: +// https://on.cypress.io/configuration +// *********************************************************** diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 000000000..4f6a79383 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,1485 @@ +{ + "name": "opensearch-security-dashboards", + "version": "3.0.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "@colors/colors": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz", + "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==", + "dev": true, + "optional": true + }, + "@cypress/request": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.1.tgz", + "integrity": "sha512-TWivJlJi8ZDx2wGOw1dbLuHJKUYX7bWySw377nlnGOW3hP9/MUKIsEdXT/YngWxVdgNCHRBmFlBipE+5/2ZZlQ==", + "dev": true, + "requires": { + "aws-sign2": "~0.7.0", + "aws4": "^1.8.0", + "caseless": "~0.12.0", + "combined-stream": "~1.0.6", + "extend": "~3.0.2", + "forever-agent": "~0.6.1", + "form-data": "~2.3.2", + "http-signature": "~1.3.6", + "is-typedarray": "~1.0.0", + "isstream": "~0.1.2", + "json-stringify-safe": "~5.0.1", + "mime-types": "~2.1.19", + "performance-now": "^2.1.0", + "qs": "6.10.4", + "safe-buffer": "^5.1.2", + "tough-cookie": "^4.1.3", + "tunnel-agent": "^0.6.0", + "uuid": "^8.3.2" + } + }, + "@cypress/xvfb": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@cypress/xvfb/-/xvfb-1.2.4.tgz", + "integrity": "sha512-skbBzPggOVYCbnGgV+0dmBdW/s77ZkAOXIC1knS8NagwDjBrNC1LuXtQJeiN6l+m7lzmHtaoUw/ctJKdqkG57Q==", + "dev": true, + "requires": { + "debug": "^3.1.0", + "lodash.once": "^4.1.1" + }, + "dependencies": { + "debug": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "dev": true, + "requires": { + "ms": "^2.1.1" + } + } + } + }, + "@types/node": { + "version": "16.18.48", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.48.tgz", + "integrity": "sha512-mlaecDKQ7rIZrYD7iiKNdzFb6e/qD5I9U1rAhq+Fd+DWvYVs+G2kv74UFHmSOlg5+i/vF3XxuR522V4u8BqO+Q==", + "dev": true + }, + "@types/sinonjs__fake-timers": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.1.tgz", + "integrity": "sha512-0kSuKjAS0TrGLJ0M/+8MaFkGsQhZpB6pxOmvS3K8FYI72K//YmdfoW9X2qPsAKh1mkwxGD5zib9s1FIFed6E8g==", + "dev": true + }, + "@types/sizzle": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/@types/sizzle/-/sizzle-2.3.3.tgz", + "integrity": "sha512-JYM8x9EGF163bEyhdJBpR2QX1R5naCJHC8ucJylJ3w9/CVBaskdQ8WqBf8MmQrd1kRvp/a4TS8HJ+bxzR7ZJYQ==", + "dev": true + }, + "@types/yauzl": { + "version": "2.10.0", + "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.0.tgz", + "integrity": "sha512-Cn6WYCm0tXv8p6k+A8PvbDG763EDpBoTzHdA+Q/MF6H3sapGjCm9NzoaJncJS9tUKSuCoDs9XHxYYsQDgxR6kw==", + "dev": true, + "optional": true, + "requires": { + "@types/node": "*" + } + }, + "aggregate-error": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", + "dev": true, + "requires": { + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" + } + }, + "ansi-colors": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.3.tgz", + "integrity": "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==", + "dev": true + }, + "ansi-escapes": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==", + "dev": true, + "requires": { + "type-fest": "^0.21.3" + } + }, + "ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true + }, + "ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "requires": { + "color-convert": "^2.0.1" + } + }, + "arch": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/arch/-/arch-2.2.0.tgz", + "integrity": "sha512-Of/R0wqp83cgHozfIYLbBMnej79U/SVGOOyuB3VVFv1NRM/PSFMK12x9KVtiYzJqmnU5WR2qp0Z5rHb7sWGnFQ==", + "dev": true + }, + "asn1": { + "version": "0.2.6", + "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz", + "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==", + "dev": true, + "requires": { + "safer-buffer": "~2.1.0" + } + }, + "assert-plus": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz", + "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==", + "dev": true + }, + "astral-regex": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==", + "dev": true + }, + "async": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz", + "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==", + "dev": true + }, + "asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", + "dev": true + }, + "at-least-node": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz", + "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==", + "dev": true + }, + "aws-sign2": { + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz", + "integrity": "sha512-08kcGqnYf/YmjoRhfxyu+CLxBjUtHLXLXX/vUfx9l2LYzG3c1m61nrpyFUZI6zeS+Li/wWMMidD9KgrqtGq3mA==", + "dev": true + }, + "aws4": { + "version": "1.12.0", + "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.12.0.tgz", + "integrity": "sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg==", + "dev": true + }, + "balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "base64-js": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "dev": true + }, + "bcrypt-pbkdf": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz", + "integrity": "sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w==", + "dev": true, + "requires": { + "tweetnacl": "^0.14.3" + } + }, + "blob-util": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/blob-util/-/blob-util-2.0.2.tgz", + "integrity": "sha512-T7JQa+zsXXEa6/8ZhHcQEW1UFfVM49Ts65uBkFL6fz2QmrElqmbajIDJvuA0tEhRe5eIjpV9ZF+0RfZR9voJFQ==", + "dev": true + }, + "bluebird": { + "version": "3.7.2", + "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz", + "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==", + "dev": true + }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "buffer": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", + "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", + "dev": true, + "requires": { + "base64-js": "^1.3.1", + "ieee754": "^1.1.13" + } + }, + "buffer-crc32": { + "version": "0.2.13", + "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==", + "dev": true + }, + "cachedir": { + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/cachedir/-/cachedir-2.4.0.tgz", + "integrity": "sha512-9EtFOZR8g22CL7BWjJ9BUx1+A/djkofnyW3aOXZORNW2kxoUpx2h+uN2cOqwPmFhnpVmxg+KW2OjOSgChTEvsQ==", + "dev": true + }, + "call-bind": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", + "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "dev": true, + "requires": { + "function-bind": "^1.1.1", + "get-intrinsic": "^1.0.2" + } + }, + "caseless": { + "version": "0.12.0", + "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz", + "integrity": "sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==", + "dev": true + }, + "chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "requires": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "dependencies": { + "supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + } + } + }, + "check-more-types": { + "version": "2.24.0", + "resolved": "https://registry.npmjs.org/check-more-types/-/check-more-types-2.24.0.tgz", + "integrity": "sha512-Pj779qHxV2tuapviy1bSZNEL1maXr13bPYpsvSDB68HlYcYuhlDrmGd63i0JHMCLKzc7rUSNIrpdJlhVlNwrxA==", + "dev": true + }, + "ci-info": { + "version": "3.8.0", + "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.8.0.tgz", + "integrity": "sha512-eXTggHWSooYhq49F2opQhuHWgzucfF2YgODK4e1566GQs5BIfP30B0oenwBJHfWxAs2fyPB1s7Mg949zLf61Yw==", + "dev": true + }, + "clean-stack": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", + "dev": true + }, + "cli-cursor": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "integrity": "sha512-I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw==", + "dev": true, + "requires": { + "restore-cursor": "^3.1.0" + } + }, + "cli-table3": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.3.tgz", + "integrity": "sha512-w5Jac5SykAeZJKntOxJCrm63Eg5/4dhMWIcuTbo9rpE+brgaSZo0RuNJZeOyMgsUdhDeojvgyQLmjI+K50ZGyg==", + "dev": true, + "requires": { + "@colors/colors": "1.5.0", + "string-width": "^4.2.0" + } + }, + "cli-truncate": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-2.1.0.tgz", + "integrity": "sha512-n8fOixwDD6b/ObinzTrp1ZKFzbgvKZvuz/TvejnLn1aQfC6r52XEx85FmuC+3HI+JM7coBRXUvNqEU2PHVrHpg==", + "dev": true, + "requires": { + "slice-ansi": "^3.0.0", + "string-width": "^4.2.0" + } + }, + "color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "requires": { + "color-name": "~1.1.4" + } + }, + "color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "colorette": { + "version": "2.0.20", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz", + "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==", + "dev": true + }, + "combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "dev": true, + "requires": { + "delayed-stream": "~1.0.0" + } + }, + "commander": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-6.2.1.tgz", + "integrity": "sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==", + "dev": true + }, + "common-tags": { + "version": "1.8.2", + "resolved": "https://registry.npmjs.org/common-tags/-/common-tags-1.8.2.tgz", + "integrity": "sha512-gk/Z852D2Wtb//0I+kRFNKKE9dIIVirjoqPoA1wJU+XePVXZfGeBpk45+A1rKO4Q43prqWBNY/MiIeRLbPWUaA==", + "dev": true + }, + "concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true + }, + "core-util-is": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", + "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==", + "dev": true + }, + "cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dev": true, + "requires": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + } + }, + "cypress": { + "version": "13.1.0", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.1.0.tgz", + "integrity": "sha512-LUKxCYlB973QBFls1Up4FAE9QIYobT+2I8NvvAwMfQS2YwsWbr6yx7y9hmsk97iqbHkKwZW3MRjoK1RToBFVdQ==", + "dev": true, + "requires": { + "@cypress/request": "^3.0.0", + "@cypress/xvfb": "^1.2.4", + "@types/node": "^16.18.39", + "@types/sinonjs__fake-timers": "8.1.1", + "@types/sizzle": "^2.3.2", + "arch": "^2.2.0", + "blob-util": "^2.0.2", + "bluebird": "^3.7.2", + "buffer": "^5.6.0", + "cachedir": "^2.3.0", + "chalk": "^4.1.0", + "check-more-types": "^2.24.0", + "cli-cursor": "^3.1.0", + "cli-table3": "~0.6.1", + "commander": "^6.2.1", + "common-tags": "^1.8.0", + "dayjs": "^1.10.4", + "debug": "^4.3.4", + "enquirer": "^2.3.6", + "eventemitter2": "6.4.7", + "execa": "4.1.0", + "executable": "^4.1.1", + "extract-zip": "2.0.1", + "figures": "^3.2.0", + "fs-extra": "^9.1.0", + "getos": "^3.2.1", + "is-ci": "^3.0.0", + "is-installed-globally": "~0.4.0", + "lazy-ass": "^1.6.0", + "listr2": "^3.8.3", + "lodash": "^4.17.21", + "log-symbols": "^4.0.0", + "minimist": "^1.2.8", + "ospath": "^1.2.2", + "pretty-bytes": "^5.6.0", + "process": "^0.11.10", + "proxy-from-env": "1.0.0", + "request-progress": "^3.0.0", + "semver": "^7.5.3", + "supports-color": "^8.1.1", + "tmp": "~0.2.1", + "untildify": "^4.0.0", + "yauzl": "^2.10.0" + } + }, + "dashdash": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz", + "integrity": "sha512-jRFi8UDGo6j+odZiEpjazZaWqEal3w/basFjQHQEwVtZJGDpxbH1MeYluwCS8Xq5wmLJooDlMgvVarmWfGM44g==", + "dev": true, + "requires": { + "assert-plus": "^1.0.0" + } + }, + "dayjs": { + "version": "1.11.9", + "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.9.tgz", + "integrity": "sha512-QvzAURSbQ0pKdIye2txOzNaHmxtUBXerpY0FJsFXUMKbIZeFm5ht1LS/jFsrncjnmtv8HsG0W2g6c0zUjZWmpA==", + "dev": true + }, + "debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "dev": true, + "requires": { + "ms": "2.1.2" + }, + "dependencies": { + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + } + } + }, + "delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "dev": true + }, + "ecc-jsbn": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", + "integrity": "sha512-eh9O+hwRHNbG4BLTjEl3nw044CkGm5X6LoaCf7LPp7UU8Qrt47JYNi6nPX8xjW97TKGKm1ouctg0QSpZe9qrnw==", + "dev": true, + "requires": { + "jsbn": "~0.1.0", + "safer-buffer": "^2.1.0" + } + }, + "emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "end-of-stream": { + "version": "1.4.4", + "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", + "dev": true, + "requires": { + "once": "^1.4.0" + } + }, + "enquirer": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "integrity": "sha512-rRqJg/6gd538VHvR3PSrdRBb/1Vy2YfzHqzvbhGIQpDRKIa4FgV/54b5Q1xYSxOOwKvjXweS26E0Q+nAMwp2pQ==", + "dev": true, + "requires": { + "ansi-colors": "^4.1.1", + "strip-ansi": "^6.0.1" + } + }, + "escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", + "dev": true + }, + "eventemitter2": { + "version": "6.4.7", + "resolved": "https://registry.npmjs.org/eventemitter2/-/eventemitter2-6.4.7.tgz", + "integrity": "sha512-tYUSVOGeQPKt/eC1ABfhHy5Xd96N3oIijJvN3O9+TsC28T5V9yX9oEfEK5faP0EFSNVOG97qtAS68GBrQB2hDg==", + "dev": true + }, + "execa": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/execa/-/execa-4.1.0.tgz", + "integrity": "sha512-j5W0//W7f8UxAn8hXVnwG8tLwdiUy4FJLcSupCg6maBYZDpyBvTApK7KyuI4bKj8KOh1r2YH+6ucuYtJv1bTZA==", + "dev": true, + "requires": { + "cross-spawn": "^7.0.0", + "get-stream": "^5.0.0", + "human-signals": "^1.1.1", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.0", + "onetime": "^5.1.0", + "signal-exit": "^3.0.2", + "strip-final-newline": "^2.0.0" + } + }, + "executable": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/executable/-/executable-4.1.1.tgz", + "integrity": "sha512-8iA79xD3uAch729dUG8xaaBBFGaEa0wdD2VkYLFHwlqosEj/jT66AzcreRDSgV7ehnNLBW2WR5jIXwGKjVdTLg==", + "dev": true, + "requires": { + "pify": "^2.2.0" + } + }, + "extend": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", + "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==", + "dev": true + }, + "extract-zip": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-2.0.1.tgz", + "integrity": "sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg==", + "dev": true, + "requires": { + "@types/yauzl": "^2.9.1", + "debug": "^4.1.1", + "get-stream": "^5.1.0", + "yauzl": "^2.10.0" + } + }, + "extsprintf": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz", + "integrity": "sha512-11Ndz7Nv+mvAC1j0ktTa7fAb0vLyGGX+rMHNBYQviQDGU0Hw7lhctJANqbPhu9nV9/izT/IntTgZ7Im/9LJs9g==", + "dev": true + }, + "fd-slicer": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", + "integrity": "sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==", + "dev": true, + "requires": { + "pend": "~1.2.0" + } + }, + "figures": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "integrity": "sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==", + "dev": true, + "requires": { + "escape-string-regexp": "^1.0.5" + } + }, + "forever-agent": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz", + "integrity": "sha512-j0KLYPhm6zeac4lz3oJ3o65qvgQCcPubiyotZrXqEaG4hNagNYO8qdlUrX5vwqv9ohqeT/Z3j6+yW067yWWdUw==", + "dev": true + }, + "form-data": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz", + "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==", + "dev": true, + "requires": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.6", + "mime-types": "^2.1.12" + } + }, + "fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "dev": true, + "requires": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "dependencies": { + "universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "dev": true + } + } + }, + "fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "dev": true + }, + "function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true + }, + "get-intrinsic": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz", + "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==", + "dev": true, + "requires": { + "function-bind": "^1.1.1", + "has": "^1.0.3", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3" + } + }, + "get-stream": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", + "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", + "dev": true, + "requires": { + "pump": "^3.0.0" + } + }, + "getos": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/getos/-/getos-3.2.1.tgz", + "integrity": "sha512-U56CfOK17OKgTVqozZjUKNdkfEv6jk5WISBJ8SHoagjE6L69zOwl3Z+O8myjY9MEW3i2HPWQBt/LTbCgcC973Q==", + "dev": true, + "requires": { + "async": "^3.2.0" + } + }, + "getpass": { + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz", + "integrity": "sha512-0fzj9JxOLfJ+XGLhR8ze3unN0KZCgZwiSSDz168VERjK8Wl8kVSdcu2kspd4s4wtAa1y/qrVRiAA0WclVsu0ng==", + "dev": true, + "requires": { + "assert-plus": "^1.0.0" + } + }, + "glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + }, + "global-dirs": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/global-dirs/-/global-dirs-3.0.1.tgz", + "integrity": "sha512-NBcGGFbBA9s1VzD41QXDG+3++t9Mn5t1FpLdhESY6oKY4gYTFpX4wO3sqGUa0Srjtbfj3szX0RnemmrVRUdULA==", + "dev": true, + "requires": { + "ini": "2.0.0" + } + }, + "graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", + "dev": true + }, + "has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, + "requires": { + "function-bind": "^1.1.1" + } + }, + "has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true + }, + "has-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", + "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==", + "dev": true + }, + "has-symbols": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", + "dev": true + }, + "http-signature": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.3.6.tgz", + "integrity": "sha512-3adrsD6zqo4GsTqtO7FyrejHNv+NgiIfAfv68+jVlFmSr9OGy7zrxONceFRLKvnnZA5jbxQBX1u9PpB6Wi32Gw==", + "dev": true, + "requires": { + "assert-plus": "^1.0.0", + "jsprim": "^2.0.2", + "sshpk": "^1.14.1" + } + }, + "human-signals": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz", + "integrity": "sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw==", + "dev": true + }, + "ieee754": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", + "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", + "dev": true + }, + "indent-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "dev": true + }, + "inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "dev": true, + "requires": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "ini": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", + "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", + "dev": true + }, + "is-ci": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/is-ci/-/is-ci-3.0.1.tgz", + "integrity": "sha512-ZYvCgrefwqoQ6yTyYUbQu64HsITZ3NfKX1lzaEYdkTDcfKzzCI/wthRRYKkdjHKFVgNiXKAKm65Zo1pk2as/QQ==", + "dev": true, + "requires": { + "ci-info": "^3.2.0" + } + }, + "is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true + }, + "is-installed-globally": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/is-installed-globally/-/is-installed-globally-0.4.0.tgz", + "integrity": "sha512-iwGqO3J21aaSkC7jWnHP/difazwS7SFeIqxv6wEtLU8Y5KlzFTjyqcSIT0d8s4+dDhKytsk9PJZ2BkS5eZwQRQ==", + "dev": true, + "requires": { + "global-dirs": "^3.0.0", + "is-path-inside": "^3.0.2" + } + }, + "is-path-inside": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", + "dev": true + }, + "is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "dev": true + }, + "is-typedarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz", + "integrity": "sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==", + "dev": true + }, + "is-unicode-supported": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", + "dev": true + }, + "isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "dev": true + }, + "isstream": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz", + "integrity": "sha512-Yljz7ffyPbrLpLngrMtZ7NduUgVvi6wG9RJ9IUcyCd59YQ911PBJphODUcbOVbqYfxe1wuYf/LJ8PauMRwsM/g==", + "dev": true + }, + "jsbn": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz", + "integrity": "sha512-UVU9dibq2JcFWxQPA6KCqj5O42VOmAY3zQUfEKxU0KpTGXwNoCjkX1e13eHNvw/xPynt6pU0rZ1htjWTNTSXsg==", + "dev": true + }, + "json-schema": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz", + "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==", + "dev": true + }, + "json-stringify-safe": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", + "dev": true + }, + "jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dev": true, + "requires": { + "graceful-fs": "^4.1.6", + "universalify": "^2.0.0" + }, + "dependencies": { + "universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "dev": true + } + } + }, + "jsprim": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-2.0.2.tgz", + "integrity": "sha512-gqXddjPqQ6G40VdnI6T6yObEC+pDNvyP95wdQhkWkg7crHH3km5qP1FsOXEkzEQwnz6gz5qGTn1c2Y52wP3OyQ==", + "dev": true, + "requires": { + "assert-plus": "1.0.0", + "extsprintf": "1.3.0", + "json-schema": "0.4.0", + "verror": "1.10.0" + } + }, + "lazy-ass": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/lazy-ass/-/lazy-ass-1.6.0.tgz", + "integrity": "sha512-cc8oEVoctTvsFZ/Oje/kGnHbpWHYBe8IAJe4C0QNc3t8uM/0Y8+erSz/7Y1ALuXTEZTMvxXwO6YbX1ey3ujiZw==", + "dev": true + }, + "listr2": { + "version": "3.14.0", + "resolved": "https://registry.npmjs.org/listr2/-/listr2-3.14.0.tgz", + "integrity": "sha512-TyWI8G99GX9GjE54cJ+RrNMcIFBfwMPxc3XTFiAYGN4s10hWROGtOg7+O6u6LE3mNkyld7RSLE6nrKBvTfcs3g==", + "dev": true, + "requires": { + "cli-truncate": "^2.1.0", + "colorette": "^2.0.16", + "log-update": "^4.0.0", + "p-map": "^4.0.0", + "rfdc": "^1.3.0", + "rxjs": "^7.5.1", + "through": "^2.3.8", + "wrap-ansi": "^7.0.0" + } + }, + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true + }, + "lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", + "dev": true + }, + "log-symbols": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", + "dev": true, + "requires": { + "chalk": "^4.1.0", + "is-unicode-supported": "^0.1.0" + } + }, + "log-update": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/log-update/-/log-update-4.0.0.tgz", + "integrity": "sha512-9fkkDevMefjg0mmzWFBW8YkFP91OrizzkW3diF7CpG+S2EYdy4+TVfGwz1zeF8x7hCx1ovSPTOE9Ngib74qqUg==", + "dev": true, + "requires": { + "ansi-escapes": "^4.3.0", + "cli-cursor": "^3.1.0", + "slice-ansi": "^4.0.0", + "wrap-ansi": "^6.2.0" + }, + "dependencies": { + "slice-ansi": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==", + "dev": true, + "requires": { + "ansi-styles": "^4.0.0", + "astral-regex": "^2.0.0", + "is-fullwidth-code-point": "^3.0.0" + } + }, + "wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "dev": true, + "requires": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + } + } + }, + "lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dev": true, + "requires": { + "yallist": "^4.0.0" + } + }, + "merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "dev": true + }, + "mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "dev": true + }, + "mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dev": true, + "requires": { + "mime-db": "1.52.0" + } + }, + "mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "dev": true + }, + "minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "dev": true + }, + "ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true + }, + "npm-run-path": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", + "dev": true, + "requires": { + "path-key": "^3.0.0" + } + }, + "object-inspect": { + "version": "1.12.3", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", + "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==", + "dev": true + }, + "once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dev": true, + "requires": { + "wrappy": "1" + } + }, + "onetime": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", + "dev": true, + "requires": { + "mimic-fn": "^2.1.0" + } + }, + "ospath": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/ospath/-/ospath-1.2.2.tgz", + "integrity": "sha512-o6E5qJV5zkAbIDNhGSIlyOhScKXgQrSRMilfph0clDfM0nEnBOlKlH4sWDmG95BW/CvwNz0vmm7dJVtU2KlMiA==", + "dev": true + }, + "p-map": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz", + "integrity": "sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==", + "dev": true, + "requires": { + "aggregate-error": "^3.0.0" + } + }, + "path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "dev": true + }, + "path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dev": true + }, + "pend": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "integrity": "sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==", + "dev": true + }, + "performance-now": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz", + "integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==", + "dev": true + }, + "pify": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", + "dev": true + }, + "pretty-bytes": { + "version": "5.6.0", + "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.6.0.tgz", + "integrity": "sha512-FFw039TmrBqFK8ma/7OL3sDz/VytdtJr044/QUJtH0wK9lb9jLq9tJyIxUwtQJHwar2BqtiA4iCWSwo9JLkzFg==", + "dev": true + }, + "process": { + "version": "0.11.10", + "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", + "integrity": "sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A==", + "dev": true + }, + "proxy-from-env": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.0.0.tgz", + "integrity": "sha512-F2JHgJQ1iqwnHDcQjVBsq3n/uoaFL+iPW/eAeL7kVxy/2RrWaN4WroKjjvbsoRtv0ftelNyC01bjRhn/bhcf4A==", + "dev": true + }, + "psl": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz", + "integrity": "sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==", + "dev": true + }, + "pump": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", + "dev": true, + "requires": { + "end-of-stream": "^1.1.0", + "once": "^1.3.1" + } + }, + "punycode": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.0.tgz", + "integrity": "sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==", + "dev": true + }, + "qs": { + "version": "6.10.4", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.10.4.tgz", + "integrity": "sha512-OQiU+C+Ds5qiH91qh/mg0w+8nwQuLjM4F4M/PbmhDOoYehPh+Fb0bDjtR1sOvy7YKxvj28Y/M0PhP5uVX0kB+g==", + "dev": true, + "requires": { + "side-channel": "^1.0.4" + } + }, + "querystringify": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", + "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==", + "dev": true + }, + "request-progress": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/request-progress/-/request-progress-3.0.0.tgz", + "integrity": "sha512-MnWzEHHaxHO2iWiQuHrUPBi/1WeBf5PkxQqNyNvLl9VAYSdXkP8tQ3pBSeCPD+yw0v0Aq1zosWLz0BdeXpWwZg==", + "dev": true, + "requires": { + "throttleit": "^1.0.0" + } + }, + "requires-port": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", + "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==", + "dev": true + }, + "restore-cursor": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "integrity": "sha512-l+sSefzHpj5qimhFSE5a8nufZYAM3sBSVMAPtYkmC+4EH2anSGaEMXSD0izRQbu9nfyQ9y5JrVmp7E8oZrUjvA==", + "dev": true, + "requires": { + "onetime": "^5.1.0", + "signal-exit": "^3.0.2" + } + }, + "rfdc": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.0.tgz", + "integrity": "sha512-V2hovdzFbOi77/WajaSMXk2OLm+xNIeQdMMuB7icj7bk6zi2F8GGAxigcnDFpJHbNyNcgyJDiP+8nOrY5cZGrA==", + "dev": true + }, + "rimraf": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", + "dev": true, + "requires": { + "glob": "^7.1.3" + } + }, + "rxjs": { + "version": "7.8.1", + "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "integrity": "sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg==", + "dev": true, + "requires": { + "tslib": "^2.1.0" + } + }, + "safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true + }, + "safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "dev": true + }, + "semver": { + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", + "dev": true, + "requires": { + "lru-cache": "^6.0.0" + } + }, + "shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dev": true, + "requires": { + "shebang-regex": "^3.0.0" + } + }, + "shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "dev": true + }, + "side-channel": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", + "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", + "dev": true, + "requires": { + "call-bind": "^1.0.0", + "get-intrinsic": "^1.0.2", + "object-inspect": "^1.9.0" + } + }, + "signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", + "dev": true + }, + "slice-ansi": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz", + "integrity": "sha512-pSyv7bSTC7ig9Dcgbw9AuRNUb5k5V6oDudjZoMBSr13qpLBG7tB+zgCkARjq7xIUgdz5P1Qe8u+rSGdouOOIyQ==", + "dev": true, + "requires": { + "ansi-styles": "^4.0.0", + "astral-regex": "^2.0.0", + "is-fullwidth-code-point": "^3.0.0" + } + }, + "sshpk": { + "version": "1.17.0", + "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.17.0.tgz", + "integrity": "sha512-/9HIEs1ZXGhSPE8X6Ccm7Nam1z8KcoCqPdI7ecm1N33EzAetWahvQWVqLZtaZQ+IDKX4IyA2o0gBzqIMkAagHQ==", + "dev": true, + "requires": { + "asn1": "~0.2.3", + "assert-plus": "^1.0.0", + "bcrypt-pbkdf": "^1.0.0", + "dashdash": "^1.12.0", + "ecc-jsbn": "~0.1.1", + "getpass": "^0.1.1", + "jsbn": "~0.1.0", + "safer-buffer": "^2.0.2", + "tweetnacl": "~0.14.0" + } + }, + "string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "requires": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + } + }, + "strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "requires": { + "ansi-regex": "^5.0.1" + } + }, + "strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "dev": true + }, + "supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + }, + "throttleit": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-1.0.0.tgz", + "integrity": "sha512-rkTVqu6IjfQ/6+uNuuc3sZek4CEYxTJom3IktzgdSxcZqdARuebbA/f4QmAxMQIxqq9ZLEUkSYqvuk1I6VKq4g==", + "dev": true + }, + "through": { + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==", + "dev": true + }, + "tmp": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz", + "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==", + "dev": true, + "requires": { + "rimraf": "^3.0.0" + } + }, + "tough-cookie": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", + "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", + "dev": true, + "requires": { + "psl": "^1.1.33", + "punycode": "^2.1.1", + "universalify": "^0.2.0", + "url-parse": "^1.5.3" + } + }, + "tslib": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", + "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==", + "dev": true + }, + "tunnel-agent": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "integrity": "sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==", + "dev": true, + "requires": { + "safe-buffer": "^5.0.1" + } + }, + "tweetnacl": { + "version": "0.14.5", + "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz", + "integrity": "sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==", + "dev": true + }, + "type-fest": { + "version": "0.21.3", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==", + "dev": true + }, + "universalify": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", + "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==", + "dev": true + }, + "untildify": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/untildify/-/untildify-4.0.0.tgz", + "integrity": "sha512-KK8xQ1mkzZeg9inewmFVDNkg3l5LUhoq9kN6iWYB/CC9YMG8HA+c1Q8HwDe6dEX7kErrEVNVBO3fWsVq5iDgtw==", + "dev": true + }, + "url-parse": { + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", + "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", + "dev": true, + "requires": { + "querystringify": "^2.1.1", + "requires-port": "^1.0.0" + } + }, + "uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "dev": true + }, + "verror": { + "version": "1.10.0", + "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz", + "integrity": "sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==", + "dev": true, + "requires": { + "assert-plus": "^1.0.0", + "core-util-is": "1.0.2", + "extsprintf": "^1.2.0" + } + }, + "which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dev": true, + "requires": { + "isexe": "^2.0.0" + } + }, + "wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "requires": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + }, + "wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "dev": true + }, + "yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dev": true + }, + "yauzl": { + "version": "2.10.0", + "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz", + "integrity": "sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==", + "dev": true, + "requires": { + "buffer-crc32": "~0.2.3", + "fd-slicer": "~1.1.0" + } + } + } +} diff --git a/package.json b/package.json index 6ae13f2c1..1171646dd 100644 --- a/package.json +++ b/package.json @@ -9,6 +9,8 @@ "license": "Apache-2.0", "homepage": "https://github.com/opensearch-project/security-dashboards-plugin", "scripts": { + "cypress:open": "cypress open", + "cypress:run": "cypress run", "plugin-helpers": "node ../../scripts/plugin_helpers", "osd": "node ../../scripts/osd", "opensearch": "node ../../scripts/opensearch", @@ -25,6 +27,8 @@ "@elastic/eslint-import-resolver-kibana": "link:../../packages/osd-eslint-import-resolver-opensearch-dashboards", "@testing-library/react-hooks": "^7.0.2", "@types/hapi__wreck": "^15.0.1", + "cypress": "^13.1.0", + "cypress-mochawesome-reporter": "^3.3.0", "gulp-rename": "2.0.0", "jose": "^4.11.2", "saml-idp": "^1.2.1", @@ -39,4 +43,4 @@ "resolutions": { "selenium-webdriver": "4.10.0" } -} \ No newline at end of file +} From aeb22c64f637cf87c7723eaf5786a9462584a8e6 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Sat, 9 Sep 2023 13:09:30 -0700 Subject: [PATCH 002/114] Set up a workflow 0 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 135 ++++++++++++++++ cypress.config.ts | 22 ++- cypress/e2e/oidc/oidc_test.spec.js | 171 +++++++++++--------- cypress/support/e2e.js | 15 ++ 4 files changed, 262 insertions(+), 81 deletions(-) create mode 100644 .github/workflows/cypress-test-oidc-e2e.yml diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml new file mode 100644 index 000000000..e422a181d --- /dev/null +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -0,0 +1,135 @@ +name: Snapshot based E2E OIDC tests workflow +on: + pull_request: + branches: [ '**' ] +env: + OPENSEARCJ_VERSION: '2.6.0' + KEYCLOAK_VERSION: '21.0.1' +jobs: + tests: + name: Run Cypress E2E tests + runs-on: ubuntu-latest + env: + # prevents extra Cypress installation progress messages + CI: 1 + # avoid warnings like "tput: No value for $TERM and no -T specified" + TERM: xterm + steps: + - name: Set up JDK + uses: actions/setup-java@v1 + with: + java-version: 17 + + - name: Get and run Keycloak + run: | + echo "Downloading Keycloak ${{ env.KEYCLOAK_VERSION }}" + wget https://github.com/keycloak/keycloak/releases/download/${{ env.KEYCLOAK_VERSION }}/keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz + echo "Unpacking Keycloak" + tar -xzf keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz + export KEYCLOAK_ADMIN=admin + export KEYCLOAK_ADMIN_PASSWORD=admin + cd keycloak-${{ env.KEYCLOAK_VERSION }}/bin + chmod +x kc.sh + echo "Starting keycloak" + ./kc.sh start-dev --http-enabled=true --hostname-strict-https=false --http-host=localhost --http-relative-path /auth --health-enabled=true & + timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:8080/auth/health)" != "200" ]]; do sleep 5; done' + chmod +x kcadm.sh + echo "Creating client" + ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin + CID=$(./kcadm.sh create clients -r master -s clientId=opensearch -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i) + ./kcadm.sh get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp + echo "Getting client secret for dashboards configuration purpose" + echo "KEYCLOAK_CLIENT_SECRET=$(grep -o '"secret" : "[^"]*' tmp | grep -o '[^"]*$')" >> $GITHUB_ENV + echo "Creating client mapper" + ./kcadm.sh create clients/$CID/protocol-mappers/models -r master -s 'config."id.token.claim"=true' -s 'config."multivalued"=true' -s 'config."claim.name"="roles"' -s 'config."userinfo.token.claim"=true' -s 'config."access.token.claim"=true' -s 'name=rolemapper' -s 'protocolMapper=oidc-usermodel-realm-role-mapper' -s "protocol=openid-connect" + + - name: Get and run OpenSearch + run: | + echo "Downloading OpenSearch ${{ env.OPENSEARCH_VERSION }}" + wget https://artifacts.opensearch.org/releases/bundle/opensearch/${{ env.OPENSEARCH_VERSION }}/opensearch-${{ env.OPENSEARCH_VERSION }}-linux-x64.tar.gz + echo "Unpacking OpenSearch" + tar -xzf opensearch-${{ env.OPENSEARCH_VERSION }}-linux-x64.tar.gz + cd opensearch-${{ env.OPENSEARCH_VERSION }} + + echo "Injecting OIDC configuration" + cd config/opensearch-security/ + wget -O yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 + chmod +x yq + yq -i ".config.dynamic.authc.openid_auth_domain.http_enabled = true" config.yml + yq -i ".config.dynamic.authc.openid_auth_domain.transport_enabled = true" config.yml + yq -i ".config.dynamic.authc.openid_auth_domain.order = 1" config.yml + yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.type = \"openid\"" config.yml + yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false" config.yml + yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = \"preferred_username\"" config.yml + yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = \"roles\"" config.yml + yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" config.yml + yq -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml + echo "Installing demo configuration" + cd ../../plugins/opensearch-security/tools + chmod +x install_demo_configuration.sh + ./install_demo_configuration.sh -y + + echo "Starting OpenSearch" + ../../../bin/opensearch & + timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -ku admin:admin)" != "503" ]]; do sleep 5; done' + echo "Setting up certificates" + chmod +x securityadmin.sh + ./securityadmin.sh -cd ../../../config/opensearch-security/ -icl -nhnv \ + -cacert ../../../config/root-ca.pem \ + -cert ../../../config/kirk.pem \ + -key ../../../config/kirk-key.pem + timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -ku admin:admin)" != "200" ]]; do sleep 5; done' + + - name: Get and run OpenSearch-Dashboards + run: | + echo "Downloading OpenSearch-Dashboards ${{ env.OPENSEARCH_VERSION }}" + wget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/${{ env.OPENSEARCH_VERSION }}/opensearch-dashboards-${{ env.OPENSEARCH_VERSION }}-linux-x64.tar.gz + echo "Unpacking OpenSearch-Dashboards" + tar -xzf opensearch-dashboards-${{ env.OPENSEARCH_VERSION }}-linux-x64.tar.gz + echo "Injecting OIDC configuration" + cd opensearch-dashboards-${{ env.OPENSEARCH_VERSION }}/config + echo "opensearch_security.openid.connect_url: \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" >> opensearch_dashboards.yml + echo "opensearch_security.openid.client_id: \"opensearch\"" >> opensearch_dashboards.yml + echo "opensearch_security.openid.client_secret: \"${{ env.KEYCLOAK_CLIENT_SECRET }}\"">> opensearch_dashboards.yml + echo "opensearch_security.auth.type: [\"openid\"]" >> opensearch_dashboards.yml + echo "opensearch_security.auth.multiple_auth_enabled: true" >> opensearch_dashboards.yml + echo "opensearch_security.ui.openid.login.buttonname: \"OIDC\"" >> opensearch_dashboards.yml + echo "home.disableWelcomeScreen: true" >> opensearch_dashboards.yml + echo "Starting OpenSearch-Dashboards" + cd ../bin + chmod +x opensearch-dashboards + ./opensearch-dashboards serve & + + # Use existing action for osd bootstrap + - name: Run Dashboard with Security Dashboards Plugin + uses: ./.github/actions/install-dashboards + with: + plugin_name: security-dashboards-plugin + + # Configure the Dashboard for OIDC setup + + - name: Checkout security-dashboards-plugin + uses: actions/checkout@v2 + with: + repository: ${{github.repository}} + path: functional-test + - name: Get Cypress version + id: cypress_version + run: | + echo "::set-output name=cypress_version::$(cat ./functional-test/package.json | jq '.devDependencies.cypress' | tr -d '"')" + - run: npx cypress cache list + - run: npx cypress cache path + - name: Yarn install + uses: cypress-io/github-action@v2 + with: + working-directory: functional-test + command: yarn install + - name: Cypress tests + uses: cypress-io/github-action@v2 + with: + working-directory: functional-test + command: yarn cypress:run-without-security --browser chromium --spec 'cypress/integration/plugins/security-dashboards-plugin/*.js' + wait-on: 'http://localhost:5601' + + - name: OIDC E2E Tests + command: yarn cypress:run --browser chrome --spec 'cypress/e2e/oidc/*.js' \ No newline at end of file diff --git a/cypress.config.ts b/cypress.config.ts index b423fd42c..aad89390e 100644 --- a/cypress.config.ts +++ b/cypress.config.ts @@ -1,9 +1,27 @@ -import { defineConfig } from 'cypress' +/* + * Copyright OpenSearch Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import { defineConfig } from 'cypress'; export default defineConfig({ + defaultCommandTimeout: 60000, + requestTimeout: 60000, + responseTimeout: 60000, e2e: { setupNodeEvents(on, config) {}, baseUrl: 'http://localhost:5601', specPattern: 'cypress/e2e/**/*.spec.js', }, -}) +}); diff --git a/cypress/e2e/oidc/oidc_test.spec.js b/cypress/e2e/oidc/oidc_test.spec.js index 084c3d597..3015885a8 100644 --- a/cypress/e2e/oidc/oidc_test.spec.js +++ b/cypress/e2e/oidc/oidc_test.spec.js @@ -1,86 +1,99 @@ +/* + * Copyright OpenSearch Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + /* * Copyright OpenSearch Contributors * SPDX-License-Identifier: Apache-2.0 */ describe('Log in via OIDC', () => { - const login = 'admin'; - const password = 'admin'; - - const kcLogin = () => { - cy.get('#kc-page-title').should('be.visible'); - cy.get('#username').type(login); - cy.get('#password').type(password); - cy.get('#kc-login').click(); - }; - - const logout = () => { - cy.get('#user-icon-btn').should('be.visible', { timeout: 15000 }); - cy.get('#user-icon-btn').click(); - cy.get('button[data-test-subj^="log-out-"]').click(); - cy.get('#kc-page-title').should('be.visible'); - }; - - afterEach(async () => { - logout(); - }); - - it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { - cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/'); - - kcLogin(); - - cy.get('#osdOverviewPageHeader__title').should('be.visible'); - - cy.getCookie('security_authentication').should('exist'); - cy.clearCookies(); - }); - - it('Login to app/dev_tools#/console when OIDC is enabled', () => { - cy.visit('http://localhost:5601/app/dev_tools#/console'); - - kcLogin(); - - cy.get('button[data-test-subj="sendRequestButton"]').should('be.visible'); - - cy.getCookie('security_authentication').should('exist'); - cy.clearCookies(); - }); - - it('Login to Dashboard with Hash', () => { - cy.visit( - `http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),refreshInterval:(pause:!f,value:900000),time:(from:now-24h,to:now))&_a=(description:'Analyze%20mock%20flight%20data%20for%20OpenSearch-Air,%20Logstash%20Airways,%20OpenSearch%20Dashboards%20Airlines%20and%20BeatsWest',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!t,title:'%5BFlights%5D%20Global%20Flight%20Dashboard',viewMode:view)` - ); - - kcLogin(); - - cy.get( - '.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader' - ).should('be.visible'); - - cy.getCookie('security_authentication').should('exist'); - cy.clearCookies(); - }); - - it('Tenancy persisted after logout in OIDC', () => { - cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/'); - - kcLogin(); - - cy.get('#global').should('be.enabled'); - cy.get('#global').click({ force: true }); - - cy.get('button[data-test-subj="confirm"]').click(); - - cy.get('#osdOverviewPageHeader__title').should('be.visible'); - - logout(); - - kcLogin(); - - cy.get('#user-icon-btn').should('be.visible'); - cy.get('#user-icon-btn').click(); - - cy.get('#tenantName').should('have.text', 'Global'); - }); + const login = 'admin'; + const password = 'admin'; + + const kcLogin = () => { + cy.get('#kc-page-title').should('be.visible'); + cy.get('#username').type(login); + cy.get('#password').type(password); + cy.get('#kc-login').click(); + }; + + const logout = () => { + cy.get('#user-icon-btn').should('be.visible', { timeout: 15000 }); + cy.get('#user-icon-btn').click(); + cy.get('button[data-test-subj^="log-out-"]').click(); + cy.get('#kc-page-title').should('be.visible'); + }; + + afterEach(async () => { + logout(); + }); + + it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/'); + + kcLogin(); + + cy.get('#osdOverviewPageHeader__title').should('be.visible'); + + cy.getCookie('security_authentication').should('exist'); + cy.clearCookies(); + }); + + it('Login to app/dev_tools#/console when OIDC is enabled', () => { + cy.visit('http://localhost:5601/app/dev_tools#/console'); + + kcLogin(); + + cy.get('button[data-test-subj="sendRequestButton"]').should('be.visible'); + + cy.getCookie('security_authentication').should('exist'); + cy.clearCookies(); + }); + + it('Login to Dashboard with Hash', () => { + cy.visit( + `http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),refreshInterval:(pause:!f,value:900000),time:(from:now-24h,to:now))&_a=(description:'Analyze%20mock%20flight%20data%20for%20OpenSearch-Air,%20Logstash%20Airways,%20OpenSearch%20Dashboards%20Airlines%20and%20BeatsWest',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!t,title:'%5BFlights%5D%20Global%20Flight%20Dashboard',viewMode:view)` + ); + + kcLogin(); + + cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader').should('be.visible'); + + cy.getCookie('security_authentication').should('exist'); + cy.clearCookies(); + }); + + it('Tenancy persisted after logout in OIDC', () => { + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/'); + + kcLogin(); + + cy.get('#global').should('be.enabled'); + cy.get('#global').click({ force: true }); + + cy.get('button[data-test-subj="confirm"]').click(); + + cy.get('#osdOverviewPageHeader__title').should('be.visible'); + + logout(); + + kcLogin(); + + cy.get('#user-icon-btn').should('be.visible'); + cy.get('#user-icon-btn').click(); + + cy.get('#tenantName').should('have.text', 'Global'); }); +}); diff --git a/cypress/support/e2e.js b/cypress/support/e2e.js index bc3f43d62..53672f05d 100644 --- a/cypress/support/e2e.js +++ b/cypress/support/e2e.js @@ -1,3 +1,18 @@ +/* + * Copyright OpenSearch Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + /* * Copyright OpenSearch Contributors * SPDX-License-Identifier: Apache-2.0 From 98bc733eda149ee17e2a6fe190a43199b170810c Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Sun, 10 Sep 2023 11:30:13 -0700 Subject: [PATCH 003/114] Add the cypress screenshots path to gitignore Signed-off-by: Ryan Liang --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 513364a9b..c008cda8c 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ yarn-error.log kibana-coverage/ .DS_Store .idea/ +cypress/screenshots From e8555aeb8296ab13e859c32577adfa9b02113d30 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Sun, 10 Sep 2023 12:19:20 -0700 Subject: [PATCH 004/114] Set up sec dashboards plugin with oidc config Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 71 ++++++++------------- 1 file changed, 25 insertions(+), 46 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index e422a181d..43c8d4171 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -3,7 +3,7 @@ on: pull_request: branches: [ '**' ] env: - OPENSEARCJ_VERSION: '2.6.0' + OPENSEARCJ_VERSION: '3.0.0' KEYCLOAK_VERSION: '21.0.1' jobs: tests: @@ -80,26 +80,6 @@ jobs: -key ../../../config/kirk-key.pem timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -ku admin:admin)" != "200" ]]; do sleep 5; done' - - name: Get and run OpenSearch-Dashboards - run: | - echo "Downloading OpenSearch-Dashboards ${{ env.OPENSEARCH_VERSION }}" - wget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/${{ env.OPENSEARCH_VERSION }}/opensearch-dashboards-${{ env.OPENSEARCH_VERSION }}-linux-x64.tar.gz - echo "Unpacking OpenSearch-Dashboards" - tar -xzf opensearch-dashboards-${{ env.OPENSEARCH_VERSION }}-linux-x64.tar.gz - echo "Injecting OIDC configuration" - cd opensearch-dashboards-${{ env.OPENSEARCH_VERSION }}/config - echo "opensearch_security.openid.connect_url: \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" >> opensearch_dashboards.yml - echo "opensearch_security.openid.client_id: \"opensearch\"" >> opensearch_dashboards.yml - echo "opensearch_security.openid.client_secret: \"${{ env.KEYCLOAK_CLIENT_SECRET }}\"">> opensearch_dashboards.yml - echo "opensearch_security.auth.type: [\"openid\"]" >> opensearch_dashboards.yml - echo "opensearch_security.auth.multiple_auth_enabled: true" >> opensearch_dashboards.yml - echo "opensearch_security.ui.openid.login.buttonname: \"OIDC\"" >> opensearch_dashboards.yml - echo "home.disableWelcomeScreen: true" >> opensearch_dashboards.yml - echo "Starting OpenSearch-Dashboards" - cd ../bin - chmod +x opensearch-dashboards - ./opensearch-dashboards serve & - # Use existing action for osd bootstrap - name: Run Dashboard with Security Dashboards Plugin uses: ./.github/actions/install-dashboards @@ -107,29 +87,28 @@ jobs: plugin_name: security-dashboards-plugin # Configure the Dashboard for OIDC setup - - - name: Checkout security-dashboards-plugin - uses: actions/checkout@v2 - with: - repository: ${{github.repository}} - path: functional-test - - name: Get Cypress version - id: cypress_version + - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases run: | - echo "::set-output name=cypress_version::$(cat ./functional-test/package.json | jq '.devDependencies.cypress' | tr -d '"')" - - run: npx cypress cache list - - run: npx cypress cache path - - name: Yarn install - uses: cypress-io/github-action@v2 - with: - working-directory: functional-test - command: yarn install - - name: Cypress tests - uses: cypress-io/github-action@v2 - with: - working-directory: functional-test - command: yarn cypress:run-without-security --browser chromium --spec 'cypress/integration/plugins/security-dashboards-plugin/*.js' - wait-on: 'http://localhost:5601' - - - name: OIDC E2E Tests - command: yarn cypress:run --browser chrome --spec 'cypress/e2e/oidc/*.js' \ No newline at end of file + cd ./OpenSearch-Dashboards + echo 'server.host: "0.0.0.0"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml + echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml + echo "opensearch_security.openid.connect_url: \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" >> ./config/opensearch_dashboards.yml + echo "opensearch_security.openid.client_id: \"opensearch\"" >> ./config/opensearch_dashboards.yml + echo "opensearch_security.openid.client_secret: \"${{ env.KEYCLOAK_CLIENT_SECRET }}\"">> ./config/opensearch_dashboards.yml + echo "opensearch_security.auth.type: [\"openid\"]" >> ./config/opensearch_dashboards.yml + echo "opensearch_security.auth.multiple_auth_enabled: true" >> ./config/opensearch_dashboards.yml + echo "opensearch_security.ui.openid.login.buttonname: \"OIDC\"" >> ./config/opensearch_dashboards.yml + echo "home.disableWelcomeScreen: true" >> ./config/opensearch_dashboards.yml + nohup yarn start --no-base-path --no-watch & + sleep 500 + cd ./plugins/security-dashboards-plugin + npm install cypress --save-dev + yarn cypress:run --browser chrome --spec 'cypress/e2e/oidc/*.js' From 7c59cbcbdc246b200cb8e8db8e5103b344cf3314 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 12 Sep 2023 22:09:54 -0700 Subject: [PATCH 005/114] Add cypress to eslint Signed-off-by: Ryan Liang --- .eslintrc.js | 34 +++++++++++++++++++++++----------- package.json | 1 + 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 2b5f80b11..aedb91ceb 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -13,11 +13,17 @@ const LICENSE_HEADER = ` * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ -` +`; -module.exports = { - root: true, +module.exports = { + root: true, extends: ['@elastic/eslint-config-kibana', 'plugin:@elastic/eui/recommended'], + env: { + 'cypress/globals': true, + }, + plugins: [ + 'cypress', + ], rules: { // "@osd/eslint/require-license-header": "off" '@osd/eslint/no-restricted-paths': [ @@ -27,11 +33,17 @@ module.exports = { zones: [ { target: ['(public|server)/**/*'], - from: ['../../packages/**/*','packages/**/*'] + from: ['../../packages/**/*','packages/**/*'], }, - ] - } - ] + ], + }, + ], + // Add cypress specific rules here + 'cypress/no-assigning-return-values': 'error', + 'cypress/no-unnecessary-waiting': 'error', + 'cypress/assertion-before-screenshot': 'warn', + 'cypress/no-force': 'warn', + 'cypress/no-async-tests': 'error', }, overrides: [ { @@ -43,8 +55,8 @@ module.exports = { licenses: [ LICENSE_HEADER ], }, ], - "no-console": 0 - } - } + 'no-console': 0, + }, + }, ], -}; \ No newline at end of file +}; diff --git a/package.json b/package.json index 1171646dd..eabc7f9fb 100644 --- a/package.json +++ b/package.json @@ -38,6 +38,7 @@ "dependencies": { "@hapi/cryptiles": "5.0.0", "@hapi/wreck": "^17.1.0", + "eslint-plugin-cypress": "^2.14.0", "html-entities": "1.3.1" }, "resolutions": { From 1feed81e245c3bb66a5c7ed90ad39419261556d2 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 12 Sep 2023 22:26:55 -0700 Subject: [PATCH 006/114] Fix lint Signed-off-by: Ryan Liang --- .eslintrc.js | 2 +- cypress.config.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index aedb91ceb..6b9eeab97 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -13,7 +13,7 @@ const LICENSE_HEADER = ` * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ -`; +` module.exports = { root: true, diff --git a/cypress.config.ts b/cypress.config.ts index aad89390e..b5947edd1 100644 --- a/cypress.config.ts +++ b/cypress.config.ts @@ -15,7 +15,7 @@ import { defineConfig } from 'cypress'; -export default defineConfig({ +const CYPRESS_CONFIG = defineConfig({ defaultCommandTimeout: 60000, requestTimeout: 60000, responseTimeout: 60000, From 1a42101e415d844c466b75edd81562d017475f76 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 12 Sep 2023 22:29:30 -0700 Subject: [PATCH 007/114] Fix lint 2 Signed-off-by: Ryan Liang --- .eslintrc.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 6b9eeab97..8e41abff4 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -13,10 +13,10 @@ const LICENSE_HEADER = ` * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ -` +`; -module.exports = { - root: true, +module.exports = { + root: true, extends: ['@elastic/eslint-config-kibana', 'plugin:@elastic/eui/recommended'], env: { 'cypress/globals': true, From bb86669821958bf514f81a41b2ae76babb98e02c Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 12 Sep 2023 22:36:24 -0700 Subject: [PATCH 008/114] fix eslint cypress plugin version Signed-off-by: Ryan Liang --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index eabc7f9fb..521effc54 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,7 @@ "dependencies": { "@hapi/cryptiles": "5.0.0", "@hapi/wreck": "^17.1.0", - "eslint-plugin-cypress": "^2.14.0", + "eslint-plugin-cypress": "^2.8.1", "html-entities": "1.3.1" }, "resolutions": { From 0caf4b35c2014e56c23c7df98f5d87af4d26bd79 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 13 Sep 2023 00:04:41 -0700 Subject: [PATCH 009/114] linux workflow draft 0 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 112 ++++++++++++++------ 1 file changed, 82 insertions(+), 30 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 43c8d4171..10583c67f 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -3,23 +3,36 @@ on: pull_request: branches: [ '**' ] env: - OPENSEARCJ_VERSION: '3.0.0' + OPENSEARCH_VERSION: '3.0.0' KEYCLOAK_VERSION: '21.0.1' + CI: 1 + # avoid warnings like "tput: No value for $TERM and no -T specified" + TERM: xterm + PLUGIN_NAME: opensearch-security + jobs: tests: name: Run Cypress E2E tests - runs-on: ubuntu-latest - env: - # prevents extra Cypress installation progress messages - CI: 1 - # avoid warnings like "tput: No value for $TERM and no -T specified" - TERM: xterm + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest ] #linux only + runs-on: ${{ matrix.os }} + steps: - name: Set up JDK uses: actions/setup-java@v1 with: java-version: 17 + - name: Set env + run: | + opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version") + plugin_version=$(node -p "require('./package.json').version") + echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV + echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV + shell: bash + - name: Get and run Keycloak run: | echo "Downloading Keycloak ${{ env.KEYCLOAK_VERSION }}" @@ -43,16 +56,42 @@ jobs: echo "Creating client mapper" ./kcadm.sh create clients/$CID/protocol-mappers/models -r master -s 'config."id.token.claim"=true' -s 'config."multivalued"=true' -s 'config."claim.name"="roles"' -s 'config."userinfo.token.claim"=true' -s 'config."access.token.claim"=true' -s 'name=rolemapper' -s 'protocolMapper=oidc-usermodel-realm-role-mapper' -s "protocol=openid-connect" - - name: Get and run OpenSearch + - name: Download security plugin and create setup scripts + uses: ./.github/actions/download-plugin + with: + opensearch-version: ${{ env.OPENSEARCH_VERSION }} + plugin-name: ${{ env.PLUGIN_NAME }} + plugin-version: ${{ env.PLUGIN_VERSION }} + + # Download OpenSearch + - name: Download OpenSearch for Linux + uses: peternied/download-file@v2 + if: ${{ runner.os == 'Linux' }} + with: + url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz + + # Install the security plugin + - name: Install Plugin into OpenSearch for Linux + if: ${{ runner.os == 'Linux'}} + run: | + chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin + /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip" + shell: bash + + # Extract downloaded zip + - name: Extract downloaded tar + if: ${{ runner.os == 'Linux' }} + run: | + tar -xzf opensearch-*.tar.gz + rm -f opensearch-*.tar.gz + shell: bash + + # Add OIDC Configuration + - name: Injecting OIDC Configuration + if: ${{ runner.os == 'Linux' }} run: | - echo "Downloading OpenSearch ${{ env.OPENSEARCH_VERSION }}" - wget https://artifacts.opensearch.org/releases/bundle/opensearch/${{ env.OPENSEARCH_VERSION }}/opensearch-${{ env.OPENSEARCH_VERSION }}-linux-x64.tar.gz - echo "Unpacking OpenSearch" - tar -xzf opensearch-${{ env.OPENSEARCH_VERSION }}-linux-x64.tar.gz - cd opensearch-${{ env.OPENSEARCH_VERSION }} - echo "Injecting OIDC configuration" - cd config/opensearch-security/ + cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ wget -O yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 chmod +x yq yq -i ".config.dynamic.authc.openid_auth_domain.http_enabled = true" config.yml @@ -64,23 +103,36 @@ jobs: yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = \"roles\"" config.yml yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" config.yml yq -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml - echo "Installing demo configuration" - cd ../../plugins/opensearch-security/tools - chmod +x install_demo_configuration.sh - ./install_demo_configuration.sh -y + cd ../../.. + + # Run any configuration scripts + - name: Run Setup Script for Linux + if: ${{ runner.os == 'Linux' }} + run: | + echo "running linux setup" + chmod +x ./setup.sh + ./setup.sh + shell: bash + + # Run OpenSearch + - name: Run OpenSearch with plugin on Linux + if: ${{ runner.os == 'Linux'}} + run: /bin/bash -c "./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/bin/opensearch &" + shell: bash + + # Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time! + - name: Sleep while OpenSearch starts + uses: peternied/action-sleep@v1 + with: + seconds: 30 - echo "Starting OpenSearch" - ../../../bin/opensearch & - timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -ku admin:admin)" != "503" ]]; do sleep 5; done' - echo "Setting up certificates" - chmod +x securityadmin.sh - ./securityadmin.sh -cd ../../../config/opensearch-security/ -icl -nhnv \ - -cacert ../../../config/root-ca.pem \ - -cert ../../../config/kirk.pem \ - -key ../../../config/kirk-key.pem - timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -ku admin:admin)" != "200" ]]; do sleep 5; done' + # Verify that the server is operational + - name: Check OpenSearch Running on Linux + if: ${{ runner.os != 'Windows'}} + run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v + shell: bash - # Use existing action for osd bootstrap + # OSD bootstrap - name: Run Dashboard with Security Dashboards Plugin uses: ./.github/actions/install-dashboards with: From aab999aa9334af9de68a914c8d7a08c96f45c2de Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 13 Sep 2023 00:06:38 -0700 Subject: [PATCH 010/114] linux workflow draft 1 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 10583c67f..a92510f2b 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -24,6 +24,9 @@ jobs: uses: actions/setup-java@v1 with: java-version: 17 + + - name: Checkout Branch + uses: actions/checkout@v3 - name: Set env run: | From 28b54f283b7e2ef8f50a3abfe756857fc7a7e697 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 13 Sep 2023 00:10:48 -0700 Subject: [PATCH 011/114] add ls and pwd Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index a92510f2b..31b69222a 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -77,6 +77,8 @@ jobs: - name: Install Plugin into OpenSearch for Linux if: ${{ runner.os == 'Linux'}} run: | + pwd + ls chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip" shell: bash From 06b8435db01d1794648bc0c0905da3156eae69a8 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 13 Sep 2023 00:17:54 -0700 Subject: [PATCH 012/114] linux workflow draft 2 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 31b69222a..35f375e90 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -72,16 +72,6 @@ jobs: if: ${{ runner.os == 'Linux' }} with: url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz - - # Install the security plugin - - name: Install Plugin into OpenSearch for Linux - if: ${{ runner.os == 'Linux'}} - run: | - pwd - ls - chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin - /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip" - shell: bash # Extract downloaded zip - name: Extract downloaded tar @@ -90,6 +80,14 @@ jobs: tar -xzf opensearch-*.tar.gz rm -f opensearch-*.tar.gz shell: bash + + # Install the security plugin + - name: Install Plugin into OpenSearch for Linux + if: ${{ runner.os == 'Linux'}} + run: | + chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin + /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip" + shell: bash # Add OIDC Configuration - name: Injecting OIDC Configuration From a0121b398405b701fdfd582ca3a3f9714b4cca7a Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 19 Sep 2023 10:57:10 -0700 Subject: [PATCH 013/114] Switch to java 11 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 35f375e90..510f53f4a 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -23,7 +23,7 @@ jobs: - name: Set up JDK uses: actions/setup-java@v1 with: - java-version: 17 + java-version: 11 - name: Checkout Branch uses: actions/checkout@v3 From 61872f4f1acc5d1d172477e69e5dc4c0f6cb82ea Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 19 Sep 2023 12:06:24 -0700 Subject: [PATCH 014/114] Add certificates setup with some debugging statement Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 31 ++++++++++++++++----- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 510f53f4a..1e9f35cd6 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -120,20 +120,37 @@ jobs: # Run OpenSearch - name: Run OpenSearch with plugin on Linux if: ${{ runner.os == 'Linux'}} - run: /bin/bash -c "./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/bin/opensearch &" + run: | + ls + pwd + /bin/bash -c "./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/bin/opensearch &" shell: bash # Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time! - name: Sleep while OpenSearch starts uses: peternied/action-sleep@v1 with: - seconds: 30 + seconds: 300 - # Verify that the server is operational - - name: Check OpenSearch Running on Linux - if: ${{ runner.os != 'Windows'}} - run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v - shell: bash + # Setting up certificates + - name: Setting Up Certificates + if: ${{ runner.os == 'Linux'}} + run: | + ls + pwd + echo "Setting up certificates" + chmod +x securityadmin.sh + ./securityadmin.sh -cd ../../../config/opensearch-security/ -icl -nhnv \ + -cacert ../../../config/root-ca.pem \ + -cert ../../../config/kirk.pem \ + -key ../../../config/kirk-key.pem + timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -ku admin:admin)" != "200" ]]; do sleep 5; done' + + ## Verify that the server is operational + #- name: Check OpenSearch Running on Linux + # if: ${{ runner.os != 'Windows'}} + # run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v + # shell: bash # OSD bootstrap - name: Run Dashboard with Security Dashboards Plugin From 4cf185da2846d3db8df4b1cc2f4de3cca57fbe2e Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 19 Sep 2023 12:16:24 -0700 Subject: [PATCH 015/114] Fix the directory of start up opensearch Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 38 ++++++++++----------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 1e9f35cd6..255dd4513 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -123,7 +123,7 @@ jobs: run: | ls pwd - /bin/bash -c "./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/bin/opensearch &" + /bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &" shell: bash # Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time! @@ -132,25 +132,25 @@ jobs: with: seconds: 300 - # Setting up certificates - - name: Setting Up Certificates - if: ${{ runner.os == 'Linux'}} - run: | - ls - pwd - echo "Setting up certificates" - chmod +x securityadmin.sh - ./securityadmin.sh -cd ../../../config/opensearch-security/ -icl -nhnv \ - -cacert ../../../config/root-ca.pem \ - -cert ../../../config/kirk.pem \ - -key ../../../config/kirk-key.pem - timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -ku admin:admin)" != "200" ]]; do sleep 5; done' + # # Setting up certificates + # - name: Setting Up Certificates + # if: ${{ runner.os == 'Linux'}} + # run: | + # ls + # pwd + # echo "Setting up certificates" + # chmod +x securityadmin.sh + # ./securityadmin.sh -cd ../../../config/opensearch-security/ -icl -nhnv \ + # -cacert ../../../config/root-ca.pem \ + # -cert ../../../config/kirk.pem \ + # -key ../../../config/kirk-key.pem + # timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -ku admin:admin)" != "200" ]]; do sleep 5; done' - ## Verify that the server is operational - #- name: Check OpenSearch Running on Linux - # if: ${{ runner.os != 'Windows'}} - # run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v - # shell: bash + # Verify that the server is operational + - name: Check OpenSearch Running on Linux + if: ${{ runner.os != 'Windows'}} + run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v + shell: bash # OSD bootstrap - name: Run Dashboard with Security Dashboards Plugin From 705740a581d591be0be9ebe85c669151f3eb503c Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 19 Sep 2023 14:03:26 -0700 Subject: [PATCH 016/114] Change the configuration of osd Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 255dd4513..0d0896e37 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -130,7 +130,7 @@ jobs: - name: Sleep while OpenSearch starts uses: peternied/action-sleep@v1 with: - seconds: 300 + seconds: 30 # # Setting up certificates # - name: Setting Up Certificates @@ -172,13 +172,14 @@ jobs: echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml - echo "opensearch_security.openid.connect_url: \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" >> ./config/opensearch_dashboards.yml - echo "opensearch_security.openid.client_id: \"opensearch\"" >> ./config/opensearch_dashboards.yml - echo "opensearch_security.openid.client_secret: \"${{ env.KEYCLOAK_CLIENT_SECRET }}\"">> ./config/opensearch_dashboards.yml - echo "opensearch_security.auth.type: [\"openid\"]" >> ./config/opensearch_dashboards.yml - echo "opensearch_security.auth.multiple_auth_enabled: true" >> ./config/opensearch_dashboards.yml - echo "opensearch_security.ui.openid.login.buttonname: \"OIDC\"" >> ./config/opensearch_dashboards.yml - echo "home.disableWelcomeScreen: true" >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.connect_url: "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.client_id: "opensearch"' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.client_secret: "${{ env.KEYCLOAK_CLIENT_SECRET }}"'>> ./config/opensearch_dashboards.yml + echo 'opensearch_security.auth.type: ["openid"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml + echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml + cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch & sleep 500 cd ./plugins/security-dashboards-plugin From b06228420c73323ea60e5ae33ee99fb4d2090894 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 19 Sep 2023 14:19:39 -0700 Subject: [PATCH 017/114] Change the oidc url to use 127 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 0d0896e37..599526236 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -172,7 +172,7 @@ jobs: echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.connect_url: "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.connect_url: "http://127.0.0.1:8080/auth/realms/master/.well-known/openid-configuration"' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.openid.client_id: "opensearch"' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.openid.client_secret: "${{ env.KEYCLOAK_CLIENT_SECRET }}"'>> ./config/opensearch_dashboards.yml echo 'opensearch_security.auth.type: ["openid"]' >> ./config/opensearch_dashboards.yml From 34df590c13f2a0e91adcc4c6c2fe26e9d612bb51 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 19 Sep 2023 14:39:46 -0700 Subject: [PATCH 018/114] Bump Cypress to 13.2.0 and change to yarn add for setup cypress env Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 19 +------------------ package.json | 2 +- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 599526236..e12d478ee 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -121,8 +121,6 @@ jobs: - name: Run OpenSearch with plugin on Linux if: ${{ runner.os == 'Linux'}} run: | - ls - pwd /bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &" shell: bash @@ -132,20 +130,6 @@ jobs: with: seconds: 30 - # # Setting up certificates - # - name: Setting Up Certificates - # if: ${{ runner.os == 'Linux'}} - # run: | - # ls - # pwd - # echo "Setting up certificates" - # chmod +x securityadmin.sh - # ./securityadmin.sh -cd ../../../config/opensearch-security/ -icl -nhnv \ - # -cacert ../../../config/root-ca.pem \ - # -cert ../../../config/kirk.pem \ - # -key ../../../config/kirk-key.pem - # timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -ku admin:admin)" != "200" ]]; do sleep 5; done' - # Verify that the server is operational - name: Check OpenSearch Running on Linux if: ${{ runner.os != 'Windows'}} @@ -179,9 +163,8 @@ jobs: echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml - cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch & sleep 500 cd ./plugins/security-dashboards-plugin - npm install cypress --save-dev + yarn add cypress --save-dev yarn cypress:run --browser chrome --spec 'cypress/e2e/oidc/*.js' diff --git a/package.json b/package.json index 521effc54..d2a83a841 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "@elastic/eslint-import-resolver-kibana": "link:../../packages/osd-eslint-import-resolver-opensearch-dashboards", "@testing-library/react-hooks": "^7.0.2", "@types/hapi__wreck": "^15.0.1", - "cypress": "^13.1.0", + "cypress": "^13.2.0", "cypress-mochawesome-reporter": "^3.3.0", "gulp-rename": "2.0.0", "jose": "^4.11.2", From 1cb131813bfd9c143535c9195f7898e3fe8d7d9c Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 19 Sep 2023 15:04:31 -0700 Subject: [PATCH 019/114] debugging the testing setup Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index e12d478ee..152477681 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -166,5 +166,7 @@ jobs: nohup yarn start --no-base-path --no-watch & sleep 500 cd ./plugins/security-dashboards-plugin + pwd + ls yarn add cypress --save-dev - yarn cypress:run --browser chrome --spec 'cypress/e2e/oidc/*.js' + yarn cypress:run --browser chrome --headless --spec 'cypress/e2e/oidc/*.js' --config integrationFolder=cypress/e2e From 18f70e3e52ca7b2c984a5d1266a238bb0a8b9c14 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 19 Sep 2023 15:25:36 -0700 Subject: [PATCH 020/114] Fix the cypress config Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- cypress.config.ts | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 152477681..4fced7b96 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -169,4 +169,4 @@ jobs: pwd ls yarn add cypress --save-dev - yarn cypress:run --browser chrome --headless --spec 'cypress/e2e/oidc/*.js' --config integrationFolder=cypress/e2e + yarn cypress:run --browser chrome --headless --spec 'cypress/e2e/oidc/*.js' diff --git a/cypress.config.ts b/cypress.config.ts index b5947edd1..4bff5c236 100644 --- a/cypress.config.ts +++ b/cypress.config.ts @@ -25,3 +25,5 @@ const CYPRESS_CONFIG = defineConfig({ specPattern: 'cypress/e2e/**/*.spec.js', }, }); + +export default CYPRESS_CONFIG; From 9e94191a8def7c6ad4fd1918cf9d07380a2103b3 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 19 Sep 2023 15:57:15 -0700 Subject: [PATCH 021/114] Switch to js for cypress config file Signed-off-by: Ryan Liang --- cypress.config.ts => cypress.config.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) rename cypress.config.ts => cypress.config.js (87%) diff --git a/cypress.config.ts b/cypress.config.js similarity index 87% rename from cypress.config.ts rename to cypress.config.js index 4bff5c236..f28b77047 100644 --- a/cypress.config.ts +++ b/cypress.config.js @@ -13,9 +13,9 @@ * permissions and limitations under the License. */ -import { defineConfig } from 'cypress'; +const { defineConfig } = require('cypress'); -const CYPRESS_CONFIG = defineConfig({ +module.exports = defineConfig({ defaultCommandTimeout: 60000, requestTimeout: 60000, responseTimeout: 60000, @@ -25,5 +25,3 @@ const CYPRESS_CONFIG = defineConfig({ specPattern: 'cypress/e2e/**/*.spec.js', }, }); - -export default CYPRESS_CONFIG; From 4cf07699454c3db84282c7f00b5ff5a0a715f726 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 11:39:14 -0700 Subject: [PATCH 022/114] Add timeout for test Signed-off-by: Ryan Liang --- cypress/e2e/oidc/oidc_test.spec.js | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cypress/e2e/oidc/oidc_test.spec.js b/cypress/e2e/oidc/oidc_test.spec.js index 3015885a8..da324ad9a 100644 --- a/cypress/e2e/oidc/oidc_test.spec.js +++ b/cypress/e2e/oidc/oidc_test.spec.js @@ -23,7 +23,7 @@ describe('Log in via OIDC', () => { const password = 'admin'; const kcLogin = () => { - cy.get('#kc-page-title').should('be.visible'); + cy.get('#kc-page-title', { timeout: 10000 }).should('be.visible'); cy.get('#username').type(login); cy.get('#password').type(password); cy.get('#kc-login').click(); @@ -33,7 +33,7 @@ describe('Log in via OIDC', () => { cy.get('#user-icon-btn').should('be.visible', { timeout: 15000 }); cy.get('#user-icon-btn').click(); cy.get('button[data-test-subj^="log-out-"]').click(); - cy.get('#kc-page-title').should('be.visible'); + cy.get('#kc-page-title', { timeout: 10000 }).should('be.visible'); }; afterEach(async () => { @@ -45,9 +45,9 @@ describe('Log in via OIDC', () => { kcLogin(); - cy.get('#osdOverviewPageHeader__title').should('be.visible'); + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); - cy.getCookie('security_authentication').should('exist'); + cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); cy.clearCookies(); }); @@ -58,7 +58,7 @@ describe('Log in via OIDC', () => { cy.get('button[data-test-subj="sendRequestButton"]').should('be.visible'); - cy.getCookie('security_authentication').should('exist'); + cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); cy.clearCookies(); }); @@ -69,7 +69,7 @@ describe('Log in via OIDC', () => { kcLogin(); - cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader').should('be.visible'); + cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication').should('exist'); cy.clearCookies(); @@ -80,20 +80,20 @@ describe('Log in via OIDC', () => { kcLogin(); - cy.get('#global').should('be.enabled'); + cy.get('#global', { timeout: 10000 }).should('be.enabled'); cy.get('#global').click({ force: true }); cy.get('button[data-test-subj="confirm"]').click(); - cy.get('#osdOverviewPageHeader__title').should('be.visible'); + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); logout(); kcLogin(); - cy.get('#user-icon-btn').should('be.visible'); + cy.get('#user-icon-btn', { timeout: 10000 }).should('be.visible'); cy.get('#user-icon-btn').click(); - cy.get('#tenantName').should('have.text', 'Global'); + cy.get('#tenantName', { timeout: 10000 }).should('have.text', 'Global'); }); }); From b59a39dd51d4ec35354b00ef30d5db85cf38f69f Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 12:15:40 -0700 Subject: [PATCH 023/114] Try some changes on status code Signed-off-by: Ryan Liang --- cypress.config.js | 1 + cypress/e2e/oidc/oidc_test.spec.js | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cypress.config.js b/cypress.config.js index f28b77047..30992a2b1 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -23,5 +23,6 @@ module.exports = defineConfig({ setupNodeEvents(on, config) {}, baseUrl: 'http://localhost:5601', specPattern: 'cypress/e2e/**/*.spec.js', + screenshotOnRunFailure: false, }, }); diff --git a/cypress/e2e/oidc/oidc_test.spec.js b/cypress/e2e/oidc/oidc_test.spec.js index da324ad9a..16529dc48 100644 --- a/cypress/e2e/oidc/oidc_test.spec.js +++ b/cypress/e2e/oidc/oidc_test.spec.js @@ -41,7 +41,7 @@ describe('Log in via OIDC', () => { }); it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { - cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/'); + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); kcLogin(); @@ -76,7 +76,7 @@ describe('Log in via OIDC', () => { }); it('Tenancy persisted after logout in OIDC', () => { - cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/'); + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { timeout: 10000 }); kcLogin(); From d8e5fb5d3dc579761ef5565caf6877171548a195 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 13:09:44 -0700 Subject: [PATCH 024/114] Update to use cy.origin Signed-off-by: Ryan Liang --- cypress.config.js | 1 - cypress/e2e/oidc/oidc_test.spec.js | 13 +++++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/cypress.config.js b/cypress.config.js index 30992a2b1..f28b77047 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -23,6 +23,5 @@ module.exports = defineConfig({ setupNodeEvents(on, config) {}, baseUrl: 'http://localhost:5601', specPattern: 'cypress/e2e/**/*.spec.js', - screenshotOnRunFailure: false, }, }); diff --git a/cypress/e2e/oidc/oidc_test.spec.js b/cypress/e2e/oidc/oidc_test.spec.js index 16529dc48..df7bfa28b 100644 --- a/cypress/e2e/oidc/oidc_test.spec.js +++ b/cypress/e2e/oidc/oidc_test.spec.js @@ -45,10 +45,15 @@ describe('Log in via OIDC', () => { kcLogin(); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); - - cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); - cy.clearCookies(); + cy.origin('http://localhost:5601', () => { + cy.get('button[data-test-subj="confirm"]').click(); + + + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + + cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + cy.clearCookies(); + }); }); it('Login to app/dev_tools#/console when OIDC is enabled', () => { From ff34560febc03e6936a95459d8f480b2385fac36 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 14:26:29 -0700 Subject: [PATCH 025/114] Fix lint Signed-off-by: Ryan Liang --- cypress/e2e/oidc/oidc_test.spec.js | 1 - 1 file changed, 1 deletion(-) diff --git a/cypress/e2e/oidc/oidc_test.spec.js b/cypress/e2e/oidc/oidc_test.spec.js index df7bfa28b..ec47e6471 100644 --- a/cypress/e2e/oidc/oidc_test.spec.js +++ b/cypress/e2e/oidc/oidc_test.spec.js @@ -48,7 +48,6 @@ describe('Log in via OIDC', () => { cy.origin('http://localhost:5601', () => { cy.get('button[data-test-subj="confirm"]').click(); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); From 58285c44066dec8af42e99ba8b1541601c56b650 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 15:27:33 -0700 Subject: [PATCH 026/114] Change to .cypress directory Signed-off-by: Ryan Liang --- .../e2e/oidc/oidc_test.spec.js | 28 +++++++++++++------ {cypress => .cypress}/support/e2e.js | 0 .gitignore | 3 +- cypress.config.js | 5 +++- 4 files changed, 26 insertions(+), 10 deletions(-) rename {cypress => .cypress}/e2e/oidc/oidc_test.spec.js (81%) rename {cypress => .cypress}/support/e2e.js (100%) diff --git a/cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js similarity index 81% rename from cypress/e2e/oidc/oidc_test.spec.js rename to .cypress/e2e/oidc/oidc_test.spec.js index ec47e6471..1f960bee0 100644 --- a/cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -43,6 +43,8 @@ describe('Log in via OIDC', () => { it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); + cy.wait(10000); + kcLogin(); cy.origin('http://localhost:5601', () => { @@ -56,14 +58,18 @@ describe('Log in via OIDC', () => { }); it('Login to app/dev_tools#/console when OIDC is enabled', () => { - cy.visit('http://localhost:5601/app/dev_tools#/console'); + cy.visit('http://localhost:5601/app/dev_tools#/console', { failOnStatusCode: false, timeout: 10000 }); - kcLogin(); + cy.wait(10000); - cy.get('button[data-test-subj="sendRequestButton"]').should('be.visible'); + kcLogin(); - cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); - cy.clearCookies(); + cy.origin('http://localhost:5601/app/dev_tools#/console', () => { + cy.get('button[data-test-subj="sendRequestButton"]').should('be.visible'); + + cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + cy.clearCookies(); + }); }); it('Login to Dashboard with Hash', () => { @@ -71,17 +77,23 @@ describe('Log in via OIDC', () => { `http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),refreshInterval:(pause:!f,value:900000),time:(from:now-24h,to:now))&_a=(description:'Analyze%20mock%20flight%20data%20for%20OpenSearch-Air,%20Logstash%20Airways,%20OpenSearch%20Dashboards%20Airlines%20and%20BeatsWest',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!t,title:'%5BFlights%5D%20Global%20Flight%20Dashboard',viewMode:view)` ); + cy.wait(10000); + kcLogin(); - cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader', { timeout: 10000 }).should('be.visible'); + cy.origin('http://localhost:5601', () => { + cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader', { timeout: 10000 }).should('be.visible'); - cy.getCookie('security_authentication').should('exist'); - cy.clearCookies(); + cy.getCookie('security_authentication').should('exist'); + cy.clearCookies(); + }); }); it('Tenancy persisted after logout in OIDC', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { timeout: 10000 }); + cy.wait(10000); + kcLogin(); cy.get('#global', { timeout: 10000 }).should('be.enabled'); diff --git a/cypress/support/e2e.js b/.cypress/support/e2e.js similarity index 100% rename from cypress/support/e2e.js rename to .cypress/support/e2e.js diff --git a/.gitignore b/.gitignore index c008cda8c..8c0a5901f 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,5 @@ yarn-error.log kibana-coverage/ .DS_Store .idea/ -cypress/screenshots +.cypress/screenshots +.cypress/downloads diff --git a/cypress.config.js b/cypress.config.js index f28b77047..7eaa7db20 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -16,12 +16,15 @@ const { defineConfig } = require('cypress'); module.exports = defineConfig({ + screenshotsFolder: '.cypress/screenshots', + downloadsFolder: '.cypress/downloads', defaultCommandTimeout: 60000, requestTimeout: 60000, responseTimeout: 60000, e2e: { setupNodeEvents(on, config) {}, + supportFile: ".cypress/support/e2e.js", baseUrl: 'http://localhost:5601', - specPattern: 'cypress/e2e/**/*.spec.js', + specPattern: '.cypress/e2e/**/*.spec.js', }, }); From 99d99b4305b52fcd98b8eeba4d9c0619d1533b84 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 15:51:00 -0700 Subject: [PATCH 027/114] Fix spec path in workflow Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 4fced7b96..fcf21b1f5 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -169,4 +169,4 @@ jobs: pwd ls yarn add cypress --save-dev - yarn cypress:run --browser chrome --headless --spec 'cypress/e2e/oidc/*.js' + yarn cypress:run --browser chrome --headless --spec '.cypress/e2e/oidc/*.js' From 29343689f792b111209bbc1227bfc018e35f31cc Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 16:17:42 -0700 Subject: [PATCH 028/114] Extend wait to 15s Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 10 +++++----- cypress.config.js | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index 1f960bee0..480c8178f 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -43,7 +43,7 @@ describe('Log in via OIDC', () => { it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); - cy.wait(10000); + cy.wait(15000); kcLogin(); @@ -60,7 +60,7 @@ describe('Log in via OIDC', () => { it('Login to app/dev_tools#/console when OIDC is enabled', () => { cy.visit('http://localhost:5601/app/dev_tools#/console', { failOnStatusCode: false, timeout: 10000 }); - cy.wait(10000); + cy.wait(15000); kcLogin(); @@ -77,7 +77,7 @@ describe('Log in via OIDC', () => { `http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),refreshInterval:(pause:!f,value:900000),time:(from:now-24h,to:now))&_a=(description:'Analyze%20mock%20flight%20data%20for%20OpenSearch-Air,%20Logstash%20Airways,%20OpenSearch%20Dashboards%20Airlines%20and%20BeatsWest',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!t,title:'%5BFlights%5D%20Global%20Flight%20Dashboard',viewMode:view)` ); - cy.wait(10000); + cy.wait(15000); kcLogin(); @@ -90,9 +90,9 @@ describe('Log in via OIDC', () => { }); it('Tenancy persisted after logout in OIDC', () => { - cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { timeout: 10000 }); + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); - cy.wait(10000); + cy.wait(15000); kcLogin(); diff --git a/cypress.config.js b/cypress.config.js index 7eaa7db20..d4c9c3742 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -23,7 +23,7 @@ module.exports = defineConfig({ responseTimeout: 60000, e2e: { setupNodeEvents(on, config) {}, - supportFile: ".cypress/support/e2e.js", + supportFile: '.cypress/support/e2e.js', baseUrl: 'http://localhost:5601', specPattern: '.cypress/e2e/**/*.spec.js', }, From 813cc0b2d952c5bcb3c5052b9decae970e9d012b Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 16:44:57 -0700 Subject: [PATCH 029/114] extend sleep time to 700s Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index fcf21b1f5..025df03da 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -164,7 +164,7 @@ jobs: echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch & - sleep 500 + sleep 700 cd ./plugins/security-dashboards-plugin pwd ls From 6d6988dcd3dd2f025ff2215db2b4bba670485bd4 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 20:24:16 -0700 Subject: [PATCH 030/114] Refactor the test Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 62 +++++++++++++++++++---------- 1 file changed, 40 insertions(+), 22 deletions(-) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index 480c8178f..f1702e251 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -36,9 +36,10 @@ describe('Log in via OIDC', () => { cy.get('#kc-page-title', { timeout: 10000 }).should('be.visible'); }; - afterEach(async () => { - logout(); - }); + // beforeEach(async () => { + // //logout(); + // cy.clearCookies(); + // }); it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); @@ -48,12 +49,12 @@ describe('Log in via OIDC', () => { kcLogin(); cy.origin('http://localhost:5601', () => { - cy.get('button[data-test-subj="confirm"]').click(); + //cy.wait(5000); + //cy.get('button[data-test-subj="confirm"]').click(); cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); - cy.clearCookies(); }); }); @@ -64,11 +65,19 @@ describe('Log in via OIDC', () => { kcLogin(); - cy.origin('http://localhost:5601/app/dev_tools#/console', () => { - cy.get('button[data-test-subj="sendRequestButton"]').should('be.visible'); + cy.origin('http://localhost:5601', () => { + //cy.get('button[data-test-subj="confirm"]').click(); + cy.visit('http://localhost:5601/app/dev_tools#/console'); + + cy.wait(5000); + cy.get('button[data-test-subj="confirm"]').click(); + cy.wait(5000); + cy.get('a').contains('Dev Tools').should('be.visible'); + //cy.get('button[data-test-subj="help-close-button"]').click(); + //cy.wait(5000); + //cy.get('button[data-test-subj="sendRequestButton"]').should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); - cy.clearCookies(); }); }); @@ -85,7 +94,6 @@ describe('Log in via OIDC', () => { cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication').should('exist'); - cy.clearCookies(); }); }); @@ -96,20 +104,30 @@ describe('Log in via OIDC', () => { kcLogin(); - cy.get('#global', { timeout: 10000 }).should('be.enabled'); - cy.get('#global').click({ force: true }); - - cy.get('button[data-test-subj="confirm"]').click(); - - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); - - logout(); - - kcLogin(); + cy.origin('http://localhost:5601', () => { + cy.get('#private', { timeout: 10000 }).should('be.enabled'); + cy.get('#private').click({ force: true }); + cy.wait(5000); + cy.get('button[data-test-subj="confirm"]').click(); + cy.wait(5000); + cy.get('button[aria-label="Closes this modal window"]').click(); + + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + + //logout(); + cy.get('button[id="user-icon-btn"]').click(); + cy.wait(1500); + cy.get('button[data-test-subj^="log-out-"]').click(); + }); - cy.get('#user-icon-btn', { timeout: 10000 }).should('be.visible'); - cy.get('#user-icon-btn').click(); + kcLogin(); + + cy.origin('http://localhost:5601', () => { - cy.get('#tenantName', { timeout: 10000 }).should('have.text', 'Global'); + cy.get('#user-icon-btn', { timeout: 10000 }).should('be.visible'); + cy.get('#user-icon-btn').click(); + + cy.get('#tenantName', { timeout: 10000 }).should('have.text', 'Private'); + }); }); }); From c5f0b1bfa42ac6ca557926e72a64bba5fc696030 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 20 Sep 2023 20:57:23 -0700 Subject: [PATCH 031/114] change to localhost Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 025df03da..390659e20 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -146,7 +146,7 @@ jobs: - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases run: | cd ./OpenSearch-Dashboards - echo 'server.host: "0.0.0.0"' >> ./config/opensearch_dashboards.yml + echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml From bc8ac05dd17f9d13b98a5ca0a3d5fa10681589aa Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 00:35:45 -0700 Subject: [PATCH 032/114] Linux runner ready without comments Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index f1702e251..52ebaaf4a 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -36,11 +36,6 @@ describe('Log in via OIDC', () => { cy.get('#kc-page-title', { timeout: 10000 }).should('be.visible'); }; - // beforeEach(async () => { - // //logout(); - // cy.clearCookies(); - // }); - it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); @@ -49,9 +44,6 @@ describe('Log in via OIDC', () => { kcLogin(); cy.origin('http://localhost:5601', () => { - //cy.wait(5000); - //cy.get('button[data-test-subj="confirm"]').click(); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); @@ -66,16 +58,12 @@ describe('Log in via OIDC', () => { kcLogin(); cy.origin('http://localhost:5601', () => { - //cy.get('button[data-test-subj="confirm"]').click(); cy.visit('http://localhost:5601/app/dev_tools#/console'); cy.wait(5000); cy.get('button[data-test-subj="confirm"]').click(); cy.wait(5000); cy.get('a').contains('Dev Tools').should('be.visible'); - //cy.get('button[data-test-subj="help-close-button"]').click(); - //cy.wait(5000); - //cy.get('button[data-test-subj="sendRequestButton"]').should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); }); @@ -114,7 +102,6 @@ describe('Log in via OIDC', () => { cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); - //logout(); cy.get('button[id="user-icon-btn"]').click(); cy.wait(1500); cy.get('button[data-test-subj^="log-out-"]').click(); From edf3bdcefcdea8e389db8f1fd716e4732006bb0d Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 09:46:56 -0700 Subject: [PATCH 033/114] Enhance the first test case Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index 52ebaaf4a..eb38e42b7 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -44,6 +44,12 @@ describe('Log in via OIDC', () => { kcLogin(); cy.origin('http://localhost:5601', () => { + cy.wait(5000); + cy.get('button[data-test-subj="confirm"]').click(); + + cy.wait(5000) + cy.get('button[aria-label="Closes this modal window"]').click(); + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); From a8a02ecff89b011272af7c528794f3092731f009 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 10:16:41 -0700 Subject: [PATCH 034/114] Seprate the run cypress tasks Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 390659e20..b5c685c85 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -165,8 +165,9 @@ jobs: echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch & sleep 700 + + - name: Run Cypress + run : | cd ./plugins/security-dashboards-plugin - pwd - ls yarn add cypress --save-dev yarn cypress:run --browser chrome --headless --spec '.cypress/e2e/oidc/*.js' From 1939733972193261e40d11024ee8bf07a093da53 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 10:47:25 -0700 Subject: [PATCH 035/114] Add debugging statement Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index b5c685c85..c39cf97b0 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -168,6 +168,8 @@ jobs: - name: Run Cypress run : | + pwd + ls cd ./plugins/security-dashboards-plugin yarn add cypress --save-dev yarn cypress:run --browser chrome --headless --spec '.cypress/e2e/oidc/*.js' From 27bc0b77b8e8c5af70516dbe03a67927394c3250 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 11:16:43 -0700 Subject: [PATCH 036/114] Reduce the timeout to 600s Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index c39cf97b0..7c08bc742 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -164,12 +164,9 @@ jobs: echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch & - sleep 700 + sleep 600 - name: Run Cypress run : | - pwd - ls - cd ./plugins/security-dashboards-plugin yarn add cypress --save-dev yarn cypress:run --browser chrome --headless --spec '.cypress/e2e/oidc/*.js' From 7f153e6b21190f2eec6542b3e37e37dd5d467288 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 13:24:06 -0700 Subject: [PATCH 037/114] Linux stable version commit Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index eb38e42b7..7ecb2d6e8 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -29,13 +29,6 @@ describe('Log in via OIDC', () => { cy.get('#kc-login').click(); }; - const logout = () => { - cy.get('#user-icon-btn').should('be.visible', { timeout: 15000 }); - cy.get('#user-icon-btn').click(); - cy.get('button[data-test-subj^="log-out-"]').click(); - cy.get('#kc-page-title', { timeout: 10000 }).should('be.visible'); - }; - it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); @@ -46,7 +39,7 @@ describe('Log in via OIDC', () => { cy.origin('http://localhost:5601', () => { cy.wait(5000); cy.get('button[data-test-subj="confirm"]').click(); - + cy.wait(5000) cy.get('button[aria-label="Closes this modal window"]').click(); From 9394fb95f8f01ee9602ba52a3d424997c494bad9 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 13:38:24 -0700 Subject: [PATCH 038/114] Add windows runner commit 0 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 50 +++++++++++++++++++-- 1 file changed, 47 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 7c08bc742..432b2bdbe 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -16,7 +16,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest ] #linux only + os: [ ubuntu-latest, windows-latest ] runs-on: ${{ matrix.os }} steps: @@ -66,6 +66,12 @@ jobs: plugin-name: ${{ env.PLUGIN_NAME }} plugin-version: ${{ env.PLUGIN_VERSION }} + # Configure longpath names if on Windows + - name: Enable Longpaths if on Windows + if: ${{ runner.os == 'Windows' }} + run: git config --system core.longpaths true + shell: pwsh + # Download OpenSearch - name: Download OpenSearch for Linux uses: peternied/download-file@v2 @@ -73,7 +79,13 @@ jobs: with: url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz - # Extract downloaded zip + - name: Download OpenSearch for Windows + uses: peternied/download-file@v2 + if: ${{ runner.os == 'Windows' }} + with: + url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-windows-x64-latest.zip + + # Extract downloaded tar/zip - name: Extract downloaded tar if: ${{ runner.os == 'Linux' }} run: | @@ -81,6 +93,13 @@ jobs: rm -f opensearch-*.tar.gz shell: bash + - name: Extract downloaded zip + if: ${{ runner.os == 'Windows' }} + run: | + tar -xzf opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-windows-x64-latest.zip + del opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-windows-x64-latest.zip + shell: pwsh + # Install the security plugin - name: Install Plugin into OpenSearch for Linux if: ${{ runner.os == 'Linux'}} @@ -88,10 +107,15 @@ jobs: chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip" shell: bash + + - name: Install Plugin into OpenSearch for Windows + if: ${{ runner.os == 'Windows'}} + run: | + 'y' | .\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\bin\opensearch-plugin.bat install file:$(pwd)\${{ env.OPENSEARCH_VERSION }}.zip + shell: pwsh # Add OIDC Configuration - name: Injecting OIDC Configuration - if: ${{ runner.os == 'Linux' }} run: | echo "Injecting OIDC configuration" cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ @@ -117,6 +141,11 @@ jobs: ./setup.sh shell: bash + - name: Run Setup Script for Windows + if: ${{ runner.os == 'Windows' }} + run: .\setup.bat + shell: pwsh + # Run OpenSearch - name: Run OpenSearch with plugin on Linux if: ${{ runner.os == 'Linux'}} @@ -124,6 +153,11 @@ jobs: /bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &" shell: bash + - name: Run OpenSearch with plugin on Windows + if: ${{ runner.os == 'Windows'}} + run: start .\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\bin\opensearch.bat + shell: pwsh + # Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time! - name: Sleep while OpenSearch starts uses: peternied/action-sleep@v1 @@ -136,6 +170,16 @@ jobs: run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v shell: bash + - name: Check OpenSearch Running on Windows + if: ${{ runner.os == 'Windows'}} + run: | + $credentialBytes = [Text.Encoding]::ASCII.GetBytes("admin:admin") + $encodedCredentials = [Convert]::ToBase64String($credentialBytes) + $baseCredentials = "Basic $encodedCredentials" + $Headers = @{ Authorization = $baseCredentials } + Invoke-WebRequest -SkipCertificateCheck -Uri 'https://localhost:9200/_cat/plugins' -Headers $Headers; + shell: pwsh + # OSD bootstrap - name: Run Dashboard with Security Dashboards Plugin uses: ./.github/actions/install-dashboards From 1612093ac8e2908e0e5e2807030b8275bdc28080 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 14:19:02 -0700 Subject: [PATCH 039/114] Add windows runner commit 1 - kc setup task Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 28 ++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 432b2bdbe..99a49a934 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -36,7 +36,9 @@ jobs: echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV shell: bash - - name: Get and run Keycloak + # Setup and Run Keycloak + - name: Get and run Keycloak on Linux + if: ${{ runner.os == 'Linux' }} run: | echo "Downloading Keycloak ${{ env.KEYCLOAK_VERSION }}" wget https://github.com/keycloak/keycloak/releases/download/${{ env.KEYCLOAK_VERSION }}/keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz @@ -59,6 +61,30 @@ jobs: echo "Creating client mapper" ./kcadm.sh create clients/$CID/protocol-mappers/models -r master -s 'config."id.token.claim"=true' -s 'config."multivalued"=true' -s 'config."claim.name"="roles"' -s 'config."userinfo.token.claim"=true' -s 'config."access.token.claim"=true' -s 'name=rolemapper' -s 'protocolMapper=oidc-usermodel-realm-role-mapper' -s "protocol=openid-connect" + - name: Get and run Keycloak on Windows + if: ${{ runner.os == 'Windows' }} + run: | + Write-Host "Downloading Keycloak ${{ env.KEYCLOAK_VERSION }}" + Invoke-WebRequest -Uri "https://github.com/keycloak/keycloak/releases/download/${{ env.KEYCLOAK_VERSION }}/keycloak-${{ env.KEYCLOAK_VERSION }}.zip" -OutFile keycloak.zip + Write-Host "Unpacking Keycloak" + Expand-Archive -Path keycloak.zip -DestinationPath ./ + $Env:KEYCLOAK_ADMIN="admin" + $Env:KEYCLOAK_ADMIN_PASSWORD="admin" + Set-Location "keycloak-${{ env.KEYCLOAK_VERSION }}/bin" + Write-Host "Starting keycloak" + Start-Process -NoNewWindow ./kc.bat -ArgumentList 'start-dev', '--http-enabled=true', '--hostname-strict-https=false', '--http-host=localhost', '--http-relative-path=/auth', '--health-enabled=true' + while ((Invoke-WebRequest -Uri 'http://localhost:8080/auth/health' -Method Get -UseBasicParsing).StatusCode -ne 200) { Start-Sleep -Seconds 5 } + Write-Host "Creating client" + ./kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user $Env:KEYCLOAK_ADMIN --password $Env:KEYCLOAK_ADMIN_PASSWORD + $CID = ./kcadm.bat create clients -r master -s clientId=opensearch -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i + ./kcadm.bat get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp + Write-Host "Getting client secret for dashboards configuration purpose" + $secret = (Get-Content tmp | Select-String -Pattern '"secret" : "([^"]+)"' | ForEach-Object { $_.Matches.Groups[1].Value }) + Add-Content -Value "KEYCLOAK_CLIENT_SECRET=$secret" -Path $env:GITHUB_ENV + Write-Host "Creating client mapper" + ./kcadm.bat create clients/$CID/protocol-mappers/models -r master -s 'config."id.token.claim"=true' -s 'config."multivalued"=true' -s 'config."claim.name"="roles"' -s 'config."userinfo.token.claim"=true' -s 'config."access.token.claim"=true' -s 'name=rolemapper' -s 'protocolMapper=oidc-usermodel-realm-role-mapper' -s "protocol=openid-connect" + shell: pwsh + - name: Download security plugin and create setup scripts uses: ./.github/actions/download-plugin with: From c9cdc9b0bf7664cd1cab96b3148b599c3cc1d174 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 14:28:10 -0700 Subject: [PATCH 040/114] Add retry for keycloak on windows Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 26 ++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 99a49a934..c5fd461a7 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -71,9 +71,33 @@ jobs: $Env:KEYCLOAK_ADMIN="admin" $Env:KEYCLOAK_ADMIN_PASSWORD="admin" Set-Location "keycloak-${{ env.KEYCLOAK_VERSION }}/bin" + Write-Host "Starting keycloak" Start-Process -NoNewWindow ./kc.bat -ArgumentList 'start-dev', '--http-enabled=true', '--hostname-strict-https=false', '--http-host=localhost', '--http-relative-path=/auth', '--health-enabled=true' - while ((Invoke-WebRequest -Uri 'http://localhost:8080/auth/health' -Method Get -UseBasicParsing).StatusCode -ne 200) { Start-Sleep -Seconds 5 } + Start-Sleep -Seconds 30 + $retryCount = 0 + $maximumRetries = 20 + $delayBetweenRetries = 15 # in seconds + while ($retryCount -lt $maximumRetries) { + try { + $response = Invoke-WebRequest -Uri 'http://localhost:8080/auth/health' -Method Get -UseBasicParsing -ErrorAction Stop + if ($response.StatusCode -eq 200) { + break + } else { + Write-Host "Unexpected status code $($response.StatusCode). Retrying in $delayBetweenRetries seconds..." + Start-Sleep -Seconds $delayBetweenRetries + $retryCount++ + } + } catch { + Write-Host "Error encountered: $_. Retrying in $delayBetweenRetries seconds..." + Start-Sleep -Seconds $delayBetweenRetries + $retryCount++ + } + } + if ($retryCount -eq $maximumRetries) { + throw "Maximum retry attempts reached. Keycloak might not be running correctly." + } + Write-Host "Creating client" ./kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user $Env:KEYCLOAK_ADMIN --password $Env:KEYCLOAK_ADMIN_PASSWORD $CID = ./kcadm.bat create clients -r master -s clientId=opensearch -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i From c00176e18d24fc1299d0f84dc89a8f270794325f Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 14:37:37 -0700 Subject: [PATCH 041/114] Fix the redirectUris array list format for windows kc setup Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index c5fd461a7..75edb88fb 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -100,7 +100,7 @@ jobs: Write-Host "Creating client" ./kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user $Env:KEYCLOAK_ADMIN --password $Env:KEYCLOAK_ADMIN_PASSWORD - $CID = ./kcadm.bat create clients -r master -s clientId=opensearch -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i + $CID = ./kcadm.bat create clients -r master -s clientId=opensearch -s redirectUris=\""["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]"\" -i ./kcadm.bat get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp Write-Host "Getting client secret for dashboards configuration purpose" $secret = (Get-Content tmp | Select-String -Pattern '"secret" : "([^"]+)"' | ForEach-Object { $_.Matches.Groups[1].Value }) From 278b1d3650f0e066b0412ccd47f613754d6bcdc1 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 14:43:06 -0700 Subject: [PATCH 042/114] Try another formatting of command Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 75edb88fb..3017cbb8e 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -100,7 +100,8 @@ jobs: Write-Host "Creating client" ./kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user $Env:KEYCLOAK_ADMIN --password $Env:KEYCLOAK_ADMIN_PASSWORD - $CID = ./kcadm.bat create clients -r master -s clientId=opensearch -s redirectUris=\""["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]"\" -i + $command = "./kcadm.bat create clients -r master -s clientId=opensearch -s redirectUris=`"[`"http://localhost:5603/auth/openid/login`",`"http://localhost:5601`",`"http://localhost:5601/auth/openid/login`"]`" -i" + $CID = Invoke-Expression $command ./kcadm.bat get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp Write-Host "Getting client secret for dashboards configuration purpose" $secret = (Get-Content tmp | Select-String -Pattern '"secret" : "([^"]+)"' | ForEach-Object { $_.Matches.Groups[1].Value }) From 4391e9a6cd060ce9060e742441bbeddd632b8c97 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 14:47:51 -0700 Subject: [PATCH 043/114] Try single quote on redirect uris Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 3017cbb8e..122bc41df 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -100,8 +100,8 @@ jobs: Write-Host "Creating client" ./kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user $Env:KEYCLOAK_ADMIN --password $Env:KEYCLOAK_ADMIN_PASSWORD - $command = "./kcadm.bat create clients -r master -s clientId=opensearch -s redirectUris=`"[`"http://localhost:5603/auth/openid/login`",`"http://localhost:5601`",`"http://localhost:5601/auth/openid/login`"]`" -i" - $CID = Invoke-Expression $command + $command = "./kcadm.bat create clients -r master -s clientId=opensearch -s redirectUris=`"['http://localhost:5603/auth/openid/login','http://localhost:5601','http://localhost:5601/auth/openid/login']`" -i" + $CID = Invoke-Expression $command ./kcadm.bat get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp Write-Host "Getting client secret for dashboards configuration purpose" $secret = (Get-Content tmp | Select-String -Pattern '"secret" : "([^"]+)"' | ForEach-Object { $_.Matches.Groups[1].Value }) From 6647a49ac1b72a0d441c6eb5c6f52668316314a3 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 14:57:19 -0700 Subject: [PATCH 044/114] Try json approach Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 122bc41df..c29004108 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -100,8 +100,19 @@ jobs: Write-Host "Creating client" ./kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user $Env:KEYCLOAK_ADMIN --password $Env:KEYCLOAK_ADMIN_PASSWORD - $command = "./kcadm.bat create clients -r master -s clientId=opensearch -s redirectUris=`"['http://localhost:5603/auth/openid/login','http://localhost:5601','http://localhost:5601/auth/openid/login']`" -i" - $CID = Invoke-Expression $command + $jsonContent = @{ + clientId = "opensearch" + redirectUris = @( + "http://localhost:5603/auth/openid/login", + "http://localhost:5601", + "http://localhost:5601/auth/openid/login" + ) + } | ConvertTo-Json + + $jsonContent | Out-File -Path .\client-config.json + + $CID = ./kcadm.bat create clients -r master -f .\client-config.json -i + ./kcadm.bat get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp Write-Host "Getting client secret for dashboards configuration purpose" $secret = (Get-Content tmp | Select-String -Pattern '"secret" : "([^"]+)"' | ForEach-Object { $_.Matches.Groups[1].Value }) From 48005eb649e28f5efebff93b4045e72efd667b86 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 15:32:21 -0700 Subject: [PATCH 045/114] Try to fix the client mapper Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index c29004108..1473f6b14 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -114,11 +114,30 @@ jobs: $CID = ./kcadm.bat create clients -r master -f .\client-config.json -i ./kcadm.bat get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp + Write-Host "Getting client secret for dashboards configuration purpose" $secret = (Get-Content tmp | Select-String -Pattern '"secret" : "([^"]+)"' | ForEach-Object { $_.Matches.Groups[1].Value }) Add-Content -Value "KEYCLOAK_CLIENT_SECRET=$secret" -Path $env:GITHUB_ENV + + Write-Host "Generating client mapper configuration" + $mapperConfigContent = @" + { + "config": { + "id.token.claim": "true", + "multivalued": "true", + "claim.name": "roles", + "userinfo.token.claim": "true", + "access.token.claim": "true" + }, + "name": "rolemapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "protocol": "openid-connect" + } + "@ + Set-Content -Value $mapperConfigContent -Path ./mapper-config.json + Write-Host "Creating client mapper" - ./kcadm.bat create clients/$CID/protocol-mappers/models -r master -s 'config."id.token.claim"=true' -s 'config."multivalued"=true' -s 'config."claim.name"="roles"' -s 'config."userinfo.token.claim"=true' -s 'config."access.token.claim"=true' -s 'name=rolemapper' -s 'protocolMapper=oidc-usermodel-realm-role-mapper' -s "protocol=openid-connect" + ./kcadm.bat create clients/$CID/protocol-mappers/models -r master -f ./mapper-config.json shell: pwsh - name: Download security plugin and create setup scripts From 229f3f20c7091d372756b4a695a0abb926d94428 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 15:45:09 -0700 Subject: [PATCH 046/114] Fix the workflow's plugin name and fix the flaky of dev tool test case Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 4 ++++ .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index 7ecb2d6e8..5ed0ac32b 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -61,6 +61,10 @@ describe('Log in via OIDC', () => { cy.wait(5000); cy.get('button[data-test-subj="confirm"]').click(); + + cy.wait(5000); + cy.get('button[aria-label="Close this dialog"]'); + cy.wait(5000); cy.get('a').contains('Dev Tools').should('be.visible'); diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 1473f6b14..cb8a1abb5 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -192,7 +192,7 @@ jobs: - name: Install Plugin into OpenSearch for Windows if: ${{ runner.os == 'Windows'}} run: | - 'y' | .\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\bin\opensearch-plugin.bat install file:$(pwd)\${{ env.OPENSEARCH_VERSION }}.zip + 'y' | .\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\bin\opensearch-plugin.bat install file:$(pwd)\opensearch-security.zip shell: pwsh # Add OIDC Configuration From 0900027cb3e26489d62887afda888098d285ace5 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 15:56:36 -0700 Subject: [PATCH 047/114] Add windows script for Add OIDC Configuration, by using yq Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index cb8a1abb5..5067e28de 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -196,7 +196,8 @@ jobs: shell: pwsh # Add OIDC Configuration - - name: Injecting OIDC Configuration + - name: Injecting OIDC Configuration for Linux + if: ${{ runner.os == 'Linux'}} run: | echo "Injecting OIDC configuration" cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ @@ -212,6 +213,24 @@ jobs: yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" config.yml yq -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml cd ../../.. + + - name: Injecting OIDC Configuration for Windows + if: ${{ runner.os == 'Windows' }} + shell: pwsh + run: | + echo "Injecting OIDC configuration" + cd .\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\config\opensearch-security\ + Invoke-WebRequest -Uri https://github.com/mikefarah/yq/releases/latest/download/yq_windows_amd64.exe -OutFile yq.exe + .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_enabled = true" config.yml + .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.transport_enabled = true" config.yml + .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.order = 1" config.yml + .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.type = \"openid\"" config.yml + .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false" config.yml + .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = \"preferred_username\"" config.yml + .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = \"roles\"" config.yml + .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" config.yml + .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml + cd ..\..\.. # Run any configuration scripts - name: Run Setup Script for Linux From d9760d259539997fc705279d2e5b511611ce3e56 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 16:04:23 -0700 Subject: [PATCH 048/114] Switch the cd in to Set-location -Path Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 26 ++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 5067e28de..1674b0c00 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -216,21 +216,21 @@ jobs: - name: Injecting OIDC Configuration for Windows if: ${{ runner.os == 'Windows' }} - shell: pwsh run: | echo "Injecting OIDC configuration" - cd .\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\config\opensearch-security\ - Invoke-WebRequest -Uri https://github.com/mikefarah/yq/releases/latest/download/yq_windows_amd64.exe -OutFile yq.exe - .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_enabled = true" config.yml - .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.transport_enabled = true" config.yml - .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.order = 1" config.yml - .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.type = \"openid\"" config.yml - .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false" config.yml - .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = \"preferred_username\"" config.yml - .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = \"roles\"" config.yml - .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" config.yml - .\yq.exe -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml - cd ..\..\.. + Set-Location -Path ".\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\config\opensearch-security\" + Invoke-WebRequest -Uri "https://github.com/mikefarah/yq/releases/latest/download/yq_windows_amd64.exe" -OutFile yq.exe + .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_enabled = true' config.yml + .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.transport_enabled = true' config.yml + .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.order = 1' config.yml + .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.type = "openid"' config.yml + .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false' config.yml + .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = "preferred_username"' config.yml + .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = "roles"' config.yml + .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' config.yml + .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.authentication_backend.type = "noop"' config.yml + Set-Location -Path "..\..\.." + shell: pwsh # Run any configuration scripts - name: Run Setup Script for Linux From c43a63161f5d6fa4c1a4480be13906281a1c0a44 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 21 Sep 2023 16:31:58 -0700 Subject: [PATCH 049/114] Add a cat for security config for debugging windows yq Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 1674b0c00..ccbdfba83 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -220,15 +220,17 @@ jobs: echo "Injecting OIDC configuration" Set-Location -Path ".\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\config\opensearch-security\" Invoke-WebRequest -Uri "https://github.com/mikefarah/yq/releases/latest/download/yq_windows_amd64.exe" -OutFile yq.exe - .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_enabled = true' config.yml - .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.transport_enabled = true' config.yml - .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.order = 1' config.yml - .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.type = "openid"' config.yml - .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false' config.yml - .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = "preferred_username"' config.yml - .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = "roles"' config.yml - .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' config.yml - .\yq.exe -i '.config.dynamic.authc.openid_auth_domain.authentication_backend.type = "noop"' config.yml + cat config.yml + .\yq.exe --version + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_enabled = true' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.transport_enabled = true' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.order = 1' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.type = "openid"' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = "preferred_username"' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = "roles"' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.authentication_backend.type = "noop"' config.yml -i Set-Location -Path "..\..\.." shell: pwsh From 9da656af23ad869b8c1e04f2bbba0836c33f19f9 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 22 Sep 2023 09:59:15 -0700 Subject: [PATCH 050/114] Modify injecting oidc config task Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index ccbdfba83..5ddcacfd8 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -222,15 +222,10 @@ jobs: Invoke-WebRequest -Uri "https://github.com/mikefarah/yq/releases/latest/download/yq_windows_amd64.exe" -OutFile yq.exe cat config.yml .\yq.exe --version - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_enabled = true' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.transport_enabled = true' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.order = 1' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.type = "openid"' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = "preferred_username"' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = "roles"' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.authentication_backend.type = "noop"' config.yml -i + + # Add openid_auth_domain structure to the config.yml + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain = {"http_enabled": true, "transport_enabled": true, "order": 1, "http_authenticator": {"type": "openid", "challenge": false, "config": {"subject_key": "preferred_username", "roles_key": "roles", "openid_connect_url": "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"}}, "authentication_backend": {"type": "noop"}}' config.yml -i + Set-Location -Path "..\..\.." shell: pwsh From da58f817ba6a6e20b07038dd818734c0eda500a3 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 22 Sep 2023 10:29:03 -0700 Subject: [PATCH 051/114] Modify injecting oidc config task - 2 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 5ddcacfd8..f5b10c6d5 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -223,12 +223,21 @@ jobs: cat config.yml .\yq.exe --version - # Add openid_auth_domain structure to the config.yml - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain = {"http_enabled": true, "transport_enabled": true, "order": 1, "http_authenticator": {"type": "openid", "challenge": false, "config": {"subject_key": "preferred_username", "roles_key": "roles", "openid_connect_url": "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"}}, "authentication_backend": {"type": "noop"}}' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain = {}' config.yml -i + + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_enabled = true' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.transport_enabled = true' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.order = 1' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.type = "openid"' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = "preferred_username"' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = "roles"' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' config.yml -i + .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.authentication_backend.type = "noop"' config.yml -i Set-Location -Path "..\..\.." shell: pwsh - + # Run any configuration scripts - name: Run Setup Script for Linux if: ${{ runner.os == 'Linux' }} From 0516d83e6f905b890fae9470cf466e5a95289b0c Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 22 Sep 2023 13:00:31 -0700 Subject: [PATCH 052/114] Try overwriting instead of injecting Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 90 ++++++++++++++++----- 1 file changed, 71 insertions(+), 19 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index f5b10c6d5..5bfee60d8 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -214,27 +214,79 @@ jobs: yq -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml cd ../../.. - - name: Injecting OIDC Configuration for Windows + #- name: Injecting OIDC Configuration for Windows + # if: ${{ runner.os == 'Windows' }} + # run: | + # echo "Injecting OIDC configuration" + # Set-Location -Path ".\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\config\opensearch-security\" + # Invoke-WebRequest -Uri "https://github.com/mikefarah/yq/releases/latest/download/yq_windows_amd64.exe" -OutFile yq.exe + # cat config.yml + # .\yq.exe --version + # + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain = {}' config.yml -i + # + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_enabled = true' config.yml -i + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.transport_enabled = true' config.yml -i + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.order = 1' config.yml -i + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.type = "openid"' config.yml -i + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false' config.yml -i + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = "preferred_username"' config.yml -i + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = "roles"' config.yml -i + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' config.yml -i + # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.authentication_backend.type = "noop"' config.yml -i + # + # Set-Location -Path "..\..\.." + # shell: pwsh + + - name: Overwriting Configuration for Windows with OIDC if: ${{ runner.os == 'Windows' }} run: | - echo "Injecting OIDC configuration" - Set-Location -Path ".\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\config\opensearch-security\" - Invoke-WebRequest -Uri "https://github.com/mikefarah/yq/releases/latest/download/yq_windows_amd64.exe" -OutFile yq.exe - cat config.yml - .\yq.exe --version - - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain = {}' config.yml -i - - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_enabled = true' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.transport_enabled = true' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.order = 1' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.type = "openid"' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = "preferred_username"' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = "roles"' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' config.yml -i - .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.authentication_backend.type = "noop"' config.yml -i - + echo "Overwriting the configuration with OIDC settings" + + # Set the directory path for clarity + $configDir = ".\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\config\opensearch-security\" + Set-Location -Path $configDir + + # Overwrite the existing config.yml + @" + --- + _meta: + type: "config" + config_version: 2 + + config: + dynamic: + http: + anonymous_auth_enabled: false + authc: + basic_internal_auth_domain: + description: "Authenticate via HTTP Basic against internal users database" + http_enabled: true + transport_enabled: true + order: 0 + http_authenticator: + type: basic + challenge: false + authentication_backend: + type: intern + + openid_auth_domain: + http_enabled: true + transport_enabled: true + order: 1 + http_authenticator: + type: openid + challenge: false + config: + subject_key: "preferred_username" + roles_key: "roles" + openid_connect_url: "http://localhost:8080/auth/realms/master/.well-known/openid-configuration" + authentication_backend: + type: noop + "@ | Set-Content -Path .\config.yml + + cat .\config.yml + Set-Location -Path "..\..\.." shell: pwsh From 4941ad334784f1e6e5a18d06a418724fe735618b Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 22 Sep 2023 13:10:35 -0700 Subject: [PATCH 053/114] Add enable log Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 5bfee60d8..232e5a540 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -338,6 +338,10 @@ jobs: Invoke-WebRequest -SkipCertificateCheck -Uri 'https://localhost:9200/_cat/plugins' -Headers $Headers; shell: pwsh + - if: always() + run: cat ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/logs/opensearch.log + shell: bash + # OSD bootstrap - name: Run Dashboard with Security Dashboards Plugin uses: ./.github/actions/install-dashboards From 2671f53ca1ab4d69d5c0624b82648b09721b4253 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 22 Sep 2023 13:17:13 -0700 Subject: [PATCH 054/114] Fix the config file Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 232e5a540..84e59cb23 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -249,7 +249,6 @@ jobs: # Overwrite the existing config.yml @" - --- _meta: type: "config" config_version: 2 From 66482ef490b345f6c2a535dd4eb90b13f9e7e7d1 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 22 Sep 2023 14:03:09 -0700 Subject: [PATCH 055/114] change the command of run dashboards Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 84e59cb23..01242465b 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -368,7 +368,7 @@ jobs: echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml - nohup yarn start --no-base-path --no-watch & + nohup yarn start --no-base-path sleep 600 - name: Run Cypress From 225cfd78a659dfa33fce5e8dec9746ec6d8aee7b Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Mon, 25 Sep 2023 11:39:46 -0700 Subject: [PATCH 056/114] Seprate linux and windows runner for oidc configuration Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 27 ++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 01242465b..db1707b4c 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -349,6 +349,7 @@ jobs: # Configure the Dashboard for OIDC setup - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases + if: ${{ runner.os == 'Linux' }} run: | cd ./OpenSearch-Dashboards echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml @@ -368,8 +369,32 @@ jobs: echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml - nohup yarn start --no-base-path + nohup yarn start --no-base-path & sleep 600 + + - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases + if: ${{ runner.os == 'Windows' }} + run: | + cd ./OpenSearch-Dashboards + echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml + echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.connect_url: "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.client_id: "opensearch"' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.client_secret: "${{ env.KEYCLOAK_CLIENT_SECRET }}"'>> ./config/opensearch_dashboards.yml + echo 'opensearch_security.auth.type: ["openid"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml + echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml + nohup yarn start --no-base-path & + sleep 600 - name: Run Cypress run : | From 1ed2a858841fc0106aed043ad128e9f499ca68f4 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Mon, 25 Sep 2023 13:47:44 -0700 Subject: [PATCH 057/114] Switch back to the original startup command for dashboards Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index db1707b4c..02d87eeca 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -369,7 +369,7 @@ jobs: echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml - nohup yarn start --no-base-path & + nohup yarn start --no-base-path --no-watch & sleep 600 - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases @@ -393,7 +393,7 @@ jobs: echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml - nohup yarn start --no-base-path & + nohup yarn start --no-base-path --no-watch & sleep 600 - name: Run Cypress From 64642dd1c4c16bb11cd1dc479a28b9a5b8ae529a Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Mon, 25 Sep 2023 15:16:03 -0700 Subject: [PATCH 058/114] Fix the format Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 46 ++++++++++----------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 02d87eeca..b83e1e9de 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -372,29 +372,29 @@ jobs: nohup yarn start --no-base-path --no-watch & sleep 600 - - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases - if: ${{ runner.os == 'Windows' }} - run: | - cd ./OpenSearch-Dashboards - echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml - echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.connect_url: "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.client_id: "opensearch"' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.client_secret: "${{ env.KEYCLOAK_CLIENT_SECRET }}"'>> ./config/opensearch_dashboards.yml - echo 'opensearch_security.auth.type: ["openid"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml - echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml - nohup yarn start --no-base-path --no-watch & - sleep 600 + - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases + if: ${{ runner.os == 'Windows' }} + run: | + cd ./OpenSearch-Dashboards + echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml + echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.connect_url: "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.client_id: "opensearch"' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.client_secret: "${{ env.KEYCLOAK_CLIENT_SECRET }}"'>> ./config/opensearch_dashboards.yml + echo 'opensearch_security.auth.type: ["openid"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml + echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml + nohup yarn start --no-base-path --no-watch & + sleep 600 - name: Run Cypress run : | From f4a3a4178c95c50bfe887754c8f4c7343da1aa25 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 14 Nov 2023 15:26:19 -0800 Subject: [PATCH 059/114] Add some debugging statement to the workflow and remove some comments Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 30 ++++----------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index b83e1e9de..2392c6e14 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -57,7 +57,9 @@ jobs: CID=$(./kcadm.sh create clients -r master -s clientId=opensearch -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i) ./kcadm.sh get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp echo "Getting client secret for dashboards configuration purpose" - echo "KEYCLOAK_CLIENT_SECRET=$(grep -o '"secret" : "[^"]*' tmp | grep -o '[^"]*$')" >> $GITHUB_ENV + CLIENT_SECRET=$(grep -o '"secret" : "[^"]*' tmp | grep -o '[^"]*$') + echo "KEYCLOAK_CLIENT_SECRET=$CLIENT_SECRET" >> $GITHUB_ENV + echo "The client secret is: $CLIENT_SECRET" echo "Creating client mapper" ./kcadm.sh create clients/$CID/protocol-mappers/models -r master -s 'config."id.token.claim"=true' -s 'config."multivalued"=true' -s 'config."claim.name"="roles"' -s 'config."userinfo.token.claim"=true' -s 'config."access.token.claim"=true' -s 'name=rolemapper' -s 'protocolMapper=oidc-usermodel-realm-role-mapper' -s "protocol=openid-connect" @@ -213,30 +215,6 @@ jobs: yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" config.yml yq -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml cd ../../.. - - #- name: Injecting OIDC Configuration for Windows - # if: ${{ runner.os == 'Windows' }} - # run: | - # echo "Injecting OIDC configuration" - # Set-Location -Path ".\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\config\opensearch-security\" - # Invoke-WebRequest -Uri "https://github.com/mikefarah/yq/releases/latest/download/yq_windows_amd64.exe" -OutFile yq.exe - # cat config.yml - # .\yq.exe --version - # - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain = {}' config.yml -i - # - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_enabled = true' config.yml -i - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.transport_enabled = true' config.yml -i - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.order = 1' config.yml -i - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.type = "openid"' config.yml -i - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false' config.yml -i - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = "preferred_username"' config.yml -i - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = "roles"' config.yml -i - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' config.yml -i - # .\yq.exe eval '.config.dynamic.authc.openid_auth_domain.authentication_backend.type = "noop"' config.yml -i - # - # Set-Location -Path "..\..\.." - # shell: pwsh - name: Overwriting Configuration for Windows with OIDC if: ${{ runner.os == 'Windows' }} @@ -369,6 +347,8 @@ jobs: echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml + echo 'HERE IS THE DASHBOARD CONFIG' + cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch & sleep 600 From 7f7c40d345535a43fe4957c6a8ad9f98efc67af7 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 14 Nov 2023 16:48:12 -0800 Subject: [PATCH 060/114] Add static client secret for keycloak - 0 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 2392c6e14..74f370448 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -5,6 +5,7 @@ on: env: OPENSEARCH_VERSION: '3.0.0' KEYCLOAK_VERSION: '21.0.1' + TEST_KEYCLOAK_CLIENT_SECRET: 'oacHfNaXyy81r2uHq1A9RY4ASryre4rZ' CI: 1 # avoid warnings like "tput: No value for $TERM and no -T specified" TERM: xterm @@ -54,8 +55,9 @@ jobs: chmod +x kcadm.sh echo "Creating client" ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin - CID=$(./kcadm.sh create clients -r master -s clientId=opensearch -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i) + CID=$(./kcadm.sh create clients -r master -s clientId=opensearch -s secret="oacHfNaXyy81r2uHq1A9RY4ASryre4rZ" -s 'attributes."access.token.lifespan"=60' -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i) ./kcadm.sh get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp + echo "Getting client secret for dashboards configuration purpose" CLIENT_SECRET=$(grep -o '"secret" : "[^"]*' tmp | grep -o '[^"]*$') echo "KEYCLOAK_CLIENT_SECRET=$CLIENT_SECRET" >> $GITHUB_ENV @@ -342,7 +344,7 @@ jobs: echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.openid.connect_url: "http://127.0.0.1:8080/auth/realms/master/.well-known/openid-configuration"' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.openid.client_id: "opensearch"' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.client_secret: "${{ env.KEYCLOAK_CLIENT_SECRET }}"'>> ./config/opensearch_dashboards.yml + echo 'opensearch_security.openid.client_secret: "${{ env.TEST_KEYCLOAK_CLIENT_SECRET }}"'>> ./config/opensearch_dashboards.yml echo 'opensearch_security.auth.type: ["openid"]' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml From f794c3947b7a05775abbeb968a3f381a0d5f69a2 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 15 Nov 2023 17:00:56 -0800 Subject: [PATCH 061/114] Finish refactoring 1st test case of oidc Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 45 +++++++++++++++++------------ .eslintignore | 1 + package.json | 2 +- 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index 5ed0ac32b..289393421 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -18,30 +18,39 @@ * SPDX-License-Identifier: Apache-2.0 */ +const login = 'admin'; +const password = 'admin'; +const tenantLocalStorageKey = 'opendistro::security::tenant::saved'; +const globalTenantLocalStorageValue = '\"\"'; +const newThemeModalLocalStorageKey = 'home:newThemeModal:show' + describe('Log in via OIDC', () => { - const login = 'admin'; - const password = 'admin'; + + after(() => { + cy.clearCookies(); + cy.clearLocalStorage(); + }); const kcLogin = () => { - cy.get('#kc-page-title', { timeout: 10000 }).should('be.visible'); - cy.get('#username').type(login); - cy.get('#password').type(password); + cy.get('#kc-page-title', { timeout: 15000 }).should('be.visible'); + cy.get('input[id=username]', { timeout: 15000}).should('be.visible').type(login); + cy.get('input[id=password]', { timeout: 15000}).should('be.visible').type(password); cy.get('#kc-login').click(); }; it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { - cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); - - cy.wait(15000); - + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { + failOnStatusCode: false, + timeout: 10000, + }); + kcLogin(); - cy.origin('http://localhost:5601', () => { - cy.wait(5000); - cy.get('button[data-test-subj="confirm"]').click(); - - cy.wait(5000) - cy.get('button[aria-label="Closes this modal window"]').click(); + cy.origin('http://localhost:5601', { + args: [tenantLocalStorageKey, globalTenantLocalStorageValue, newThemeModalLocalStorageKey, 'false'] + }, (tenantKey, tenantValue, themeModalKey, themeModalValue) => { + localStorage.setItem(tenantKey, tenantValue); + localStorage.setItem(themeModalKey, themeModalValue); cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); @@ -49,7 +58,7 @@ describe('Log in via OIDC', () => { }); }); - it('Login to app/dev_tools#/console when OIDC is enabled', () => { + it.skip('Login to app/dev_tools#/console when OIDC is enabled', () => { cy.visit('http://localhost:5601/app/dev_tools#/console', { failOnStatusCode: false, timeout: 10000 }); cy.wait(15000); @@ -72,7 +81,7 @@ describe('Log in via OIDC', () => { }); }); - it('Login to Dashboard with Hash', () => { + it.skip('Login to Dashboard with Hash', () => { cy.visit( `http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),refreshInterval:(pause:!f,value:900000),time:(from:now-24h,to:now))&_a=(description:'Analyze%20mock%20flight%20data%20for%20OpenSearch-Air,%20Logstash%20Airways,%20OpenSearch%20Dashboards%20Airlines%20and%20BeatsWest',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!t,title:'%5BFlights%5D%20Global%20Flight%20Dashboard',viewMode:view)` ); @@ -88,7 +97,7 @@ describe('Log in via OIDC', () => { }); }); - it('Tenancy persisted after logout in OIDC', () => { + it.skip('Tenancy persisted after logout in OIDC', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); cy.wait(15000); diff --git a/.eslintignore b/.eslintignore index 17ca04c94..5ee33b072 100644 --- a/.eslintignore +++ b/.eslintignore @@ -4,3 +4,4 @@ node_modules /build /target /.eslintrc.js +cypress.config.js diff --git a/package.json b/package.json index d2a83a841..eea00c4c7 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "@elastic/eslint-import-resolver-kibana": "link:../../packages/osd-eslint-import-resolver-opensearch-dashboards", "@testing-library/react-hooks": "^7.0.2", "@types/hapi__wreck": "^15.0.1", - "cypress": "^13.2.0", + "cypress": "^13.5.1", "cypress-mochawesome-reporter": "^3.3.0", "gulp-rename": "2.0.0", "jose": "^4.11.2", From aad5fe702938c824679d54666e898fa4fc1b8655 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 15 Nov 2023 17:04:55 -0800 Subject: [PATCH 062/114] Finish refactoring 1st test case of oidc 1 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 74f370448..eafc5b82e 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -55,7 +55,7 @@ jobs: chmod +x kcadm.sh echo "Creating client" ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin - CID=$(./kcadm.sh create clients -r master -s clientId=opensearch -s secret="oacHfNaXyy81r2uHq1A9RY4ASryre4rZ" -s 'attributes."access.token.lifespan"=60' -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i) + CID=$(./kcadm.sh create clients -r master -s clientId=opensearch -s secret="${{ env.TEST_KEYCLOAK_CLIENT_SECRET }}" -s 'attributes."access.token.lifespan"=60' -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i) ./kcadm.sh get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp echo "Getting client secret for dashboards configuration purpose" From 211009300b3a3f9a8906488191524dc2890239c1 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 16 Nov 2023 11:08:35 -0800 Subject: [PATCH 063/114] Finish refactoring 2 test case of oidc Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 46 ++++++++++++++++++----------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index 289393421..eff43a51c 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -26,9 +26,11 @@ const newThemeModalLocalStorageKey = 'home:newThemeModal:show' describe('Log in via OIDC', () => { - after(() => { - cy.clearCookies(); - cy.clearLocalStorage(); + afterEach(() => { + cy.origin('http://localhost:5601', () => { + cy.clearCookies(); + cy.clearLocalStorage(); + }); }); const kcLogin = () => { @@ -47,8 +49,14 @@ describe('Log in via OIDC', () => { kcLogin(); cy.origin('http://localhost:5601', { - args: [tenantLocalStorageKey, globalTenantLocalStorageValue, newThemeModalLocalStorageKey, 'false'] + args: [ + tenantLocalStorageKey, + globalTenantLocalStorageValue, + newThemeModalLocalStorageKey, + 'false' + ] }, (tenantKey, tenantValue, themeModalKey, themeModalValue) => { + localStorage.setItem(tenantKey, tenantValue); localStorage.setItem(themeModalKey, themeModalValue); @@ -58,23 +66,28 @@ describe('Log in via OIDC', () => { }); }); - it.skip('Login to app/dev_tools#/console when OIDC is enabled', () => { - cy.visit('http://localhost:5601/app/dev_tools#/console', { failOnStatusCode: false, timeout: 10000 }); - - cy.wait(15000); + it('Login to app/dev_tools#/console when OIDC is enabled', () => { + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { + failOnStatusCode: false, + timeout: 10000, + }); kcLogin(); - cy.origin('http://localhost:5601', () => { - cy.visit('http://localhost:5601/app/dev_tools#/console'); - - cy.wait(5000); - cy.get('button[data-test-subj="confirm"]').click(); + cy.origin('http://localhost:5601', { + args: [ + tenantLocalStorageKey, + globalTenantLocalStorageValue, + newThemeModalLocalStorageKey, + 'false' + ] + }, (tenantKey, tenantValue, themeModalKey, themeModalValue) => { + + localStorage.setItem(tenantKey, tenantValue); + localStorage.setItem(themeModalKey, themeModalValue); - cy.wait(5000); - cy.get('button[aria-label="Close this dialog"]'); + cy.visit('http://localhost:5601/app/dev_tools#/console'); - cy.wait(5000); cy.get('a').contains('Dev Tools').should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); @@ -122,7 +135,6 @@ describe('Log in via OIDC', () => { kcLogin(); cy.origin('http://localhost:5601', () => { - cy.get('#user-icon-btn', { timeout: 10000 }).should('be.visible'); cy.get('#user-icon-btn').click(); From 64a0809c2e7dcc593206066384830e0b2f8905ad Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Thu, 16 Nov 2023 18:21:34 -0800 Subject: [PATCH 064/114] Finish refactoring 3 test case of oidc Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 38 ++++++++--------------------- 1 file changed, 10 insertions(+), 28 deletions(-) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index eff43a51c..20c229a04 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -20,9 +20,6 @@ const login = 'admin'; const password = 'admin'; -const tenantLocalStorageKey = 'opendistro::security::tenant::saved'; -const globalTenantLocalStorageValue = '\"\"'; -const newThemeModalLocalStorageKey = 'home:newThemeModal:show' describe('Log in via OIDC', () => { @@ -48,18 +45,10 @@ describe('Log in via OIDC', () => { kcLogin(); - cy.origin('http://localhost:5601', { - args: [ - tenantLocalStorageKey, - globalTenantLocalStorageValue, - newThemeModalLocalStorageKey, - 'false' - ] - }, (tenantKey, tenantValue, themeModalKey, themeModalValue) => { + cy.origin('http://localhost:5601', () => { + localStorage.setItem("opendistro::security::tenant::saved", "\"\""); + localStorage.setItem("home:newThemeModal:show", "false"); - localStorage.setItem(tenantKey, tenantValue); - localStorage.setItem(themeModalKey, themeModalValue); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); @@ -74,17 +63,9 @@ describe('Log in via OIDC', () => { kcLogin(); - cy.origin('http://localhost:5601', { - args: [ - tenantLocalStorageKey, - globalTenantLocalStorageValue, - newThemeModalLocalStorageKey, - 'false' - ] - }, (tenantKey, tenantValue, themeModalKey, themeModalValue) => { - - localStorage.setItem(tenantKey, tenantValue); - localStorage.setItem(themeModalKey, themeModalValue); + cy.origin('http://localhost:5601', () => { + localStorage.setItem("opendistro::security::tenant::saved", "\"\""); + localStorage.setItem("home:newThemeModal:show", "false"); cy.visit('http://localhost:5601/app/dev_tools#/console'); @@ -94,16 +75,17 @@ describe('Log in via OIDC', () => { }); }); - it.skip('Login to Dashboard with Hash', () => { + it('Login to Dashboard with Hash', () => { cy.visit( `http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),refreshInterval:(pause:!f,value:900000),time:(from:now-24h,to:now))&_a=(description:'Analyze%20mock%20flight%20data%20for%20OpenSearch-Air,%20Logstash%20Airways,%20OpenSearch%20Dashboards%20Airlines%20and%20BeatsWest',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!t,title:'%5BFlights%5D%20Global%20Flight%20Dashboard',viewMode:view)` ); - cy.wait(15000); - kcLogin(); cy.origin('http://localhost:5601', () => { + localStorage.setItem("opendistro::security::tenant::saved", "\"\""); + localStorage.setItem("home:newThemeModal:show", "false"); + cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication').should('exist'); From 5abf7ce04956749af7ad2a12070c9750f9272cf8 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Mon, 20 Nov 2023 09:58:46 -0800 Subject: [PATCH 065/114] Finish refactoring 4 test case of oidc Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_test.spec.js | 20 ++++++++++---------- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_test.spec.js index 20c229a04..3f53a11a5 100644 --- a/.cypress/e2e/oidc/oidc_test.spec.js +++ b/.cypress/e2e/oidc/oidc_test.spec.js @@ -48,7 +48,7 @@ describe('Log in via OIDC', () => { cy.origin('http://localhost:5601', () => { localStorage.setItem("opendistro::security::tenant::saved", "\"\""); localStorage.setItem("home:newThemeModal:show", "false"); - + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); @@ -92,26 +92,24 @@ describe('Log in via OIDC', () => { }); }); - it.skip('Tenancy persisted after logout in OIDC', () => { + it('Tenancy persisted after logout in OIDC', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); - cy.wait(15000); - kcLogin(); cy.origin('http://localhost:5601', () => { + localStorage.setItem("home:newThemeModal:show", "false"); + cy.get('#private', { timeout: 10000 }).should('be.enabled'); cy.get('#private').click({ force: true }); - cy.wait(5000); + cy.get('button[data-test-subj="confirm"]').click(); - cy.wait(5000); - cy.get('button[aria-label="Closes this modal window"]').click(); cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); - cy.get('button[id="user-icon-btn"]').click(); - cy.wait(1500); - cy.get('button[data-test-subj^="log-out-"]').click(); + cy.get('button[id="user-icon-btn"]', { timeout: 10000 }).click(); + + cy.get('button[data-test-subj^="log-out-"]', { timeout: 10000 }).click(); }); kcLogin(); @@ -120,6 +118,8 @@ describe('Log in via OIDC', () => { cy.get('#user-icon-btn', { timeout: 10000 }).should('be.visible'); cy.get('#user-icon-btn').click(); + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + cy.get('#tenantName', { timeout: 10000 }).should('have.text', 'Private'); }); }); diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index eafc5b82e..ecf60ed46 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -17,7 +17,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest, windows-latest ] + os: [ ubuntu-latest ] runs-on: ${{ matrix.os }} steps: From 5176b8bc4b6d59e88b9ac7d7ef916a1bc395b6f1 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 10:47:10 -0800 Subject: [PATCH 066/114] Remove windows runner from the workflow Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 199 -------------------- 1 file changed, 199 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index ecf60ed46..1d0fe725b 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -64,85 +64,6 @@ jobs: echo "The client secret is: $CLIENT_SECRET" echo "Creating client mapper" ./kcadm.sh create clients/$CID/protocol-mappers/models -r master -s 'config."id.token.claim"=true' -s 'config."multivalued"=true' -s 'config."claim.name"="roles"' -s 'config."userinfo.token.claim"=true' -s 'config."access.token.claim"=true' -s 'name=rolemapper' -s 'protocolMapper=oidc-usermodel-realm-role-mapper' -s "protocol=openid-connect" - - - name: Get and run Keycloak on Windows - if: ${{ runner.os == 'Windows' }} - run: | - Write-Host "Downloading Keycloak ${{ env.KEYCLOAK_VERSION }}" - Invoke-WebRequest -Uri "https://github.com/keycloak/keycloak/releases/download/${{ env.KEYCLOAK_VERSION }}/keycloak-${{ env.KEYCLOAK_VERSION }}.zip" -OutFile keycloak.zip - Write-Host "Unpacking Keycloak" - Expand-Archive -Path keycloak.zip -DestinationPath ./ - $Env:KEYCLOAK_ADMIN="admin" - $Env:KEYCLOAK_ADMIN_PASSWORD="admin" - Set-Location "keycloak-${{ env.KEYCLOAK_VERSION }}/bin" - - Write-Host "Starting keycloak" - Start-Process -NoNewWindow ./kc.bat -ArgumentList 'start-dev', '--http-enabled=true', '--hostname-strict-https=false', '--http-host=localhost', '--http-relative-path=/auth', '--health-enabled=true' - Start-Sleep -Seconds 30 - $retryCount = 0 - $maximumRetries = 20 - $delayBetweenRetries = 15 # in seconds - while ($retryCount -lt $maximumRetries) { - try { - $response = Invoke-WebRequest -Uri 'http://localhost:8080/auth/health' -Method Get -UseBasicParsing -ErrorAction Stop - if ($response.StatusCode -eq 200) { - break - } else { - Write-Host "Unexpected status code $($response.StatusCode). Retrying in $delayBetweenRetries seconds..." - Start-Sleep -Seconds $delayBetweenRetries - $retryCount++ - } - } catch { - Write-Host "Error encountered: $_. Retrying in $delayBetweenRetries seconds..." - Start-Sleep -Seconds $delayBetweenRetries - $retryCount++ - } - } - if ($retryCount -eq $maximumRetries) { - throw "Maximum retry attempts reached. Keycloak might not be running correctly." - } - - Write-Host "Creating client" - ./kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user $Env:KEYCLOAK_ADMIN --password $Env:KEYCLOAK_ADMIN_PASSWORD - $jsonContent = @{ - clientId = "opensearch" - redirectUris = @( - "http://localhost:5603/auth/openid/login", - "http://localhost:5601", - "http://localhost:5601/auth/openid/login" - ) - } | ConvertTo-Json - - $jsonContent | Out-File -Path .\client-config.json - - $CID = ./kcadm.bat create clients -r master -f .\client-config.json -i - - ./kcadm.bat get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp - - Write-Host "Getting client secret for dashboards configuration purpose" - $secret = (Get-Content tmp | Select-String -Pattern '"secret" : "([^"]+)"' | ForEach-Object { $_.Matches.Groups[1].Value }) - Add-Content -Value "KEYCLOAK_CLIENT_SECRET=$secret" -Path $env:GITHUB_ENV - - Write-Host "Generating client mapper configuration" - $mapperConfigContent = @" - { - "config": { - "id.token.claim": "true", - "multivalued": "true", - "claim.name": "roles", - "userinfo.token.claim": "true", - "access.token.claim": "true" - }, - "name": "rolemapper", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "protocol": "openid-connect" - } - "@ - Set-Content -Value $mapperConfigContent -Path ./mapper-config.json - - Write-Host "Creating client mapper" - ./kcadm.bat create clients/$CID/protocol-mappers/models -r master -f ./mapper-config.json - shell: pwsh - name: Download security plugin and create setup scripts uses: ./.github/actions/download-plugin @@ -151,12 +72,6 @@ jobs: plugin-name: ${{ env.PLUGIN_NAME }} plugin-version: ${{ env.PLUGIN_VERSION }} - # Configure longpath names if on Windows - - name: Enable Longpaths if on Windows - if: ${{ runner.os == 'Windows' }} - run: git config --system core.longpaths true - shell: pwsh - # Download OpenSearch - name: Download OpenSearch for Linux uses: peternied/download-file@v2 @@ -164,12 +79,6 @@ jobs: with: url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz - - name: Download OpenSearch for Windows - uses: peternied/download-file@v2 - if: ${{ runner.os == 'Windows' }} - with: - url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-windows-x64-latest.zip - # Extract downloaded tar/zip - name: Extract downloaded tar if: ${{ runner.os == 'Linux' }} @@ -178,13 +87,6 @@ jobs: rm -f opensearch-*.tar.gz shell: bash - - name: Extract downloaded zip - if: ${{ runner.os == 'Windows' }} - run: | - tar -xzf opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-windows-x64-latest.zip - del opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-windows-x64-latest.zip - shell: pwsh - # Install the security plugin - name: Install Plugin into OpenSearch for Linux if: ${{ runner.os == 'Linux'}} @@ -192,12 +94,6 @@ jobs: chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip" shell: bash - - - name: Install Plugin into OpenSearch for Windows - if: ${{ runner.os == 'Windows'}} - run: | - 'y' | .\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\bin\opensearch-plugin.bat install file:$(pwd)\opensearch-security.zip - shell: pwsh # Add OIDC Configuration - name: Injecting OIDC Configuration for Linux @@ -217,57 +113,6 @@ jobs: yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" config.yml yq -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml cd ../../.. - - - name: Overwriting Configuration for Windows with OIDC - if: ${{ runner.os == 'Windows' }} - run: | - echo "Overwriting the configuration with OIDC settings" - - # Set the directory path for clarity - $configDir = ".\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\config\opensearch-security\" - Set-Location -Path $configDir - - # Overwrite the existing config.yml - @" - _meta: - type: "config" - config_version: 2 - - config: - dynamic: - http: - anonymous_auth_enabled: false - authc: - basic_internal_auth_domain: - description: "Authenticate via HTTP Basic against internal users database" - http_enabled: true - transport_enabled: true - order: 0 - http_authenticator: - type: basic - challenge: false - authentication_backend: - type: intern - - openid_auth_domain: - http_enabled: true - transport_enabled: true - order: 1 - http_authenticator: - type: openid - challenge: false - config: - subject_key: "preferred_username" - roles_key: "roles" - openid_connect_url: "http://localhost:8080/auth/realms/master/.well-known/openid-configuration" - authentication_backend: - type: noop - "@ | Set-Content -Path .\config.yml - - cat .\config.yml - - Set-Location -Path "..\..\.." - shell: pwsh # Run any configuration scripts - name: Run Setup Script for Linux @@ -278,11 +123,6 @@ jobs: ./setup.sh shell: bash - - name: Run Setup Script for Windows - if: ${{ runner.os == 'Windows' }} - run: .\setup.bat - shell: pwsh - # Run OpenSearch - name: Run OpenSearch with plugin on Linux if: ${{ runner.os == 'Linux'}} @@ -290,11 +130,6 @@ jobs: /bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &" shell: bash - - name: Run OpenSearch with plugin on Windows - if: ${{ runner.os == 'Windows'}} - run: start .\opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT\bin\opensearch.bat - shell: pwsh - # Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time! - name: Sleep while OpenSearch starts uses: peternied/action-sleep@v1 @@ -307,16 +142,6 @@ jobs: run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v shell: bash - - name: Check OpenSearch Running on Windows - if: ${{ runner.os == 'Windows'}} - run: | - $credentialBytes = [Text.Encoding]::ASCII.GetBytes("admin:admin") - $encodedCredentials = [Convert]::ToBase64String($credentialBytes) - $baseCredentials = "Basic $encodedCredentials" - $Headers = @{ Authorization = $baseCredentials } - Invoke-WebRequest -SkipCertificateCheck -Uri 'https://localhost:9200/_cat/plugins' -Headers $Headers; - shell: pwsh - - if: always() run: cat ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/logs/opensearch.log shell: bash @@ -354,30 +179,6 @@ jobs: nohup yarn start --no-base-path --no-watch & sleep 600 - - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases - if: ${{ runner.os == 'Windows' }} - run: | - cd ./OpenSearch-Dashboards - echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml - echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.connect_url: "http://localhost:8080/auth/realms/master/.well-known/openid-configuration"' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.client_id: "opensearch"' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.client_secret: "${{ env.KEYCLOAK_CLIENT_SECRET }}"'>> ./config/opensearch_dashboards.yml - echo 'opensearch_security.auth.type: ["openid"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml - echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml - nohup yarn start --no-base-path --no-watch & - sleep 600 - - name: Run Cypress run : | yarn add cypress --save-dev From baea6ea585e580d2591544431888319c16536fdf Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 14:41:34 -0800 Subject: [PATCH 067/114] Initial setup of saml e2e Signed-off-by: Ryan Liang --- .cypress/e2e/saml/saml_test.spec.js | 19 +++ .github/workflows/cypress-test-saml-e2e.yml | 164 ++++++++++++++++++++ 2 files changed, 183 insertions(+) create mode 100644 .cypress/e2e/saml/saml_test.spec.js create mode 100644 .github/workflows/cypress-test-saml-e2e.yml diff --git a/.cypress/e2e/saml/saml_test.spec.js b/.cypress/e2e/saml/saml_test.spec.js new file mode 100644 index 000000000..643c84cc2 --- /dev/null +++ b/.cypress/e2e/saml/saml_test.spec.js @@ -0,0 +1,19 @@ +/* + * Copyright OpenSearch Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + */ diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml new file mode 100644 index 000000000..342c065ad --- /dev/null +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -0,0 +1,164 @@ +name: Snapshot based E2E SAML tests workflow +on: + pull_request: + branches: [ '**' ] +env: + OPENSEARCH_VERSION: '3.0.0' + KEYCLOAK_VERSION: '21.0.1' + TEST_KEYCLOAK_CLIENT_SECRET: 'oacHfNaXyy81r2uHq1A9RY4ASryre4rZ' + CI: 1 + # avoid warnings like "tput: No value for $TERM and no -T specified" + TERM: xterm + PLUGIN_NAME: opensearch-security + +jobs: + tests: + name: Run Cypress E2E tests + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest ] + runs-on: ${{ matrix.os }} + + steps: + - name: Set up JDK + uses: actions/setup-java@v1 + with: + java-version: 11 + + - name: Checkout Branch + uses: actions/checkout@v3 + + - name: Set env + run: | + opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version") + plugin_version=$(node -p "require('./package.json').version") + echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV + echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV + shell: bash + + # Setup and Run SAML Idp + - name: Get and run SAML Idp on Linux + if: ${{ runner.os == 'Linux' }} + run: yarn pretest:jest_server + + - name: Download security plugin and create setup scripts + uses: ./.github/actions/download-plugin + with: + opensearch-version: ${{ env.OPENSEARCH_VERSION }} + plugin-name: ${{ env.PLUGIN_NAME }} + plugin-version: ${{ env.PLUGIN_VERSION }} + + # Download OpenSearch + - name: Download OpenSearch for Linux + uses: peternied/download-file@v2 + if: ${{ runner.os == 'Linux' }} + with: + url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz + + # Extract downloaded tar/zip + - name: Extract downloaded tar + if: ${{ runner.os == 'Linux' }} + run: | + tar -xzf opensearch-*.tar.gz + rm -f opensearch-*.tar.gz + shell: bash + + # Install the security plugin + - name: Install Plugin into OpenSearch for Linux + if: ${{ runner.os == 'Linux'}} + run: | + chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin + /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip" + shell: bash + + # Add SAML Configuration + - name: Injecting SAML Configuration for Linux + if: ${{ runner.os == 'Linux'}} + run: | + echo "Injecting SAML configuration" + cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ + wget -O yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 + chmod +x yq + yq -i ".config.dynamic.authc.saml_auth_domain.http_enabled = true" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.transport_enabled = false" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.order = 5" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.type = \"saml\"" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.challenge = true" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.idp.entity_id = \"urn:example:idp\"" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.idp.metadata_url = \"http://localhost:7000/metadata\"" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.sp.entity_id = \"https://localhost:9200\"" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.kibana_url = \"http://localhost:5601\"" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.exchange_key = \"6aff3042-1327-4f3d-82f0-40a157ac4464\"" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.authentication_backend.type = \"noop\"" config.yml + cat ./config.yml + cd ../../.. + + # Run any configuration scripts + - name: Run Setup Script for Linux + if: ${{ runner.os == 'Linux' }} + run: | + echo "running linux setup" + chmod +x ./setup.sh + ./setup.sh + shell: bash + + # Run OpenSearch + - name: Run OpenSearch with plugin on Linux + if: ${{ runner.os == 'Linux'}} + run: | + /bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &" + shell: bash + + # Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time! + - name: Sleep while OpenSearch starts + uses: peternied/action-sleep@v1 + with: + seconds: 30 + + # Verify that the server is operational + - name: Check OpenSearch Running on Linux + if: ${{ runner.os != 'Windows'}} + run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v + shell: bash + + - if: always() + run: cat ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/logs/opensearch.log + shell: bash + + # OSD bootstrap + - name: Run Dashboard with Security Dashboards Plugin + uses: ./.github/actions/install-dashboards + with: + plugin_name: security-dashboards-plugin + + # Configure the Dashboard for SAML setup + - name: Configure and Run OpenSearch Dashboards with SAML Configuration + if: ${{ runner.os == 'Linux' }} + run: | + cd ./OpenSearch-Dashboards + echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml + echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml + echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml + echo 'server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.auth.type: ["saml"]' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.ui.openid.login.buttonname: "SAML"' >> ./config/opensearch_dashboards.yml + echo 'opensearch_security.auth.anonymous_auth_enabled: false' >> ./config/opensearch_dashboards.yml + echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml + echo 'HERE IS THE DASHBOARD CONFIG' + cat ./config/opensearch_dashboards.yml + nohup yarn start --no-base-path --no-watch & + sleep 600 + + - name: Run Cypress + run : | + yarn add cypress --save-dev + yarn cypress:run --browser chrome --headless --spec '.cypress/e2e/saml/*.js' From f562d3aec28bcb075451f27ca00cf845219c07ff Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 15:01:21 -0800 Subject: [PATCH 068/114] Refactor the name of tests for both saml and oidc flows Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- .github/workflows/cypress-test-saml-e2e.yml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 1d0fe725b..19bbced15 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -13,7 +13,7 @@ env: jobs: tests: - name: Run Cypress E2E tests + name: Run Cypress E2E OIDC tests strategy: fail-fast: false matrix: diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 342c065ad..ede14c4e3 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -5,7 +5,6 @@ on: env: OPENSEARCH_VERSION: '3.0.0' KEYCLOAK_VERSION: '21.0.1' - TEST_KEYCLOAK_CLIENT_SECRET: 'oacHfNaXyy81r2uHq1A9RY4ASryre4rZ' CI: 1 # avoid warnings like "tput: No value for $TERM and no -T specified" TERM: xterm @@ -13,7 +12,7 @@ env: jobs: tests: - name: Run Cypress E2E tests + name: Run Cypress E2E SAML tests strategy: fail-fast: false matrix: From 722a7bbd3317e63f981121a161ba1e0d0c71cf6a Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 15:36:13 -0800 Subject: [PATCH 069/114] Setup 1st saml test case Signed-off-by: Ryan Liang --- .cypress/e2e/saml/saml_test.spec.js | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.cypress/e2e/saml/saml_test.spec.js b/.cypress/e2e/saml/saml_test.spec.js index 643c84cc2..7784abdf4 100644 --- a/.cypress/e2e/saml/saml_test.spec.js +++ b/.cypress/e2e/saml/saml_test.spec.js @@ -17,3 +17,30 @@ * Copyright OpenSearch Contributors * SPDX-License-Identifier: Apache-2.0 */ + +afterEach(() => { + cy.clearCookies(); + cy.clearLocalStorage(); + }); + +describe('Log in via SAML', () => { + const samlLogin = () => { + cy.get('input[id=userName]', { timeout: 15000}).should('be.visible'); + cy.get('button[id=btn-sign-in]', { timeout: 15000 }).should('be.visible').click(); + }; + + it('Login to app/opensearch_dashboards_overview#/ when SAML is enabled', () => { + localStorage.setItem("opendistro::security::tenant::saved", "\"__user__\""); + localStorage.setItem("home:newThemeModal:show", "false"); + + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { + failOnStatusCode: false, + timeout: 10000, + }); + + samlLogin(); + + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + }); +}); From d21f651d4cc22750d3ee5bb817f6020424d5147c Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 16:08:05 -0800 Subject: [PATCH 070/114] fix the initialization of saml idp Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index ede14c4e3..a5ef19bde 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -36,11 +36,6 @@ jobs: echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV shell: bash - # Setup and Run SAML Idp - - name: Get and run SAML Idp on Linux - if: ${{ runner.os == 'Linux' }} - run: yarn pretest:jest_server - - name: Download security plugin and create setup scripts uses: ./.github/actions/download-plugin with: @@ -157,6 +152,11 @@ jobs: nohup yarn start --no-base-path --no-watch & sleep 600 + # Setup and Run SAML Idp + - name: Get and run SAML Idp on Linux + if: ${{ runner.os == 'Linux' }} + run: yarn pretest:jest_server + - name: Run Cypress run : | yarn add cypress --save-dev From 35d5c3040cf5328155cad1d33bde2d057290f37d Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 18:19:16 -0800 Subject: [PATCH 071/114] Add ls and pwd for idp runup Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index a5ef19bde..b273b13eb 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -155,7 +155,10 @@ jobs: # Setup and Run SAML Idp - name: Get and run SAML Idp on Linux if: ${{ runner.os == 'Linux' }} - run: yarn pretest:jest_server + run: | + ls + pwd + yarn pretest:jest_server - name: Run Cypress run : | From 8dc44bb911cce059c1771d664bd1a6f3a1fb26a8 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 18:55:56 -0800 Subject: [PATCH 072/114] change dir Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index b273b13eb..41e916119 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -154,10 +154,10 @@ jobs: # Setup and Run SAML Idp - name: Get and run SAML Idp on Linux - if: ${{ runner.os == 'Linux' }} run: | ls pwd + cd .. yarn pretest:jest_server - name: Run Cypress From a342603aeb1559d78c6b6a9a28ba5975493353ee Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 19:54:22 -0800 Subject: [PATCH 073/114] Set directory before run idp Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 41e916119..8d2f2d687 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -155,9 +155,9 @@ jobs: # Setup and Run SAML Idp - name: Get and run SAML Idp on Linux run: | + cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin ls pwd - cd .. yarn pretest:jest_server - name: Run Cypress From b7a5c4cf956edfcadba106f09e6bfdf627637275 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 20:37:20 -0800 Subject: [PATCH 074/114] Move idp initialization before dashbaord run up Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 8d2f2d687..025523d31 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -126,6 +126,15 @@ jobs: with: plugin_name: security-dashboards-plugin + # Setup and Run SAML Idp + - name: Get and run SAML Idp on Linux + if: ${{ runner.os == 'Linux' }} + run: | + cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin + ls + pwd + yarn pretest:jest_server + # Configure the Dashboard for SAML setup - name: Configure and Run OpenSearch Dashboards with SAML Configuration if: ${{ runner.os == 'Linux' }} @@ -152,14 +161,6 @@ jobs: nohup yarn start --no-base-path --no-watch & sleep 600 - # Setup and Run SAML Idp - - name: Get and run SAML Idp on Linux - run: | - cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin - ls - pwd - yarn pretest:jest_server - - name: Run Cypress run : | yarn add cypress --save-dev From be4a62af293a1474e008bed3e23ef3316069e691 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 21:17:03 -0800 Subject: [PATCH 075/114] Change the saml authbackend into order 1 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 025523d31..a14f21771 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -76,7 +76,7 @@ jobs: chmod +x yq yq -i ".config.dynamic.authc.saml_auth_domain.http_enabled = true" config.yml yq -i ".config.dynamic.authc.saml_auth_domain.transport_enabled = false" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.order = 5" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.order = 1" config.yml yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.type = \"saml\"" config.yml yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.challenge = true" config.yml yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.idp.entity_id = \"urn:example:idp\"" config.yml @@ -131,8 +131,6 @@ jobs: if: ${{ runner.os == 'Linux' }} run: | cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin - ls - pwd yarn pretest:jest_server # Configure the Dashboard for SAML setup From e2b043c49d073c9a744288ad30cbc7f6de8670c3 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 21:35:58 -0800 Subject: [PATCH 076/114] Remove button name config for saml Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index a14f21771..bb4e1731b 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -151,7 +151,6 @@ jobs: echo 'server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.auth.type: ["saml"]' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.ui.openid.login.buttonname: "SAML"' >> ./config/opensearch_dashboards.yml echo 'opensearch_security.auth.anonymous_auth_enabled: false' >> ./config/opensearch_dashboards.yml echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml echo 'HERE IS THE DASHBOARD CONFIG' From e4fff2988752a659676ad31a6d9b26bb2fe7eead Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 22:04:38 -0800 Subject: [PATCH 077/114] Switch the order of saml authbackend to 7 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index bb4e1731b..f34855ed3 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -76,7 +76,7 @@ jobs: chmod +x yq yq -i ".config.dynamic.authc.saml_auth_domain.http_enabled = true" config.yml yq -i ".config.dynamic.authc.saml_auth_domain.transport_enabled = false" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.order = 1" config.yml + yq -i ".config.dynamic.authc.saml_auth_domain.order = 7" config.yml yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.type = \"saml\"" config.yml yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.challenge = true" config.yml yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.idp.entity_id = \"urn:example:idp\"" config.yml From 17ca3c4c2b31506332a5d7251470d2a1846fcc64 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 23:03:49 -0800 Subject: [PATCH 078/114] Replace security config instead Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 66 ++++++++++++++------- 1 file changed, 46 insertions(+), 20 deletions(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index f34855ed3..9840aab05 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -4,7 +4,6 @@ on: branches: [ '**' ] env: OPENSEARCH_VERSION: '3.0.0' - KEYCLOAK_VERSION: '21.0.1' CI: 1 # avoid warnings like "tput: No value for $TERM and no -T specified" TERM: xterm @@ -68,26 +67,53 @@ jobs: # Add SAML Configuration - name: Injecting SAML Configuration for Linux - if: ${{ runner.os == 'Linux'}} + if: ${{ runner.os == 'Linux' }} run: | - echo "Injecting SAML configuration" - cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ - wget -O yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 - chmod +x yq - yq -i ".config.dynamic.authc.saml_auth_domain.http_enabled = true" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.transport_enabled = false" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.order = 7" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.type = \"saml\"" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.challenge = true" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.idp.entity_id = \"urn:example:idp\"" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.idp.metadata_url = \"http://localhost:7000/metadata\"" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.sp.entity_id = \"https://localhost:9200\"" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.kibana_url = \"http://localhost:5601\"" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.exchange_key = \"6aff3042-1327-4f3d-82f0-40a157ac4464\"" config.yml - yq -i ".config.dynamic.authc.saml_auth_domain.authentication_backend.type = \"noop\"" config.yml - cat ./config.yml - cd ../../.. - + set -e # Exit immediately if a command exits with a non-zero status. + echo "Creating new SAML configuration" + cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ + rm -f config.yml + cat << 'EOT' > config.yml + --- + _meta: + type: "config" + config_version: 2 + config: + dynamic: + http: + anonymous_auth_enabled: false + authc: + basic_internal_auth_domain: + description: "Authenticate via HTTP Basic against internal users database" + http_enabled: true + transport_enabled: true + order: 0 + http_authenticator: + type: basic + challenge: false + authentication_backend: + type: intern + saml_auth_domain: + http_enabled: true + transport_enabled: false + order: 1 + http_authenticator: + type: saml + challenge: true + config: + idp: + entity_id: urn:example:idp + metadata_url: http://localhost:7000/metadata + sp: + entity_id: https://localhost:9200 + kibana_url: http://localhost:5601 + exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 + authentication_backend: + type: noop + EOT + cat config.yml + working-directory: ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ + # Run any configuration scripts - name: Run Setup Script for Linux if: ${{ runner.os == 'Linux' }} From 3a343e9fd610433fd0370dd5a8e91a050969c059 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 23:10:22 -0800 Subject: [PATCH 079/114] Add debugging statements Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 9840aab05..8d60ff563 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -67,12 +67,13 @@ jobs: # Add SAML Configuration - name: Injecting SAML Configuration for Linux - if: ${{ runner.os == 'Linux' }} + if: ${{ runner.os == 'Linux'}} run: | - set -e # Exit immediately if a command exits with a non-zero status. echo "Creating new SAML configuration" - cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ - rm -f config.yml + pwd + cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ + ls + rm -rf config.yml cat << 'EOT' > config.yml --- _meta: From 1ea08a3e71c6f40441c0286694444b06910c144d Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 23:14:43 -0800 Subject: [PATCH 080/114] remove work directory Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 8d60ff563..7a5c171b5 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -113,7 +113,6 @@ jobs: type: noop EOT cat config.yml - working-directory: ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ # Run any configuration scripts - name: Run Setup Script for Linux From 6ebfdb54c0cb2ff95544fb7b270b1ca026851158 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 23:17:32 -0800 Subject: [PATCH 081/114] Add another ls Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 7a5c171b5..45d068f13 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -72,8 +72,8 @@ jobs: echo "Creating new SAML configuration" pwd cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ - ls rm -rf config.yml + ls cat << 'EOT' > config.yml --- _meta: From d9c4fbd7db0a7b9d1183316e1f3246c20c5553df Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 23:21:39 -0800 Subject: [PATCH 082/114] Add another debugging statement Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 45d068f13..9c9b173a7 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -111,7 +111,8 @@ jobs: exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 authentication_backend: type: noop - EOT + EOT + echo "THIS IS THE SECURITY CONFIG FILE: " cat config.yml # Run any configuration scripts From 4c8249f68249492c982e81f0d17fdb33f46de5a7 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 21 Nov 2023 23:38:50 -0800 Subject: [PATCH 083/114] change the format of security config Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 72 ++++++++++----------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 9c9b173a7..eadf7c7ab 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -75,42 +75,42 @@ jobs: rm -rf config.yml ls cat << 'EOT' > config.yml - --- - _meta: - type: "config" - config_version: 2 - config: - dynamic: - http: - anonymous_auth_enabled: false - authc: - basic_internal_auth_domain: - description: "Authenticate via HTTP Basic against internal users database" - http_enabled: true - transport_enabled: true - order: 0 - http_authenticator: - type: basic - challenge: false - authentication_backend: - type: intern - saml_auth_domain: - http_enabled: true - transport_enabled: false - order: 1 - http_authenticator: - type: saml - challenge: true - config: - idp: - entity_id: urn:example:idp - metadata_url: http://localhost:7000/metadata - sp: - entity_id: https://localhost:9200 - kibana_url: http://localhost:5601 - exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 - authentication_backend: - type: noop + --- + _meta: + type: "config" + config_version: 2 + config: + dynamic: + http: + anonymous_auth_enabled: false + authc: + basic_internal_auth_domain: + description: "Authenticate via HTTP Basic against internal users database" + http_enabled: true + transport_enabled: true + order: 0 + http_authenticator: + type: basic + challenge: false + authentication_backend: + type: intern + saml_auth_domain: + http_enabled: true + transport_enabled: false + order: 1 + http_authenticator: + type: saml + challenge: true + config: + idp: + entity_id: urn:example:idp + metadata_url: http://localhost:7000/metadata + sp: + entity_id: https://localhost:9200 + kibana_url: http://localhost:5601 + exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 + authentication_backend: + type: noop EOT echo "THIS IS THE SECURITY CONFIG FILE: " cat config.yml From 21c0cc38d7a18e496d17792dbdc21ec7e49887f2 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 22 Nov 2023 09:39:13 -0800 Subject: [PATCH 084/114] Rename tests Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/{oidc_test.spec.js => oidc_auth_test.spec.js} | 0 .cypress/e2e/saml/{saml_test.spec.js => saml_auth_test.spec.js} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .cypress/e2e/oidc/{oidc_test.spec.js => oidc_auth_test.spec.js} (100%) rename .cypress/e2e/saml/{saml_test.spec.js => saml_auth_test.spec.js} (100%) diff --git a/.cypress/e2e/oidc/oidc_test.spec.js b/.cypress/e2e/oidc/oidc_auth_test.spec.js similarity index 100% rename from .cypress/e2e/oidc/oidc_test.spec.js rename to .cypress/e2e/oidc/oidc_auth_test.spec.js diff --git a/.cypress/e2e/saml/saml_test.spec.js b/.cypress/e2e/saml/saml_auth_test.spec.js similarity index 100% rename from .cypress/e2e/saml/saml_test.spec.js rename to .cypress/e2e/saml/saml_auth_test.spec.js From 80192ed1346088b2c58d1643e1b0123d817d8c76 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 22 Nov 2023 11:23:12 -0800 Subject: [PATCH 085/114] Set up utils for customize commands Signed-off-by: Ryan Liang --- .cypress/utils/commands.js | 30 ++++++++++++++++++++++++++++++ .cypress/utils/constants.js | 34 ++++++++++++++++++++++++++++++++++ .cypress/utils/index.d.ts | 16 ++++++++++++++++ cypress.config.js | 3 +++ 4 files changed, 83 insertions(+) create mode 100644 .cypress/utils/commands.js create mode 100644 .cypress/utils/constants.js create mode 100644 .cypress/utils/index.d.ts diff --git a/.cypress/utils/commands.js b/.cypress/utils/commands.js new file mode 100644 index 000000000..7291d4060 --- /dev/null +++ b/.cypress/utils/commands.js @@ -0,0 +1,30 @@ +/* + * Copyright OpenSearch Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + */ + +import { SEC_API } from "./constants"; + +Cypress.Commands.add('createRoleMapping', (roleID, rolemappingJson) => { + cy.request( + 'PUT', + `${Cypress.env('openSearchUrl')}${SEC_API.ROLE_MAPPING_BASE}/${roleID}`, + rolemappingJson + ); + cy.wait(10000); +}); diff --git a/.cypress/utils/constants.js b/.cypress/utils/constants.js new file mode 100644 index 000000000..b2bef6afc --- /dev/null +++ b/.cypress/utils/constants.js @@ -0,0 +1,34 @@ +/* + * Copyright OpenSearch Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + */ + +/** + ***************************** + SECURITY DASHBOARDS PLUGIN CONSTANTS + ***************************** + */ + +//Security API Constants +export const SEC_API_PREFIX = '/_plugins/_security/api'; +export const SEC_API = { + TENANTS_BASE: `${SEC_API_PREFIX}/tenants`, + INTERNALUSERS_BASE: `${SEC_API_PREFIX}/internalusers`, + ROLE_BASE: `${SEC_API_PREFIX}/roles`, + ROLE_MAPPING_BASE: `${SEC_API_PREFIX}/rolesmapping`, +}; diff --git a/.cypress/utils/index.d.ts b/.cypress/utils/index.d.ts new file mode 100644 index 000000000..385ca69fd --- /dev/null +++ b/.cypress/utils/index.d.ts @@ -0,0 +1,16 @@ +// type definitions for custom commands like "createDefaultTodos" +/// + +declare namespace Cypress { + interface Chainable { + /** + * Create a role mapping by calling REST API + * @example + * cy.createRoleMapping('role_name', rolemappingJsonFixture ) + */ + createRoleMapping( + roleID: string, + rolemappingJson: string + ): Chainable; + } +} \ No newline at end of file diff --git a/cypress.config.js b/cypress.config.js index d4c9c3742..14de9819e 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -27,4 +27,7 @@ module.exports = defineConfig({ baseUrl: 'http://localhost:5601', specPattern: '.cypress/e2e/**/*.spec.js', }, + env: { + openSearchUrl: 'https://localhost:9200', + }, }); From 82bb3a52a83c8246c37ae8dd2e7f8e69335ac959 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 22 Nov 2023 14:32:49 -0800 Subject: [PATCH 086/114] Set up fixtures and commands correctly Signed-off-by: Ryan Liang --- .cypress/e2e/saml/saml_auth_test.spec.js | 17 +++++++++++--- .../fixtures/saml/samlUserRoleMappiing.json | 4 ++++ .cypress/{utils => support}/commands.js | 23 ++++++++++++++++++- .cypress/{utils => support}/constants.js | 8 +++++++ .cypress/support/e2e.js | 2 ++ .cypress/{utils => support}/index.d.ts | 8 +++---- cypress.config.js | 2 ++ 7 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 .cypress/fixtures/saml/samlUserRoleMappiing.json rename .cypress/{utils => support}/commands.js (53%) rename .cypress/{utils => support}/constants.js (85%) rename .cypress/{utils => support}/index.d.ts (73%) diff --git a/.cypress/e2e/saml/saml_auth_test.spec.js b/.cypress/e2e/saml/saml_auth_test.spec.js index 7784abdf4..961178022 100644 --- a/.cypress/e2e/saml/saml_auth_test.spec.js +++ b/.cypress/e2e/saml/saml_auth_test.spec.js @@ -18,10 +18,21 @@ * SPDX-License-Identifier: Apache-2.0 */ +import { ALL_ACCESS_ROLE } from '../../support/constants'; + +import samlUserRoleMapping from '../../fixtures/saml/samlUserRoleMappiing.json' + +before(() => { + cy.intercept('https://localhost:9200'); + cy.createRoleMapping(ALL_ACCESS_ROLE, samlUserRoleMapping); + cy.clearCookies(); + cy.clearLocalStorage(); +}); + afterEach(() => { - cy.clearCookies(); - cy.clearLocalStorage(); - }); + cy.clearCookies(); + cy.clearLocalStorage(); +}); describe('Log in via SAML', () => { const samlLogin = () => { diff --git a/.cypress/fixtures/saml/samlUserRoleMappiing.json b/.cypress/fixtures/saml/samlUserRoleMappiing.json new file mode 100644 index 000000000..b1f015cfc --- /dev/null +++ b/.cypress/fixtures/saml/samlUserRoleMappiing.json @@ -0,0 +1,4 @@ +{ + "backend_roles" : [ "admin" ], + "users" : [ "saml.jackson@example.com" ] +} diff --git a/.cypress/utils/commands.js b/.cypress/support/commands.js similarity index 53% rename from .cypress/utils/commands.js rename to .cypress/support/commands.js index 7291d4060..dcd94d171 100644 --- a/.cypress/utils/commands.js +++ b/.cypress/support/commands.js @@ -18,7 +18,28 @@ * SPDX-License-Identifier: Apache-2.0 */ -import { SEC_API } from "./constants"; +import { SEC_API, ADMIN_AUTH } from "./constants"; + +/** + * Overwrite request command to support authentication similar to visit. + * The request function parameters can be url, or (method, url), or (method, url, body). + */ +Cypress.Commands.overwrite('request', (originalFn, ...args) => { + let defaults = {}; + defaults.auth = ADMIN_AUTH; + let options = {}; + if (typeof args[0] === 'object' && args[0] !== null) { + options = Object.assign({}, args[0]); + } else if (args.length === 1) { + [options.url] = args; + } else if (args.length === 2) { + [options.method, options.url] = args; + } else if (args.length === 3) { + [options.method, options.url, options.body] = args; + } + + return originalFn(Object.assign({}, defaults, options)); +}); Cypress.Commands.add('createRoleMapping', (roleID, rolemappingJson) => { cy.request( diff --git a/.cypress/utils/constants.js b/.cypress/support/constants.js similarity index 85% rename from .cypress/utils/constants.js rename to .cypress/support/constants.js index b2bef6afc..95cb4da04 100644 --- a/.cypress/utils/constants.js +++ b/.cypress/support/constants.js @@ -24,6 +24,14 @@ ***************************** */ +export const ALL_ACCESS_ROLE = 'all_access'; + +//Admin Credential +export const ADMIN_AUTH = { + username: Cypress.env('adminUserName'), + password: Cypress.env('adminPassword'), +}; + //Security API Constants export const SEC_API_PREFIX = '/_plugins/_security/api'; export const SEC_API = { diff --git a/.cypress/support/e2e.js b/.cypress/support/e2e.js index 53672f05d..433a1cab9 100644 --- a/.cypress/support/e2e.js +++ b/.cypress/support/e2e.js @@ -32,3 +32,5 @@ // You can read more here: // https://on.cypress.io/configuration // *********************************************************** + +import './commands'; diff --git a/.cypress/utils/index.d.ts b/.cypress/support/index.d.ts similarity index 73% rename from .cypress/utils/index.d.ts rename to .cypress/support/index.d.ts index 385ca69fd..3a6ba4f71 100644 --- a/.cypress/utils/index.d.ts +++ b/.cypress/support/index.d.ts @@ -8,9 +8,9 @@ declare namespace Cypress { * @example * cy.createRoleMapping('role_name', rolemappingJsonFixture ) */ - createRoleMapping( - roleID: string, - rolemappingJson: string - ): Chainable; + createRoleMapping( + roleID: string, + rolemappingJson: string + ): Chainable; } } \ No newline at end of file diff --git a/cypress.config.js b/cypress.config.js index 14de9819e..77941deca 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -29,5 +29,7 @@ module.exports = defineConfig({ }, env: { openSearchUrl: 'https://localhost:9200', + adminUserName: 'admin', + adminPassword: 'admin', }, }); From 382af993b3cb5b9e77e9b4deab1fa3fdf8e953fe Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 22 Nov 2023 14:56:23 -0800 Subject: [PATCH 087/114] Add an echo for setup script Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index eadf7c7ab..7cf3d7c99 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -121,6 +121,8 @@ jobs: run: | echo "running linux setup" chmod +x ./setup.sh + echo "THIS IS THE SETUP SCRIPT !!!" + cat ./setup.sh ./setup.sh shell: bash From 614d2fa3b6189af6a14aea7a40c2eedd62231b03 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 22 Nov 2023 15:59:27 -0800 Subject: [PATCH 088/114] Add a ls for script running step Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-saml-e2e.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 7cf3d7c99..aac47dd11 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -121,6 +121,7 @@ jobs: run: | echo "running linux setup" chmod +x ./setup.sh + ls echo "THIS IS THE SETUP SCRIPT !!!" cat ./setup.sh ./setup.sh From 034e1f3d2127d7a0b74ade4aeee0ff7639dfcbab Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 22 Nov 2023 17:33:09 -0800 Subject: [PATCH 089/114] Add admin step manually for now Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 9 ++++++++- .github/workflows/cypress-test-saml-e2e.yml | 7 +++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 19bbced15..5f3111d04 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -113,7 +113,14 @@ jobs: yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" config.yml yq -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml cd ../../.. - + + # TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT + - name: Write password to initialAdminPassword location + if: ${{ runner.os == 'Linux'}} + run: + echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt + shell: bash + # Run any configuration scripts - name: Run Setup Script for Linux if: ${{ runner.os == 'Linux' }} diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index aac47dd11..a498dcac3 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -57,6 +57,13 @@ jobs: rm -f opensearch-*.tar.gz shell: bash + # TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT + - name: Write password to initialAdminPassword location + if: ${{ runner.os == 'Linux'}} + run: + echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt + shell: bash + # Install the security plugin - name: Install Plugin into OpenSearch for Linux if: ${{ runner.os == 'Linux'}} From 1ecc1167d78fc4a22b7b66970f1fdc478365755c Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 22 Nov 2023 18:45:01 -0800 Subject: [PATCH 090/114] Add fake visit for saml test Signed-off-by: Ryan Liang --- .cypress/e2e/saml/saml_auth_test.spec.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.cypress/e2e/saml/saml_auth_test.spec.js b/.cypress/e2e/saml/saml_auth_test.spec.js index 961178022..1ef6350b8 100644 --- a/.cypress/e2e/saml/saml_auth_test.spec.js +++ b/.cypress/e2e/saml/saml_auth_test.spec.js @@ -24,6 +24,10 @@ import samlUserRoleMapping from '../../fixtures/saml/samlUserRoleMappiing.json' before(() => { cy.intercept('https://localhost:9200'); + + //Fake visit() before request: https://github.com/cypress-io/cypress/issues/25397#issuecomment-1402556488 + cy.visit('http://localhost:5601'); + cy.createRoleMapping(ALL_ACCESS_ROLE, samlUserRoleMapping); cy.clearCookies(); cy.clearLocalStorage(); From 3a164e80aa5a53892bdde2ddeb0fd3c705da7cb4 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 22 Nov 2023 19:08:16 -0800 Subject: [PATCH 091/114] Update comments Signed-off-by: Ryan Liang --- .cypress/e2e/saml/saml_auth_test.spec.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.cypress/e2e/saml/saml_auth_test.spec.js b/.cypress/e2e/saml/saml_auth_test.spec.js index 1ef6350b8..450f0752f 100644 --- a/.cypress/e2e/saml/saml_auth_test.spec.js +++ b/.cypress/e2e/saml/saml_auth_test.spec.js @@ -25,7 +25,8 @@ import samlUserRoleMapping from '../../fixtures/saml/samlUserRoleMappiing.json' before(() => { cy.intercept('https://localhost:9200'); - //Fake visit() before request: https://github.com/cypress-io/cypress/issues/25397#issuecomment-1402556488 + // Avoid Cypress lock onto the ipv4 range, so fake `visit()` before `request()`. + // See: https://github.com/cypress-io/cypress/issues/25397#issuecomment-1402556488 cy.visit('http://localhost:5601'); cy.createRoleMapping(ALL_ACCESS_ROLE, samlUserRoleMapping); From 46edd8276cbe24f3dc46148062040bc9cb7abb51 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 24 Nov 2023 10:08:54 -0800 Subject: [PATCH 092/114] Remove pkg lock json file Signed-off-by: Ryan Liang --- package-lock.json | 1485 --------------------------------------------- 1 file changed, 1485 deletions(-) delete mode 100644 package-lock.json diff --git a/package-lock.json b/package-lock.json deleted file mode 100644 index 4f6a79383..000000000 --- a/package-lock.json +++ /dev/null @@ -1,1485 +0,0 @@ -{ - "name": "opensearch-security-dashboards", - "version": "3.0.0.0", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "@colors/colors": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz", - "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==", - "dev": true, - "optional": true - }, - "@cypress/request": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.1.tgz", - "integrity": "sha512-TWivJlJi8ZDx2wGOw1dbLuHJKUYX7bWySw377nlnGOW3hP9/MUKIsEdXT/YngWxVdgNCHRBmFlBipE+5/2ZZlQ==", - "dev": true, - "requires": { - "aws-sign2": "~0.7.0", - "aws4": "^1.8.0", - "caseless": "~0.12.0", - "combined-stream": "~1.0.6", - "extend": "~3.0.2", - "forever-agent": "~0.6.1", - "form-data": "~2.3.2", - "http-signature": "~1.3.6", - "is-typedarray": "~1.0.0", - "isstream": "~0.1.2", - "json-stringify-safe": "~5.0.1", - "mime-types": "~2.1.19", - "performance-now": "^2.1.0", - "qs": "6.10.4", - "safe-buffer": "^5.1.2", - "tough-cookie": "^4.1.3", - "tunnel-agent": "^0.6.0", - "uuid": "^8.3.2" - } - }, - "@cypress/xvfb": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/@cypress/xvfb/-/xvfb-1.2.4.tgz", - "integrity": "sha512-skbBzPggOVYCbnGgV+0dmBdW/s77ZkAOXIC1knS8NagwDjBrNC1LuXtQJeiN6l+m7lzmHtaoUw/ctJKdqkG57Q==", - "dev": true, - "requires": { - "debug": "^3.1.0", - "lodash.once": "^4.1.1" - }, - "dependencies": { - "debug": { - "version": "3.2.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", - "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", - "dev": true, - "requires": { - "ms": "^2.1.1" - } - } - } - }, - "@types/node": { - "version": "16.18.48", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.48.tgz", - "integrity": "sha512-mlaecDKQ7rIZrYD7iiKNdzFb6e/qD5I9U1rAhq+Fd+DWvYVs+G2kv74UFHmSOlg5+i/vF3XxuR522V4u8BqO+Q==", - "dev": true - }, - "@types/sinonjs__fake-timers": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.1.tgz", - "integrity": "sha512-0kSuKjAS0TrGLJ0M/+8MaFkGsQhZpB6pxOmvS3K8FYI72K//YmdfoW9X2qPsAKh1mkwxGD5zib9s1FIFed6E8g==", - "dev": true - }, - "@types/sizzle": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/@types/sizzle/-/sizzle-2.3.3.tgz", - "integrity": "sha512-JYM8x9EGF163bEyhdJBpR2QX1R5naCJHC8ucJylJ3w9/CVBaskdQ8WqBf8MmQrd1kRvp/a4TS8HJ+bxzR7ZJYQ==", - "dev": true - }, - "@types/yauzl": { - "version": "2.10.0", - "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.0.tgz", - "integrity": "sha512-Cn6WYCm0tXv8p6k+A8PvbDG763EDpBoTzHdA+Q/MF6H3sapGjCm9NzoaJncJS9tUKSuCoDs9XHxYYsQDgxR6kw==", - "dev": true, - "optional": true, - "requires": { - "@types/node": "*" - } - }, - "aggregate-error": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", - "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", - "dev": true, - "requires": { - "clean-stack": "^2.0.0", - "indent-string": "^4.0.0" - } - }, - "ansi-colors": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.3.tgz", - "integrity": "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==", - "dev": true - }, - "ansi-escapes": { - "version": "4.3.2", - "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", - "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==", - "dev": true, - "requires": { - "type-fest": "^0.21.3" - } - }, - "ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true - }, - "ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, - "requires": { - "color-convert": "^2.0.1" - } - }, - "arch": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/arch/-/arch-2.2.0.tgz", - "integrity": "sha512-Of/R0wqp83cgHozfIYLbBMnej79U/SVGOOyuB3VVFv1NRM/PSFMK12x9KVtiYzJqmnU5WR2qp0Z5rHb7sWGnFQ==", - "dev": true - }, - "asn1": { - "version": "0.2.6", - "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz", - "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==", - "dev": true, - "requires": { - "safer-buffer": "~2.1.0" - } - }, - "assert-plus": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz", - "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==", - "dev": true - }, - "astral-regex": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", - "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==", - "dev": true - }, - "async": { - "version": "3.2.4", - "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz", - "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==", - "dev": true - }, - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", - "dev": true - }, - "at-least-node": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz", - "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==", - "dev": true - }, - "aws-sign2": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz", - "integrity": "sha512-08kcGqnYf/YmjoRhfxyu+CLxBjUtHLXLXX/vUfx9l2LYzG3c1m61nrpyFUZI6zeS+Li/wWMMidD9KgrqtGq3mA==", - "dev": true - }, - "aws4": { - "version": "1.12.0", - "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.12.0.tgz", - "integrity": "sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg==", - "dev": true - }, - "balanced-match": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", - "dev": true - }, - "base64-js": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", - "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", - "dev": true - }, - "bcrypt-pbkdf": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz", - "integrity": "sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w==", - "dev": true, - "requires": { - "tweetnacl": "^0.14.3" - } - }, - "blob-util": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/blob-util/-/blob-util-2.0.2.tgz", - "integrity": "sha512-T7JQa+zsXXEa6/8ZhHcQEW1UFfVM49Ts65uBkFL6fz2QmrElqmbajIDJvuA0tEhRe5eIjpV9ZF+0RfZR9voJFQ==", - "dev": true - }, - "bluebird": { - "version": "3.7.2", - "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz", - "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==", - "dev": true - }, - "brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "dev": true, - "requires": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" - } - }, - "buffer": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", - "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", - "dev": true, - "requires": { - "base64-js": "^1.3.1", - "ieee754": "^1.1.13" - } - }, - "buffer-crc32": { - "version": "0.2.13", - "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", - "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==", - "dev": true - }, - "cachedir": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/cachedir/-/cachedir-2.4.0.tgz", - "integrity": "sha512-9EtFOZR8g22CL7BWjJ9BUx1+A/djkofnyW3aOXZORNW2kxoUpx2h+uN2cOqwPmFhnpVmxg+KW2OjOSgChTEvsQ==", - "dev": true - }, - "call-bind": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", - "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", - "dev": true, - "requires": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" - } - }, - "caseless": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz", - "integrity": "sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==", - "dev": true - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "dev": true, - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - }, - "dependencies": { - "supports-color": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "dev": true, - "requires": { - "has-flag": "^4.0.0" - } - } - } - }, - "check-more-types": { - "version": "2.24.0", - "resolved": "https://registry.npmjs.org/check-more-types/-/check-more-types-2.24.0.tgz", - "integrity": "sha512-Pj779qHxV2tuapviy1bSZNEL1maXr13bPYpsvSDB68HlYcYuhlDrmGd63i0JHMCLKzc7rUSNIrpdJlhVlNwrxA==", - "dev": true - }, - "ci-info": { - "version": "3.8.0", - "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.8.0.tgz", - "integrity": "sha512-eXTggHWSooYhq49F2opQhuHWgzucfF2YgODK4e1566GQs5BIfP30B0oenwBJHfWxAs2fyPB1s7Mg949zLf61Yw==", - "dev": true - }, - "clean-stack": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", - "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", - "dev": true - }, - "cli-cursor": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", - "integrity": "sha512-I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw==", - "dev": true, - "requires": { - "restore-cursor": "^3.1.0" - } - }, - "cli-table3": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.3.tgz", - "integrity": "sha512-w5Jac5SykAeZJKntOxJCrm63Eg5/4dhMWIcuTbo9rpE+brgaSZo0RuNJZeOyMgsUdhDeojvgyQLmjI+K50ZGyg==", - "dev": true, - "requires": { - "@colors/colors": "1.5.0", - "string-width": "^4.2.0" - } - }, - "cli-truncate": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-2.1.0.tgz", - "integrity": "sha512-n8fOixwDD6b/ObinzTrp1ZKFzbgvKZvuz/TvejnLn1aQfC6r52XEx85FmuC+3HI+JM7coBRXUvNqEU2PHVrHpg==", - "dev": true, - "requires": { - "slice-ansi": "^3.0.0", - "string-width": "^4.2.0" - } - }, - "color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, - "requires": { - "color-name": "~1.1.4" - } - }, - "color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true - }, - "colorette": { - "version": "2.0.20", - "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz", - "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==", - "dev": true - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dev": true, - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "commander": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-6.2.1.tgz", - "integrity": "sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==", - "dev": true - }, - "common-tags": { - "version": "1.8.2", - "resolved": "https://registry.npmjs.org/common-tags/-/common-tags-1.8.2.tgz", - "integrity": "sha512-gk/Z852D2Wtb//0I+kRFNKKE9dIIVirjoqPoA1wJU+XePVXZfGeBpk45+A1rKO4Q43prqWBNY/MiIeRLbPWUaA==", - "dev": true - }, - "concat-map": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", - "dev": true - }, - "core-util-is": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", - "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==", - "dev": true - }, - "cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", - "dev": true, - "requires": { - "path-key": "^3.1.0", - "shebang-command": "^2.0.0", - "which": "^2.0.1" - } - }, - "cypress": { - "version": "13.1.0", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.1.0.tgz", - "integrity": "sha512-LUKxCYlB973QBFls1Up4FAE9QIYobT+2I8NvvAwMfQS2YwsWbr6yx7y9hmsk97iqbHkKwZW3MRjoK1RToBFVdQ==", - "dev": true, - "requires": { - "@cypress/request": "^3.0.0", - "@cypress/xvfb": "^1.2.4", - "@types/node": "^16.18.39", - "@types/sinonjs__fake-timers": "8.1.1", - "@types/sizzle": "^2.3.2", - "arch": "^2.2.0", - "blob-util": "^2.0.2", - "bluebird": "^3.7.2", - "buffer": "^5.6.0", - "cachedir": "^2.3.0", - "chalk": "^4.1.0", - "check-more-types": "^2.24.0", - "cli-cursor": "^3.1.0", - "cli-table3": "~0.6.1", - "commander": "^6.2.1", - "common-tags": "^1.8.0", - "dayjs": "^1.10.4", - "debug": "^4.3.4", - "enquirer": "^2.3.6", - "eventemitter2": "6.4.7", - "execa": "4.1.0", - "executable": "^4.1.1", - "extract-zip": "2.0.1", - "figures": "^3.2.0", - "fs-extra": "^9.1.0", - "getos": "^3.2.1", - "is-ci": "^3.0.0", - "is-installed-globally": "~0.4.0", - "lazy-ass": "^1.6.0", - "listr2": "^3.8.3", - "lodash": "^4.17.21", - "log-symbols": "^4.0.0", - "minimist": "^1.2.8", - "ospath": "^1.2.2", - "pretty-bytes": "^5.6.0", - "process": "^0.11.10", - "proxy-from-env": "1.0.0", - "request-progress": "^3.0.0", - "semver": "^7.5.3", - "supports-color": "^8.1.1", - "tmp": "~0.2.1", - "untildify": "^4.0.0", - "yauzl": "^2.10.0" - } - }, - "dashdash": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz", - "integrity": "sha512-jRFi8UDGo6j+odZiEpjazZaWqEal3w/basFjQHQEwVtZJGDpxbH1MeYluwCS8Xq5wmLJooDlMgvVarmWfGM44g==", - "dev": true, - "requires": { - "assert-plus": "^1.0.0" - } - }, - "dayjs": { - "version": "1.11.9", - "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.9.tgz", - "integrity": "sha512-QvzAURSbQ0pKdIye2txOzNaHmxtUBXerpY0FJsFXUMKbIZeFm5ht1LS/jFsrncjnmtv8HsG0W2g6c0zUjZWmpA==", - "dev": true - }, - "debug": { - "version": "4.3.4", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", - "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", - "dev": true, - "requires": { - "ms": "2.1.2" - }, - "dependencies": { - "ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "dev": true - } - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "dev": true - }, - "ecc-jsbn": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", - "integrity": "sha512-eh9O+hwRHNbG4BLTjEl3nw044CkGm5X6LoaCf7LPp7UU8Qrt47JYNi6nPX8xjW97TKGKm1ouctg0QSpZe9qrnw==", - "dev": true, - "requires": { - "jsbn": "~0.1.0", - "safer-buffer": "^2.1.0" - } - }, - "emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "dev": true - }, - "end-of-stream": { - "version": "1.4.4", - "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", - "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", - "dev": true, - "requires": { - "once": "^1.4.0" - } - }, - "enquirer": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", - "integrity": "sha512-rRqJg/6gd538VHvR3PSrdRBb/1Vy2YfzHqzvbhGIQpDRKIa4FgV/54b5Q1xYSxOOwKvjXweS26E0Q+nAMwp2pQ==", - "dev": true, - "requires": { - "ansi-colors": "^4.1.1", - "strip-ansi": "^6.0.1" - } - }, - "escape-string-regexp": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", - "dev": true - }, - "eventemitter2": { - "version": "6.4.7", - "resolved": "https://registry.npmjs.org/eventemitter2/-/eventemitter2-6.4.7.tgz", - "integrity": "sha512-tYUSVOGeQPKt/eC1ABfhHy5Xd96N3oIijJvN3O9+TsC28T5V9yX9oEfEK5faP0EFSNVOG97qtAS68GBrQB2hDg==", - "dev": true - }, - "execa": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-4.1.0.tgz", - "integrity": "sha512-j5W0//W7f8UxAn8hXVnwG8tLwdiUy4FJLcSupCg6maBYZDpyBvTApK7KyuI4bKj8KOh1r2YH+6ucuYtJv1bTZA==", - "dev": true, - "requires": { - "cross-spawn": "^7.0.0", - "get-stream": "^5.0.0", - "human-signals": "^1.1.1", - "is-stream": "^2.0.0", - "merge-stream": "^2.0.0", - "npm-run-path": "^4.0.0", - "onetime": "^5.1.0", - "signal-exit": "^3.0.2", - "strip-final-newline": "^2.0.0" - } - }, - "executable": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/executable/-/executable-4.1.1.tgz", - "integrity": "sha512-8iA79xD3uAch729dUG8xaaBBFGaEa0wdD2VkYLFHwlqosEj/jT66AzcreRDSgV7ehnNLBW2WR5jIXwGKjVdTLg==", - "dev": true, - "requires": { - "pify": "^2.2.0" - } - }, - "extend": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", - "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==", - "dev": true - }, - "extract-zip": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-2.0.1.tgz", - "integrity": "sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg==", - "dev": true, - "requires": { - "@types/yauzl": "^2.9.1", - "debug": "^4.1.1", - "get-stream": "^5.1.0", - "yauzl": "^2.10.0" - } - }, - "extsprintf": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz", - "integrity": "sha512-11Ndz7Nv+mvAC1j0ktTa7fAb0vLyGGX+rMHNBYQviQDGU0Hw7lhctJANqbPhu9nV9/izT/IntTgZ7Im/9LJs9g==", - "dev": true - }, - "fd-slicer": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", - "integrity": "sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==", - "dev": true, - "requires": { - "pend": "~1.2.0" - } - }, - "figures": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", - "integrity": "sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==", - "dev": true, - "requires": { - "escape-string-regexp": "^1.0.5" - } - }, - "forever-agent": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz", - "integrity": "sha512-j0KLYPhm6zeac4lz3oJ3o65qvgQCcPubiyotZrXqEaG4hNagNYO8qdlUrX5vwqv9ohqeT/Z3j6+yW067yWWdUw==", - "dev": true - }, - "form-data": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz", - "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==", - "dev": true, - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.6", - "mime-types": "^2.1.12" - } - }, - "fs-extra": { - "version": "9.1.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", - "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", - "dev": true, - "requires": { - "at-least-node": "^1.0.0", - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - }, - "dependencies": { - "universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", - "dev": true - } - } - }, - "fs.realpath": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", - "dev": true - }, - "function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", - "dev": true - }, - "get-intrinsic": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz", - "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==", - "dev": true, - "requires": { - "function-bind": "^1.1.1", - "has": "^1.0.3", - "has-proto": "^1.0.1", - "has-symbols": "^1.0.3" - } - }, - "get-stream": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", - "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", - "dev": true, - "requires": { - "pump": "^3.0.0" - } - }, - "getos": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/getos/-/getos-3.2.1.tgz", - "integrity": "sha512-U56CfOK17OKgTVqozZjUKNdkfEv6jk5WISBJ8SHoagjE6L69zOwl3Z+O8myjY9MEW3i2HPWQBt/LTbCgcC973Q==", - "dev": true, - "requires": { - "async": "^3.2.0" - } - }, - "getpass": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz", - "integrity": "sha512-0fzj9JxOLfJ+XGLhR8ze3unN0KZCgZwiSSDz168VERjK8Wl8kVSdcu2kspd4s4wtAa1y/qrVRiAA0WclVsu0ng==", - "dev": true, - "requires": { - "assert-plus": "^1.0.0" - } - }, - "glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "dev": true, - "requires": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - } - }, - "global-dirs": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/global-dirs/-/global-dirs-3.0.1.tgz", - "integrity": "sha512-NBcGGFbBA9s1VzD41QXDG+3++t9Mn5t1FpLdhESY6oKY4gYTFpX4wO3sqGUa0Srjtbfj3szX0RnemmrVRUdULA==", - "dev": true, - "requires": { - "ini": "2.0.0" - } - }, - "graceful-fs": { - "version": "4.2.11", - "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", - "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", - "dev": true - }, - "has": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", - "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", - "dev": true, - "requires": { - "function-bind": "^1.1.1" - } - }, - "has-flag": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", - "dev": true - }, - "has-proto": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", - "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==", - "dev": true - }, - "has-symbols": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", - "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", - "dev": true - }, - "http-signature": { - "version": "1.3.6", - "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.3.6.tgz", - "integrity": "sha512-3adrsD6zqo4GsTqtO7FyrejHNv+NgiIfAfv68+jVlFmSr9OGy7zrxONceFRLKvnnZA5jbxQBX1u9PpB6Wi32Gw==", - "dev": true, - "requires": { - "assert-plus": "^1.0.0", - "jsprim": "^2.0.2", - "sshpk": "^1.14.1" - } - }, - "human-signals": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz", - "integrity": "sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw==", - "dev": true - }, - "ieee754": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", - "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", - "dev": true - }, - "indent-string": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", - "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", - "dev": true - }, - "inflight": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", - "dev": true, - "requires": { - "once": "^1.3.0", - "wrappy": "1" - } - }, - "inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", - "dev": true - }, - "ini": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", - "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", - "dev": true - }, - "is-ci": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/is-ci/-/is-ci-3.0.1.tgz", - "integrity": "sha512-ZYvCgrefwqoQ6yTyYUbQu64HsITZ3NfKX1lzaEYdkTDcfKzzCI/wthRRYKkdjHKFVgNiXKAKm65Zo1pk2as/QQ==", - "dev": true, - "requires": { - "ci-info": "^3.2.0" - } - }, - "is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", - "dev": true - }, - "is-installed-globally": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/is-installed-globally/-/is-installed-globally-0.4.0.tgz", - "integrity": "sha512-iwGqO3J21aaSkC7jWnHP/difazwS7SFeIqxv6wEtLU8Y5KlzFTjyqcSIT0d8s4+dDhKytsk9PJZ2BkS5eZwQRQ==", - "dev": true, - "requires": { - "global-dirs": "^3.0.0", - "is-path-inside": "^3.0.2" - } - }, - "is-path-inside": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", - "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", - "dev": true - }, - "is-stream": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", - "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", - "dev": true - }, - "is-typedarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz", - "integrity": "sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==", - "dev": true - }, - "is-unicode-supported": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", - "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", - "dev": true - }, - "isexe": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", - "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", - "dev": true - }, - "isstream": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz", - "integrity": "sha512-Yljz7ffyPbrLpLngrMtZ7NduUgVvi6wG9RJ9IUcyCd59YQ911PBJphODUcbOVbqYfxe1wuYf/LJ8PauMRwsM/g==", - "dev": true - }, - "jsbn": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz", - "integrity": "sha512-UVU9dibq2JcFWxQPA6KCqj5O42VOmAY3zQUfEKxU0KpTGXwNoCjkX1e13eHNvw/xPynt6pU0rZ1htjWTNTSXsg==", - "dev": true - }, - "json-schema": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz", - "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==", - "dev": true - }, - "json-stringify-safe": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", - "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", - "dev": true - }, - "jsonfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", - "dev": true, - "requires": { - "graceful-fs": "^4.1.6", - "universalify": "^2.0.0" - }, - "dependencies": { - "universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", - "dev": true - } - } - }, - "jsprim": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-2.0.2.tgz", - "integrity": "sha512-gqXddjPqQ6G40VdnI6T6yObEC+pDNvyP95wdQhkWkg7crHH3km5qP1FsOXEkzEQwnz6gz5qGTn1c2Y52wP3OyQ==", - "dev": true, - "requires": { - "assert-plus": "1.0.0", - "extsprintf": "1.3.0", - "json-schema": "0.4.0", - "verror": "1.10.0" - } - }, - "lazy-ass": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/lazy-ass/-/lazy-ass-1.6.0.tgz", - "integrity": "sha512-cc8oEVoctTvsFZ/Oje/kGnHbpWHYBe8IAJe4C0QNc3t8uM/0Y8+erSz/7Y1ALuXTEZTMvxXwO6YbX1ey3ujiZw==", - "dev": true - }, - "listr2": { - "version": "3.14.0", - "resolved": "https://registry.npmjs.org/listr2/-/listr2-3.14.0.tgz", - "integrity": "sha512-TyWI8G99GX9GjE54cJ+RrNMcIFBfwMPxc3XTFiAYGN4s10hWROGtOg7+O6u6LE3mNkyld7RSLE6nrKBvTfcs3g==", - "dev": true, - "requires": { - "cli-truncate": "^2.1.0", - "colorette": "^2.0.16", - "log-update": "^4.0.0", - "p-map": "^4.0.0", - "rfdc": "^1.3.0", - "rxjs": "^7.5.1", - "through": "^2.3.8", - "wrap-ansi": "^7.0.0" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", - "dev": true - }, - "lodash.once": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", - "dev": true - }, - "log-symbols": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", - "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", - "dev": true, - "requires": { - "chalk": "^4.1.0", - "is-unicode-supported": "^0.1.0" - } - }, - "log-update": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/log-update/-/log-update-4.0.0.tgz", - "integrity": "sha512-9fkkDevMefjg0mmzWFBW8YkFP91OrizzkW3diF7CpG+S2EYdy4+TVfGwz1zeF8x7hCx1ovSPTOE9Ngib74qqUg==", - "dev": true, - "requires": { - "ansi-escapes": "^4.3.0", - "cli-cursor": "^3.1.0", - "slice-ansi": "^4.0.0", - "wrap-ansi": "^6.2.0" - }, - "dependencies": { - "slice-ansi": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", - "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==", - "dev": true, - "requires": { - "ansi-styles": "^4.0.0", - "astral-regex": "^2.0.0", - "is-fullwidth-code-point": "^3.0.0" - } - }, - "wrap-ansi": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", - "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", - "dev": true, - "requires": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - } - } - } - }, - "lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "dev": true, - "requires": { - "yallist": "^4.0.0" - } - }, - "merge-stream": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", - "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", - "dev": true - }, - "mime-db": { - "version": "1.52.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", - "dev": true - }, - "mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", - "dev": true, - "requires": { - "mime-db": "1.52.0" - } - }, - "mimic-fn": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", - "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", - "dev": true - }, - "minimatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", - "dev": true, - "requires": { - "brace-expansion": "^1.1.7" - } - }, - "minimist": { - "version": "1.2.8", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", - "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", - "dev": true - }, - "ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", - "dev": true - }, - "npm-run-path": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", - "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", - "dev": true, - "requires": { - "path-key": "^3.0.0" - } - }, - "object-inspect": { - "version": "1.12.3", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", - "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==", - "dev": true - }, - "once": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", - "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", - "dev": true, - "requires": { - "wrappy": "1" - } - }, - "onetime": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", - "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", - "dev": true, - "requires": { - "mimic-fn": "^2.1.0" - } - }, - "ospath": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/ospath/-/ospath-1.2.2.tgz", - "integrity": "sha512-o6E5qJV5zkAbIDNhGSIlyOhScKXgQrSRMilfph0clDfM0nEnBOlKlH4sWDmG95BW/CvwNz0vmm7dJVtU2KlMiA==", - "dev": true - }, - "p-map": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz", - "integrity": "sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==", - "dev": true, - "requires": { - "aggregate-error": "^3.0.0" - } - }, - "path-is-absolute": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", - "dev": true - }, - "path-key": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", - "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", - "dev": true - }, - "pend": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", - "integrity": "sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==", - "dev": true - }, - "performance-now": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz", - "integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==", - "dev": true - }, - "pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", - "dev": true - }, - "pretty-bytes": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.6.0.tgz", - "integrity": "sha512-FFw039TmrBqFK8ma/7OL3sDz/VytdtJr044/QUJtH0wK9lb9jLq9tJyIxUwtQJHwar2BqtiA4iCWSwo9JLkzFg==", - "dev": true - }, - "process": { - "version": "0.11.10", - "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", - "integrity": "sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A==", - "dev": true - }, - "proxy-from-env": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.0.0.tgz", - "integrity": "sha512-F2JHgJQ1iqwnHDcQjVBsq3n/uoaFL+iPW/eAeL7kVxy/2RrWaN4WroKjjvbsoRtv0ftelNyC01bjRhn/bhcf4A==", - "dev": true - }, - "psl": { - "version": "1.9.0", - "resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz", - "integrity": "sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==", - "dev": true - }, - "pump": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", - "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", - "dev": true, - "requires": { - "end-of-stream": "^1.1.0", - "once": "^1.3.1" - } - }, - "punycode": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.0.tgz", - "integrity": "sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==", - "dev": true - }, - "qs": { - "version": "6.10.4", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.10.4.tgz", - "integrity": "sha512-OQiU+C+Ds5qiH91qh/mg0w+8nwQuLjM4F4M/PbmhDOoYehPh+Fb0bDjtR1sOvy7YKxvj28Y/M0PhP5uVX0kB+g==", - "dev": true, - "requires": { - "side-channel": "^1.0.4" - } - }, - "querystringify": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", - "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==", - "dev": true - }, - "request-progress": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/request-progress/-/request-progress-3.0.0.tgz", - "integrity": "sha512-MnWzEHHaxHO2iWiQuHrUPBi/1WeBf5PkxQqNyNvLl9VAYSdXkP8tQ3pBSeCPD+yw0v0Aq1zosWLz0BdeXpWwZg==", - "dev": true, - "requires": { - "throttleit": "^1.0.0" - } - }, - "requires-port": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", - "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==", - "dev": true - }, - "restore-cursor": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", - "integrity": "sha512-l+sSefzHpj5qimhFSE5a8nufZYAM3sBSVMAPtYkmC+4EH2anSGaEMXSD0izRQbu9nfyQ9y5JrVmp7E8oZrUjvA==", - "dev": true, - "requires": { - "onetime": "^5.1.0", - "signal-exit": "^3.0.2" - } - }, - "rfdc": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.0.tgz", - "integrity": "sha512-V2hovdzFbOi77/WajaSMXk2OLm+xNIeQdMMuB7icj7bk6zi2F8GGAxigcnDFpJHbNyNcgyJDiP+8nOrY5cZGrA==", - "dev": true - }, - "rimraf": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", - "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", - "dev": true, - "requires": { - "glob": "^7.1.3" - } - }, - "rxjs": { - "version": "7.8.1", - "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", - "integrity": "sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg==", - "dev": true, - "requires": { - "tslib": "^2.1.0" - } - }, - "safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "dev": true - }, - "safer-buffer": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", - "dev": true - }, - "semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", - "dev": true, - "requires": { - "lru-cache": "^6.0.0" - } - }, - "shebang-command": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", - "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", - "dev": true, - "requires": { - "shebang-regex": "^3.0.0" - } - }, - "shebang-regex": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", - "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", - "dev": true - }, - "side-channel": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", - "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", - "dev": true, - "requires": { - "call-bind": "^1.0.0", - "get-intrinsic": "^1.0.2", - "object-inspect": "^1.9.0" - } - }, - "signal-exit": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", - "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", - "dev": true - }, - "slice-ansi": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz", - "integrity": "sha512-pSyv7bSTC7ig9Dcgbw9AuRNUb5k5V6oDudjZoMBSr13qpLBG7tB+zgCkARjq7xIUgdz5P1Qe8u+rSGdouOOIyQ==", - "dev": true, - "requires": { - "ansi-styles": "^4.0.0", - "astral-regex": "^2.0.0", - "is-fullwidth-code-point": "^3.0.0" - } - }, - "sshpk": { - "version": "1.17.0", - "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.17.0.tgz", - "integrity": "sha512-/9HIEs1ZXGhSPE8X6Ccm7Nam1z8KcoCqPdI7ecm1N33EzAetWahvQWVqLZtaZQ+IDKX4IyA2o0gBzqIMkAagHQ==", - "dev": true, - "requires": { - "asn1": "~0.2.3", - "assert-plus": "^1.0.0", - "bcrypt-pbkdf": "^1.0.0", - "dashdash": "^1.12.0", - "ecc-jsbn": "~0.1.1", - "getpass": "^0.1.1", - "jsbn": "~0.1.0", - "safer-buffer": "^2.0.2", - "tweetnacl": "~0.14.0" - } - }, - "string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "requires": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - } - }, - "strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "requires": { - "ansi-regex": "^5.0.1" - } - }, - "strip-final-newline": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", - "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", - "dev": true - }, - "supports-color": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", - "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", - "dev": true, - "requires": { - "has-flag": "^4.0.0" - } - }, - "throttleit": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-1.0.0.tgz", - "integrity": "sha512-rkTVqu6IjfQ/6+uNuuc3sZek4CEYxTJom3IktzgdSxcZqdARuebbA/f4QmAxMQIxqq9ZLEUkSYqvuk1I6VKq4g==", - "dev": true - }, - "through": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", - "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==", - "dev": true - }, - "tmp": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz", - "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==", - "dev": true, - "requires": { - "rimraf": "^3.0.0" - } - }, - "tough-cookie": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", - "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", - "dev": true, - "requires": { - "psl": "^1.1.33", - "punycode": "^2.1.1", - "universalify": "^0.2.0", - "url-parse": "^1.5.3" - } - }, - "tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==", - "dev": true - }, - "tunnel-agent": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", - "integrity": "sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==", - "dev": true, - "requires": { - "safe-buffer": "^5.0.1" - } - }, - "tweetnacl": { - "version": "0.14.5", - "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz", - "integrity": "sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==", - "dev": true - }, - "type-fest": { - "version": "0.21.3", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", - "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==", - "dev": true - }, - "universalify": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", - "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==", - "dev": true - }, - "untildify": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/untildify/-/untildify-4.0.0.tgz", - "integrity": "sha512-KK8xQ1mkzZeg9inewmFVDNkg3l5LUhoq9kN6iWYB/CC9YMG8HA+c1Q8HwDe6dEX7kErrEVNVBO3fWsVq5iDgtw==", - "dev": true - }, - "url-parse": { - "version": "1.5.10", - "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", - "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", - "dev": true, - "requires": { - "querystringify": "^2.1.1", - "requires-port": "^1.0.0" - } - }, - "uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", - "dev": true - }, - "verror": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz", - "integrity": "sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==", - "dev": true, - "requires": { - "assert-plus": "^1.0.0", - "core-util-is": "1.0.2", - "extsprintf": "^1.2.0" - } - }, - "which": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", - "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", - "dev": true, - "requires": { - "isexe": "^2.0.0" - } - }, - "wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "requires": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - } - }, - "wrappy": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", - "dev": true - }, - "yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", - "dev": true - }, - "yauzl": { - "version": "2.10.0", - "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz", - "integrity": "sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==", - "dev": true, - "requires": { - "buffer-crc32": "~0.2.3", - "fd-slicer": "~1.1.0" - } - } - } -} From 6927306f70993aaee1ca6f75ebd2ab3984663027 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 24 Nov 2023 10:48:28 -0800 Subject: [PATCH 093/114] Finish SAML auth test suite Signed-off-by: Ryan Liang --- .cypress/e2e/saml/saml_auth_test.spec.js | 64 ++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/.cypress/e2e/saml/saml_auth_test.spec.js b/.cypress/e2e/saml/saml_auth_test.spec.js index 450f0752f..79fa0b736 100644 --- a/.cypress/e2e/saml/saml_auth_test.spec.js +++ b/.cypress/e2e/saml/saml_auth_test.spec.js @@ -59,4 +59,68 @@ describe('Log in via SAML', () => { cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); }); + + it('Login to app/dev_tools#/console when SAML is enabled', () => { + localStorage.setItem("opendistro::security::tenant::saved", "\"__user__\""); + localStorage.setItem("home:newThemeModal:show", "false"); + + cy.visit('http://localhost:5601/app/dev_tools#/console', { + failOnStatusCode: false, + timeout: 10000, + }); + + samlLogin(); + + cy.get('a.euiBreadcrumb--last', { timeout: 10000 }).contains('Dev Tools'); + cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + }); + + it('Login to Dashboard with Hash', () => { + localStorage.setItem("opendistro::security::tenant::saved", "\"__user__\""); + localStorage.setItem("home:newThemeModal:show", "false"); + + const urlWithHash = `http://localhost:5601/app/security-dashboards-plugin#/getstarted`; + + cy.visit(urlWithHash, { + failOnStatusCode: false, + timeout: 10000, + }); + + samlLogin(); + + cy.get('h1.euiTitle--large', { timeout: 10000 }).contains('Get started'); + cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + + }); + + it('Tenancy persisted after logout in SAML', () => { + localStorage.setItem("home:newThemeModal:show", "false"); + + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { + failOnStatusCode: false, + timeout: 10000, + }); + + samlLogin(); + + cy.get('#private', { timeout: 10000 }).should('be.enabled'); + cy.get('#private').click({ force: true }); + + cy.get('button[data-test-subj="confirm"]', { timeout: 10000 }).click(); + + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + + cy.get('button[id="user-icon-btn"]', { timeout: 10000 }).click(); + + cy.get('button[data-test-subj^="log-out-"]', { timeout: 10000 }).click(); + + samlLogin(); + + cy.get('#user-icon-btn', { timeout: 10000 }).should('be.visible'); + cy.get('#user-icon-btn').click(); + + cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + + cy.get('#tenantName', { timeout: 10000 }).should('have.text', 'Private'); + }); }); From 132357448e16c2abf737b330ec90a2a95db410d3 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 24 Nov 2023 10:49:34 -0800 Subject: [PATCH 094/114] Remove old saml auth test Signed-off-by: Ryan Liang --- test/jest_integration/saml_auth.test.ts | 374 ------------------------ 1 file changed, 374 deletions(-) delete mode 100644 test/jest_integration/saml_auth.test.ts diff --git a/test/jest_integration/saml_auth.test.ts b/test/jest_integration/saml_auth.test.ts deleted file mode 100644 index e48635e41..000000000 --- a/test/jest_integration/saml_auth.test.ts +++ /dev/null @@ -1,374 +0,0 @@ -/* - * Copyright OpenSearch Contributors - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -import * as osdTestServer from '../../../../src/core/test_helpers/osd_server'; -import { Root } from '../../../../src/core/server/root'; -import { resolve } from 'path'; -import { describe, expect, it, beforeAll, afterAll } from '@jest/globals'; -import { - ADMIN_CREDENTIALS, - OPENSEARCH_DASHBOARDS_SERVER_USER, - OPENSEARCH_DASHBOARDS_SERVER_PASSWORD, -} from '../constant'; -import wreck from '@hapi/wreck'; -import { Builder, By, until } from 'selenium-webdriver'; -import { Options } from 'selenium-webdriver/firefox'; -import { AuthType } from '../../common'; - -describe('start OpenSearch Dashboards server', () => { - let root: Root; - let config; - - // XPath Constants - const userIconBtnXPath = '//button[@id="user-icon-btn"]'; - const signInBtnXPath = '//*[@id="btn-sign-in"]'; - const skipWelcomeBtnXPath = '//button[@data-test-subj="skipWelcomeScreen"]'; - const tenantNameLabelXPath = '//*[@id="tenantName"]'; - const pageTitleXPath = '//*[@id="osdOverviewPageHeader__title"]'; - const tenantSwitchBtnXPath = '//button[@data-test-subj="switch-tenants"]'; - // Browser Settings - const browser = 'firefox'; - const options = new Options().headless(); - - beforeAll(async () => { - root = osdTestServer.createRootWithSettings( - { - plugins: { - scanDirs: [resolve(__dirname, '../..')], - }, - home: { disableWelcomeScreen: true }, - server: { - host: 'localhost', - port: 5601, - xsrf: { - whitelist: [ - '/_opendistro/_security/saml/acs/idpinitiated', - '/_opendistro/_security/saml/acs', - '/_opendistro/_security/saml/logout', - ], - }, - }, - logging: { - silent: true, - verbose: false, - }, - opensearch: { - hosts: ['https://localhost:9200'], - ignoreVersionMismatch: true, - ssl: { verificationMode: 'none' }, - username: OPENSEARCH_DASHBOARDS_SERVER_USER, - password: OPENSEARCH_DASHBOARDS_SERVER_PASSWORD, - requestHeadersWhitelist: ['authorization', 'securitytenant'], - }, - opensearch_security: { - auth: { - anonymous_auth_enabled: false, - type: AuthType.SAML, - }, - multitenancy: { - enabled: true, - tenants: { - enable_global: true, - enable_private: true, - preferred: ['Private', 'Global'], - }, - }, - }, - }, - { - // to make ignoreVersionMismatch setting work - // can be removed when we have corresponding ES version - dev: true, - } - ); - - console.log('Starting OpenSearchDashboards server..'); - await root.setup(); - await root.start(); - - await wreck.patch('https://localhost:9200/_plugins/_security/api/rolesmapping/all_access', { - payload: [ - { - op: 'add', - path: '/users', - value: ['saml.jackson@example.com'], - }, - ], - rejectUnauthorized: false, - headers: { - 'Content-Type': 'application/json', - authorization: ADMIN_CREDENTIALS, - }, - }); - console.log('Starting to Download Flights Sample Data'); - await wreck.post('http://localhost:5601/api/sample_data/flights', { - payload: {}, - rejectUnauthorized: false, - headers: { - 'Content-Type': 'application/json', - authorization: ADMIN_CREDENTIALS, - security_tenant: 'global', - }, - }); - console.log('Downloaded Sample Data'); - const getConfigResponse = await wreck.get( - 'https://localhost:9200/_plugins/_security/api/securityconfig', - { - rejectUnauthorized: false, - headers: { - authorization: ADMIN_CREDENTIALS, - }, - } - ); - const responseBody = (getConfigResponse.payload as Buffer).toString(); - config = JSON.parse(responseBody).config; - const samlConfig = { - http_enabled: true, - transport_enabled: false, - order: 5, - http_authenticator: { - challenge: true, - type: AuthType.SAML, - config: { - idp: { - metadata_url: 'http://localhost:7000/metadata', - entity_id: 'urn:example:idp', - }, - sp: { - entity_id: 'https://localhost:9200', - }, - kibana_url: 'http://localhost:5601', - exchange_key: '6aff3042-1327-4f3d-82f0-40a157ac4464', - }, - }, - authentication_backend: { - type: 'noop', - config: {}, - }, - }; - try { - config.dynamic!.authc!.saml_auth_domain = samlConfig; - config.dynamic!.authc!.basic_internal_auth_domain.http_authenticator.challenge = false; - config.dynamic!.http!.anonymous_auth_enabled = false; - await wreck.put('https://localhost:9200/_plugins/_security/api/securityconfig/config', { - payload: config, - rejectUnauthorized: false, - headers: { - 'Content-Type': 'application/json', - authorization: ADMIN_CREDENTIALS, - }, - }); - } catch (error) { - console.log('Got an error while updating security config!!', error.stack); - fail(error); - } - }); - - afterAll(async () => { - console.log('Remove the Sample Data'); - await wreck - .delete('http://localhost:5601/api/sample_data/flights', { - rejectUnauthorized: false, - headers: { - 'Content-Type': 'application/json', - authorization: ADMIN_CREDENTIALS, - }, - }) - .then((value) => { - Promise.resolve(value); - }) - .catch((value) => { - Promise.resolve(value); - }); - console.log('Remove the Role Mapping'); - await wreck - .patch('https://localhost:9200/_plugins/_security/api/rolesmapping/all_access', { - payload: [ - { - op: 'remove', - path: '/users', - users: ['saml.jackson@example.com'], - }, - ], - rejectUnauthorized: false, - headers: { - 'Content-Type': 'application/json', - authorization: ADMIN_CREDENTIALS, - }, - }) - .then((value) => { - Promise.resolve(value); - }) - .catch((value) => { - Promise.resolve(value); - }); - console.log('Remove the Security Config'); - await wreck - .patch('https://localhost:9200/_plugins/_security/api/securityconfig', { - payload: [ - { - op: 'remove', - path: '/config/dynamic/authc/saml_auth_domain', - }, - ], - rejectUnauthorized: false, - headers: { - 'Content-Type': 'application/json', - authorization: ADMIN_CREDENTIALS, - }, - }) - .then((value) => { - Promise.resolve(value); - }) - .catch((value) => { - Promise.resolve(value); - }); - // shutdown OpenSearchDashboards server - await root.shutdown(); - }); - - it('Login to app/opensearch_dashboards_overview#/ when SAML is enabled', async () => { - const driver = getDriver(browser, options).build(); - await driver.get('http://localhost:5601/app/opensearch_dashboards_overview#/'); - await driver.findElement(By.id('btn-sign-in')).click(); - await driver.wait(until.elementsLocated(By.xpath(pageTitleXPath)), 10000); - - const cookie = await driver.manage().getCookies(); - expect(cookie.length).toEqual(3); - await driver.manage().deleteAllCookies(); - await driver.quit(); - }); - - it('Login to app/dev_tools#/console when SAML is enabled', async () => { - const driver = getDriver(browser, options).build(); - await driver.get('http://localhost:5601/app/dev_tools#/console'); - await driver.findElement(By.id('btn-sign-in')).click(); - - await driver.wait( - until.elementsLocated(By.xpath('//*[@data-test-subj="sendRequestButton"]')), - 10000 - ); - - const cookie = await driver.manage().getCookies(); - expect(cookie.length).toEqual(3); - await driver.manage().deleteAllCookies(); - await driver.quit(); - }); - - it('Login to Dashboard with Hash', async () => { - const urlWithHash = `http://localhost:5601/app/security-dashboards-plugin#/getstarted`; - const driver = getDriver(browser, options).build(); - await driver.manage().deleteAllCookies(); - await driver.get(urlWithHash); - await driver.findElement(By.xpath(signInBtnXPath)).click(); - // TODO Use a better XPath. - await driver.wait( - until.elementsLocated(By.xpath('/html/body/div[1]/div/header/div/div[2]')), - 20000 - ); - const windowHash = await driver.getCurrentUrl(); - expect(windowHash).toEqual(urlWithHash); - const cookie = await driver.manage().getCookies(); - expect(cookie.length).toEqual(3); - await driver.manage().deleteAllCookies(); - await driver.quit(); - }); - - it.skip('Tenancy persisted after Logout in SAML', async () => { - const driver = getDriver(browser, options).build(); - - await driver.get('http://localhost:5601/app/opensearch_dashboards_overview#/'); - - await driver.findElement(By.xpath(signInBtnXPath)).click(); - - await driver.wait(until.elementsLocated(By.xpath(pageTitleXPath)), 10000); - - await driver.wait( - until.elementsLocated(By.xpath('//button[@aria-label="Closes this modal window"]')), - 10000 - ); - - // Select Global Tenant Radio Button - const radio = await driver.findElement(By.xpath('//input[@id="global"]')); - await driver.executeScript('arguments[0].scrollIntoView(true);', radio); - await driver.executeScript('arguments[0].click();', radio); - - await driver.wait(until.elementIsSelected(radio)); - - await driver.findElement(By.xpath('//button[@data-test-subj="confirm"]')).click(); - - await driver.wait(until.elementsLocated(By.xpath(userIconBtnXPath)), 10000); - - await driver.findElement(By.xpath(userIconBtnXPath)).click(); - - await driver.findElement(By.xpath('//*[@data-test-subj="log-out-1"]')).click(); - - // RELOGIN AND CHECK TENANT - - await driver.wait(until.elementsLocated(By.xpath(signInBtnXPath)), 10000); - - await driver.findElement(By.xpath(signInBtnXPath)).click(); - - await driver.wait(until.elementsLocated(By.xpath(skipWelcomeBtnXPath)), 10000); - - await driver.findElement(By.xpath(skipWelcomeBtnXPath)).click(); - - await driver.findElement(By.xpath(userIconBtnXPath)).click(); - - await driver.wait(until.elementsLocated(By.xpath(tenantNameLabelXPath)), 10000); - - const tenantName = await driver.findElement(By.xpath(tenantNameLabelXPath)).getText(); - const localStorageItem = await driver.executeScript( - `return window.localStorage.getItem("opendistro::security::tenant::saved")` - ); - - // Retry previous steps one more time if the webdriver doens't reload as expected - if (tenantName === 'Private' && localStorageItem === '""') { - await driver.wait(until.elementsLocated(By.xpath(tenantSwitchBtnXPath)), 10000); - await driver.findElement(By.xpath(tenantSwitchBtnXPath)).click(); - - await driver.executeScript('arguments[0].scrollIntoView(true);', radio); - await driver.executeScript('arguments[0].click();', radio); - await driver.wait(until.elementIsSelected(radio)); - - await driver.findElement(By.xpath('//button[@data-test-subj="confirm"]')).click(); - - await driver.wait(until.elementsLocated(By.xpath(userIconBtnXPath)), 10000); - await driver.findElement(By.xpath(userIconBtnXPath)).click(); - await driver.findElement(By.xpath('//*[@data-test-subj="log-out-1"]')).click(); - - await driver.wait(until.elementsLocated(By.xpath(signInBtnXPath)), 10000); - await driver.findElement(By.xpath(signInBtnXPath)).click(); - - await driver.wait(until.elementsLocated(By.xpath(userIconBtnXPath)), 10000); - await driver.findElement(By.xpath(userIconBtnXPath)).click(); - await driver.wait(until.elementsLocated(By.xpath(tenantNameLabelXPath)), 10000); - - const newtenantName = await driver.findElement(By.xpath(tenantNameLabelXPath)).getText(); - expect(newtenantName).toEqual('Global'); - } else { - expect(localStorageItem).toEqual('""'); - expect(tenantName).toEqual('Global'); - } - await driver.manage().deleteAllCookies(); - await driver.quit(); - - expect(localStorageItem).toEqual('""'); - }); -}); - -function getDriver(browser: string, options: Options) { - return new Builder().forBrowser(browser).setFirefoxOptions(options); -} From beced89c288b356a288a68c83836aa7a910d94b6 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 24 Nov 2023 10:51:02 -0800 Subject: [PATCH 095/114] Address comment Signed-off-by: Ryan Liang --- .eslintrc.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.eslintrc.js b/.eslintrc.js index 8e41abff4..5e176b8bb 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -13,7 +13,7 @@ const LICENSE_HEADER = ` * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ -`; +` module.exports = { root: true, From 88b1e6523f40b22601f1ab2802a04113e76795c4 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Fri, 24 Nov 2023 10:54:55 -0800 Subject: [PATCH 096/114] Add more security commands Signed-off-by: Ryan Liang --- .cypress/support/commands.js | 27 +++++++++++++++++++++ .cypress/support/index.d.ts | 46 ++++++++++++++++++++++++++++++++---- 2 files changed, 68 insertions(+), 5 deletions(-) diff --git a/.cypress/support/commands.js b/.cypress/support/commands.js index dcd94d171..fa6b6e6c7 100644 --- a/.cypress/support/commands.js +++ b/.cypress/support/commands.js @@ -41,6 +41,33 @@ Cypress.Commands.overwrite('request', (originalFn, ...args) => { return originalFn(Object.assign({}, defaults, options)); }); +Cypress.Commands.add('createTenant', (tenantID, tenantJson) => { + cy.request( + 'PUT', + `${Cypress.env('openSearchUrl')}${SEC_API.TENANTS_BASE}/${tenantID}`, + tenantJson + ); + cy.wait(10000); +}); + +Cypress.Commands.add('createInternalUser', (userID, userJson) => { + cy.request( + 'PUT', + `${Cypress.env('openSearchUrl')}${SEC_API.INTERNALUSERS_BASE}/${userID}`, + userJson + ); + cy.wait(10000); +}); + +Cypress.Commands.add('createRole', (roleID, roleJson) => { + cy.request( + 'PUT', + `${Cypress.env('openSearchUrl')}${SEC_API.ROLE_BASE}/${roleID}`, + roleJson + ); + cy.wait(10000); +}); + Cypress.Commands.add('createRoleMapping', (roleID, rolemappingJson) => { cy.request( 'PUT', diff --git a/.cypress/support/index.d.ts b/.cypress/support/index.d.ts index 3a6ba4f71..e54a2991c 100644 --- a/.cypress/support/index.d.ts +++ b/.cypress/support/index.d.ts @@ -2,15 +2,51 @@ /// declare namespace Cypress { + interface Chainable { + /** + * Create a test tenant by calling REST API + * @example + * cy.createTenant('test_tenant', tenantJsonFixture ) + */ + createTenant( + tenantID: string, + tenantJson: string + ): Chainable; + } + + interface Chainable { + /** + * Create an internal user by calling REST API + * @example + * cy.createInternalUser('test_user', userJsonFixture ) + */ + createInternalUser( + userID: string, + userJson: string + ): Chainable; + } + + interface Chainable { + /** + * Create a role by calling REST API + * @example + * cy.createRole('role_name', roleJsonFixture ) + */ + createRole( + roleID: string, + roleJson: string + ): Chainable; + } + interface Chainable { /** * Create a role mapping by calling REST API * @example * cy.createRoleMapping('role_name', rolemappingJsonFixture ) */ - createRoleMapping( - roleID: string, - rolemappingJson: string - ): Chainable; + createRoleMapping( + roleID: string, + rolemappingJson: string + ): Chainable; } -} \ No newline at end of file +} From 57db33e4157364ac23cfc802b40470b8f5df5205 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Mon, 27 Nov 2023 13:29:38 -0800 Subject: [PATCH 097/114] Add response code check instead of wait Signed-off-by: Ryan Liang --- .cypress/support/commands.js | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/.cypress/support/commands.js b/.cypress/support/commands.js index fa6b6e6c7..2c2dcc8f4 100644 --- a/.cypress/support/commands.js +++ b/.cypress/support/commands.js @@ -46,8 +46,9 @@ Cypress.Commands.add('createTenant', (tenantID, tenantJson) => { 'PUT', `${Cypress.env('openSearchUrl')}${SEC_API.TENANTS_BASE}/${tenantID}`, tenantJson - ); - cy.wait(10000); + ).then((response) => { + expect(response.status).to.eq(200); + }); }); Cypress.Commands.add('createInternalUser', (userID, userJson) => { @@ -55,8 +56,9 @@ Cypress.Commands.add('createInternalUser', (userID, userJson) => { 'PUT', `${Cypress.env('openSearchUrl')}${SEC_API.INTERNALUSERS_BASE}/${userID}`, userJson - ); - cy.wait(10000); + ).then((response) => { + expect(response.status).to.eq(200); + }); }); Cypress.Commands.add('createRole', (roleID, roleJson) => { @@ -64,8 +66,9 @@ Cypress.Commands.add('createRole', (roleID, roleJson) => { 'PUT', `${Cypress.env('openSearchUrl')}${SEC_API.ROLE_BASE}/${roleID}`, roleJson - ); - cy.wait(10000); + ).then((response) => { + expect(response.status).to.eq(200); + }); }); Cypress.Commands.add('createRoleMapping', (roleID, rolemappingJson) => { @@ -73,6 +76,7 @@ Cypress.Commands.add('createRoleMapping', (roleID, rolemappingJson) => { 'PUT', `${Cypress.env('openSearchUrl')}${SEC_API.ROLE_MAPPING_BASE}/${roleID}`, rolemappingJson - ); - cy.wait(10000); + ).then((response) => { + expect(response.status).to.eq(200); + }); }); From e8ffb58689124eadd537e1126a68ec23612e2fe5 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Mon, 27 Nov 2023 21:21:40 -0800 Subject: [PATCH 098/114] Change the oidc backend config injection to use echo instead of yq Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 53 ++++++++++++++++----- 1 file changed, 40 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 5f3111d04..490af1ad6 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -99,20 +99,47 @@ jobs: - name: Injecting OIDC Configuration for Linux if: ${{ runner.os == 'Linux'}} run: | - echo "Injecting OIDC configuration" + echo "Creating new SAML configuration" + pwd cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ - wget -O yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 - chmod +x yq - yq -i ".config.dynamic.authc.openid_auth_domain.http_enabled = true" config.yml - yq -i ".config.dynamic.authc.openid_auth_domain.transport_enabled = true" config.yml - yq -i ".config.dynamic.authc.openid_auth_domain.order = 1" config.yml - yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.type = \"openid\"" config.yml - yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.challenge = false" config.yml - yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.subject_key = \"preferred_username\"" config.yml - yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.roles_key = \"roles\"" config.yml - yq -i ".config.dynamic.authc.openid_auth_domain.http_authenticator.config.openid_connect_url = \"http://localhost:8080/auth/realms/master/.well-known/openid-configuration\"" config.yml - yq -i ".config.dynamic.authc.openid_auth_domain.authentication_backend.type = \"noop\"" config.yml - cd ../../.. + rm -rf config.yml + ls + cat << 'EOT' > config.yml + --- + _meta: + type: "config" + config_version: 2 + config: + dynamic: + http: + anonymous_auth_enabled: false + authc: + basic_internal_auth_domain: + description: "Authenticate via HTTP Basic against internal users database" + http_enabled: true + transport_enabled: true + order: 0 + http_authenticator: + type: basic + challenge: false + authentication_backend: + type: intern + openid_auth_domain: + http_enabled: true + transport_enabled: true + order: 1 + http_authenticator: + type: openid + challenge: false + config: + subject_key: preferred_username + roles_key: roles + openid_connect_url: http://localhost:8080/auth/realms/master/.well-known/openid-configuration + authentication_backend: + type: noop + EOT + echo "THIS IS THE SECURITY CONFIG FILE: " + cat config.yml # TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT - name: Write password to initialAdminPassword location From b8990803ca141cc0a815f0d2a3468723edc22653 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 09:21:11 -0800 Subject: [PATCH 099/114] Remove timeout Signed-off-by: Ryan Liang --- .cypress/e2e/oidc/oidc_auth_test.spec.js | 34 +++++++++++----------- .cypress/e2e/saml/saml_auth_test.spec.js | 36 +++++++++++------------- 2 files changed, 33 insertions(+), 37 deletions(-) diff --git a/.cypress/e2e/oidc/oidc_auth_test.spec.js b/.cypress/e2e/oidc/oidc_auth_test.spec.js index 3f53a11a5..fde4e6e47 100644 --- a/.cypress/e2e/oidc/oidc_auth_test.spec.js +++ b/.cypress/e2e/oidc/oidc_auth_test.spec.js @@ -31,16 +31,15 @@ describe('Log in via OIDC', () => { }); const kcLogin = () => { - cy.get('#kc-page-title', { timeout: 15000 }).should('be.visible'); - cy.get('input[id=username]', { timeout: 15000}).should('be.visible').type(login); - cy.get('input[id=password]', { timeout: 15000}).should('be.visible').type(password); + cy.get('#kc-page-title').should('be.visible'); + cy.get('input[id=username]').should('be.visible').type(login); + cy.get('input[id=password]').should('be.visible').type(password); cy.get('#kc-login').click(); }; it('Login to app/opensearch_dashboards_overview#/ when OIDC is enabled', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { failOnStatusCode: false, - timeout: 10000, }); kcLogin(); @@ -49,16 +48,15 @@ describe('Log in via OIDC', () => { localStorage.setItem("opendistro::security::tenant::saved", "\"\""); localStorage.setItem("home:newThemeModal:show", "false"); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + cy.get('#osdOverviewPageHeader__title').should('be.visible'); - cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + cy.getCookie('security_authentication').should('exist'); }); }); it('Login to app/dev_tools#/console when OIDC is enabled', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { failOnStatusCode: false, - timeout: 10000, }); kcLogin(); @@ -71,7 +69,7 @@ describe('Log in via OIDC', () => { cy.get('a').contains('Dev Tools').should('be.visible'); - cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + cy.getCookie('security_authentication').should('exist'); }); }); @@ -86,41 +84,43 @@ describe('Log in via OIDC', () => { localStorage.setItem("opendistro::security::tenant::saved", "\"\""); localStorage.setItem("home:newThemeModal:show", "false"); - cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader', { timeout: 10000 }).should('be.visible'); + cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader').should('be.visible'); cy.getCookie('security_authentication').should('exist'); }); }); it('Tenancy persisted after logout in OIDC', () => { - cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, timeout: 10000 }); + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { + failOnStatusCode: false, + }); kcLogin(); cy.origin('http://localhost:5601', () => { localStorage.setItem("home:newThemeModal:show", "false"); - cy.get('#private', { timeout: 10000 }).should('be.enabled'); + cy.get('#private').should('be.enabled'); cy.get('#private').click({ force: true }); cy.get('button[data-test-subj="confirm"]').click(); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + cy.get('#osdOverviewPageHeader__title').should('be.visible'); - cy.get('button[id="user-icon-btn"]', { timeout: 10000 }).click(); + cy.get('button[id="user-icon-btn"]').click(); - cy.get('button[data-test-subj^="log-out-"]', { timeout: 10000 }).click(); + cy.get('button[data-test-subj^="log-out-"]').click(); }); kcLogin(); cy.origin('http://localhost:5601', () => { - cy.get('#user-icon-btn', { timeout: 10000 }).should('be.visible'); + cy.get('#user-icon-btn').should('be.visible'); cy.get('#user-icon-btn').click(); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + cy.get('#osdOverviewPageHeader__title').should('be.visible'); - cy.get('#tenantName', { timeout: 10000 }).should('have.text', 'Private'); + cy.get('#tenantName').should('have.text', 'Private'); }); }); }); diff --git a/.cypress/e2e/saml/saml_auth_test.spec.js b/.cypress/e2e/saml/saml_auth_test.spec.js index 79fa0b736..b5060a186 100644 --- a/.cypress/e2e/saml/saml_auth_test.spec.js +++ b/.cypress/e2e/saml/saml_auth_test.spec.js @@ -41,8 +41,8 @@ afterEach(() => { describe('Log in via SAML', () => { const samlLogin = () => { - cy.get('input[id=userName]', { timeout: 15000}).should('be.visible'); - cy.get('button[id=btn-sign-in]', { timeout: 15000 }).should('be.visible').click(); + cy.get('input[id=userName]').should('be.visible'); + cy.get('button[id=btn-sign-in]').should('be.visible').click(); }; it('Login to app/opensearch_dashboards_overview#/ when SAML is enabled', () => { @@ -51,13 +51,12 @@ describe('Log in via SAML', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { failOnStatusCode: false, - timeout: 10000, }); samlLogin(); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); - cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + cy.get('#osdOverviewPageHeader__title').should('be.visible'); + cy.getCookie('security_authentication').should('exist'); }); it('Login to app/dev_tools#/console when SAML is enabled', () => { @@ -66,13 +65,12 @@ describe('Log in via SAML', () => { cy.visit('http://localhost:5601/app/dev_tools#/console', { failOnStatusCode: false, - timeout: 10000, }); samlLogin(); - cy.get('a.euiBreadcrumb--last', { timeout: 10000 }).contains('Dev Tools'); - cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + cy.get('a.euiBreadcrumb--last').contains('Dev Tools'); + cy.getCookie('security_authentication').should('exist'); }); it('Login to Dashboard with Hash', () => { @@ -83,13 +81,12 @@ describe('Log in via SAML', () => { cy.visit(urlWithHash, { failOnStatusCode: false, - timeout: 10000, }); samlLogin(); - cy.get('h1.euiTitle--large', { timeout: 10000 }).contains('Get started'); - cy.getCookie('security_authentication', { timeout: 10000 }).should('exist'); + cy.get('h1.euiTitle--large').contains('Get started'); + cy.getCookie('security_authentication').should('exist'); }); @@ -98,29 +95,28 @@ describe('Log in via SAML', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { failOnStatusCode: false, - timeout: 10000, }); samlLogin(); - cy.get('#private', { timeout: 10000 }).should('be.enabled'); + cy.get('#private').should('be.enabled'); cy.get('#private').click({ force: true }); - cy.get('button[data-test-subj="confirm"]', { timeout: 10000 }).click(); + cy.get('button[data-test-subj="confirm"]').click(); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + cy.get('#osdOverviewPageHeader__title').should('be.visible'); - cy.get('button[id="user-icon-btn"]', { timeout: 10000 }).click(); + cy.get('button[id="user-icon-btn"]').click(); - cy.get('button[data-test-subj^="log-out-"]', { timeout: 10000 }).click(); + cy.get('button[data-test-subj^="log-out-"]').click(); samlLogin(); - cy.get('#user-icon-btn', { timeout: 10000 }).should('be.visible'); + cy.get('#user-icon-btn').should('be.visible'); cy.get('#user-icon-btn').click(); - cy.get('#osdOverviewPageHeader__title', { timeout: 10000 }).should('be.visible'); + cy.get('#osdOverviewPageHeader__title').should('be.visible'); - cy.get('#tenantName', { timeout: 10000 }).should('have.text', 'Private'); + cy.get('#tenantName').should('have.text', 'Private'); }); }); From 9c5dcd3c62906b724b14df81df207b69b33dcab6 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 09:40:00 -0800 Subject: [PATCH 100/114] rename the cypress dir and fix lint Signed-off-by: Ryan Liang --- .cypress/support/index.d.ts | 52 ------------------ cypress.config.js | 8 +-- .../e2e/oidc/oidc_auth_test.spec.js | 39 +++++++------ .../e2e/saml/saml_auth_test.spec.js | 25 ++++----- .../fixtures/saml/samlUserRoleMappiing.json | 0 {.cypress => cypress}/support/commands.js | 22 ++++---- {.cypress => cypress}/support/constants.js | 0 {.cypress => cypress}/support/e2e.js | 0 cypress/support/index.d.ts | 55 +++++++++++++++++++ 9 files changed, 100 insertions(+), 101 deletions(-) delete mode 100644 .cypress/support/index.d.ts rename {.cypress => cypress}/e2e/oidc/oidc_auth_test.spec.js (85%) rename {.cypress => cypress}/e2e/saml/saml_auth_test.spec.js (85%) rename {.cypress => cypress}/fixtures/saml/samlUserRoleMappiing.json (100%) rename {.cypress => cypress}/support/commands.js (84%) rename {.cypress => cypress}/support/constants.js (100%) rename {.cypress => cypress}/support/e2e.js (100%) create mode 100644 cypress/support/index.d.ts diff --git a/.cypress/support/index.d.ts b/.cypress/support/index.d.ts deleted file mode 100644 index e54a2991c..000000000 --- a/.cypress/support/index.d.ts +++ /dev/null @@ -1,52 +0,0 @@ -// type definitions for custom commands like "createDefaultTodos" -/// - -declare namespace Cypress { - interface Chainable { - /** - * Create a test tenant by calling REST API - * @example - * cy.createTenant('test_tenant', tenantJsonFixture ) - */ - createTenant( - tenantID: string, - tenantJson: string - ): Chainable; - } - - interface Chainable { - /** - * Create an internal user by calling REST API - * @example - * cy.createInternalUser('test_user', userJsonFixture ) - */ - createInternalUser( - userID: string, - userJson: string - ): Chainable; - } - - interface Chainable { - /** - * Create a role by calling REST API - * @example - * cy.createRole('role_name', roleJsonFixture ) - */ - createRole( - roleID: string, - roleJson: string - ): Chainable; - } - - interface Chainable { - /** - * Create a role mapping by calling REST API - * @example - * cy.createRoleMapping('role_name', rolemappingJsonFixture ) - */ - createRoleMapping( - roleID: string, - rolemappingJson: string - ): Chainable; - } -} diff --git a/cypress.config.js b/cypress.config.js index 77941deca..dd03c02d8 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -16,16 +16,16 @@ const { defineConfig } = require('cypress'); module.exports = defineConfig({ - screenshotsFolder: '.cypress/screenshots', - downloadsFolder: '.cypress/downloads', + screenshotsFolder: 'cypress/screenshots', + downloadsFolder: 'cypress/downloads', defaultCommandTimeout: 60000, requestTimeout: 60000, responseTimeout: 60000, e2e: { setupNodeEvents(on, config) {}, - supportFile: '.cypress/support/e2e.js', + supportFile: 'cypress/support/e2e.js', baseUrl: 'http://localhost:5601', - specPattern: '.cypress/e2e/**/*.spec.js', + specPattern: 'cypress/e2e/**/*.spec.js', }, env: { openSearchUrl: 'https://localhost:9200', diff --git a/.cypress/e2e/oidc/oidc_auth_test.spec.js b/cypress/e2e/oidc/oidc_auth_test.spec.js similarity index 85% rename from .cypress/e2e/oidc/oidc_auth_test.spec.js rename to cypress/e2e/oidc/oidc_auth_test.spec.js index fde4e6e47..b4c5c80d2 100644 --- a/.cypress/e2e/oidc/oidc_auth_test.spec.js +++ b/cypress/e2e/oidc/oidc_auth_test.spec.js @@ -22,7 +22,6 @@ const login = 'admin'; const password = 'admin'; describe('Log in via OIDC', () => { - afterEach(() => { cy.origin('http://localhost:5601', () => { cy.clearCookies(); @@ -41,15 +40,15 @@ describe('Log in via OIDC', () => { cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { failOnStatusCode: false, }); - + kcLogin(); cy.origin('http://localhost:5601', () => { - localStorage.setItem("opendistro::security::tenant::saved", "\"\""); - localStorage.setItem("home:newThemeModal:show", "false"); + localStorage.setItem('opendistro::security::tenant::saved', '""'); + localStorage.setItem('home:newThemeModal:show', 'false'); cy.get('#osdOverviewPageHeader__title').should('be.visible'); - + cy.getCookie('security_authentication').should('exist'); }); }); @@ -62,13 +61,13 @@ describe('Log in via OIDC', () => { kcLogin(); cy.origin('http://localhost:5601', () => { - localStorage.setItem("opendistro::security::tenant::saved", "\"\""); - localStorage.setItem("home:newThemeModal:show", "false"); + localStorage.setItem('opendistro::security::tenant::saved', '""'); + localStorage.setItem('home:newThemeModal:show', 'false'); cy.visit('http://localhost:5601/app/dev_tools#/console'); - + cy.get('a').contains('Dev Tools').should('be.visible'); - + cy.getCookie('security_authentication').should('exist'); }); }); @@ -81,8 +80,8 @@ describe('Log in via OIDC', () => { kcLogin(); cy.origin('http://localhost:5601', () => { - localStorage.setItem("opendistro::security::tenant::saved", "\"\""); - localStorage.setItem("home:newThemeModal:show", "false"); + localStorage.setItem('opendistro::security::tenant::saved', '""'); + localStorage.setItem('home:newThemeModal:show', 'false'); cy.get('.euiHeader.euiHeader--default.euiHeader--fixed.primaryHeader').should('be.visible'); @@ -91,33 +90,33 @@ describe('Log in via OIDC', () => { }); it('Tenancy persisted after logout in OIDC', () => { - cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { + cy.visit('http://localhost:5601/app/opensearch_dashboards_overview#/', { failOnStatusCode: false, }); kcLogin(); cy.origin('http://localhost:5601', () => { - localStorage.setItem("home:newThemeModal:show", "false"); + localStorage.setItem('home:newThemeModal:show', 'false'); cy.get('#private').should('be.enabled'); cy.get('#private').click({ force: true }); cy.get('button[data-test-subj="confirm"]').click(); - + cy.get('#osdOverviewPageHeader__title').should('be.visible'); - + cy.get('button[id="user-icon-btn"]').click(); cy.get('button[data-test-subj^="log-out-"]').click(); - }); + }); + + kcLogin(); - kcLogin(); - - cy.origin('http://localhost:5601', () => { + cy.origin('http://localhost:5601', () => { cy.get('#user-icon-btn').should('be.visible'); cy.get('#user-icon-btn').click(); - + cy.get('#osdOverviewPageHeader__title').should('be.visible'); cy.get('#tenantName').should('have.text', 'Private'); diff --git a/.cypress/e2e/saml/saml_auth_test.spec.js b/cypress/e2e/saml/saml_auth_test.spec.js similarity index 85% rename from .cypress/e2e/saml/saml_auth_test.spec.js rename to cypress/e2e/saml/saml_auth_test.spec.js index b5060a186..925256ee8 100644 --- a/.cypress/e2e/saml/saml_auth_test.spec.js +++ b/cypress/e2e/saml/saml_auth_test.spec.js @@ -20,7 +20,7 @@ import { ALL_ACCESS_ROLE } from '../../support/constants'; -import samlUserRoleMapping from '../../fixtures/saml/samlUserRoleMappiing.json' +import samlUserRoleMapping from '../../fixtures/saml/samlUserRoleMappiing.json'; before(() => { cy.intercept('https://localhost:9200'); @@ -46,13 +46,13 @@ describe('Log in via SAML', () => { }; it('Login to app/opensearch_dashboards_overview#/ when SAML is enabled', () => { - localStorage.setItem("opendistro::security::tenant::saved", "\"__user__\""); - localStorage.setItem("home:newThemeModal:show", "false"); + localStorage.setItem('opendistro::security::tenant::saved', '"__user__"'); + localStorage.setItem('home:newThemeModal:show', 'false'); cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { failOnStatusCode: false, }); - + samlLogin(); cy.get('#osdOverviewPageHeader__title').should('be.visible'); @@ -60,13 +60,13 @@ describe('Log in via SAML', () => { }); it('Login to app/dev_tools#/console when SAML is enabled', () => { - localStorage.setItem("opendistro::security::tenant::saved", "\"__user__\""); - localStorage.setItem("home:newThemeModal:show", "false"); + localStorage.setItem('opendistro::security::tenant::saved', '"__user__"'); + localStorage.setItem('home:newThemeModal:show', 'false'); cy.visit('http://localhost:5601/app/dev_tools#/console', { failOnStatusCode: false, }); - + samlLogin(); cy.get('a.euiBreadcrumb--last').contains('Dev Tools'); @@ -74,24 +74,23 @@ describe('Log in via SAML', () => { }); it('Login to Dashboard with Hash', () => { - localStorage.setItem("opendistro::security::tenant::saved", "\"__user__\""); - localStorage.setItem("home:newThemeModal:show", "false"); + localStorage.setItem('opendistro::security::tenant::saved', '"__user__"'); + localStorage.setItem('home:newThemeModal:show', 'false'); const urlWithHash = `http://localhost:5601/app/security-dashboards-plugin#/getstarted`; cy.visit(urlWithHash, { failOnStatusCode: false, }); - + samlLogin(); cy.get('h1.euiTitle--large').contains('Get started'); cy.getCookie('security_authentication').should('exist'); - }); it('Tenancy persisted after logout in SAML', () => { - localStorage.setItem("home:newThemeModal:show", "false"); + localStorage.setItem('home:newThemeModal:show', 'false'); cy.visit('http://localhost:5601/app/opensearch_dashboards_overview', { failOnStatusCode: false, @@ -103,7 +102,7 @@ describe('Log in via SAML', () => { cy.get('#private').click({ force: true }); cy.get('button[data-test-subj="confirm"]').click(); - + cy.get('#osdOverviewPageHeader__title').should('be.visible'); cy.get('button[id="user-icon-btn"]').click(); diff --git a/.cypress/fixtures/saml/samlUserRoleMappiing.json b/cypress/fixtures/saml/samlUserRoleMappiing.json similarity index 100% rename from .cypress/fixtures/saml/samlUserRoleMappiing.json rename to cypress/fixtures/saml/samlUserRoleMappiing.json diff --git a/.cypress/support/commands.js b/cypress/support/commands.js similarity index 84% rename from .cypress/support/commands.js rename to cypress/support/commands.js index 2c2dcc8f4..ade3591cf 100644 --- a/.cypress/support/commands.js +++ b/cypress/support/commands.js @@ -18,18 +18,18 @@ * SPDX-License-Identifier: Apache-2.0 */ -import { SEC_API, ADMIN_AUTH } from "./constants"; +import { SEC_API, ADMIN_AUTH } from './constants'; /** * Overwrite request command to support authentication similar to visit. * The request function parameters can be url, or (method, url), or (method, url, body). */ Cypress.Commands.overwrite('request', (originalFn, ...args) => { - let defaults = {}; - defaults.auth = ADMIN_AUTH; + const defaults = {}; + defaults.auth = ADMIN_AUTH; let options = {}; if (typeof args[0] === 'object' && args[0] !== null) { - options = Object.assign({}, args[0]); + options = { ...args[0] }; } else if (args.length === 1) { [options.url] = args; } else if (args.length === 2) { @@ -38,7 +38,7 @@ Cypress.Commands.overwrite('request', (originalFn, ...args) => { [options.method, options.url, options.body] = args; } - return originalFn(Object.assign({}, defaults, options)); + return originalFn({ ...defaults, ...options }); }); Cypress.Commands.add('createTenant', (tenantID, tenantJson) => { @@ -62,13 +62,11 @@ Cypress.Commands.add('createInternalUser', (userID, userJson) => { }); Cypress.Commands.add('createRole', (roleID, roleJson) => { - cy.request( - 'PUT', - `${Cypress.env('openSearchUrl')}${SEC_API.ROLE_BASE}/${roleID}`, - roleJson - ).then((response) => { - expect(response.status).to.eq(200); - }); + cy.request('PUT', `${Cypress.env('openSearchUrl')}${SEC_API.ROLE_BASE}/${roleID}`, roleJson).then( + (response) => { + expect(response.status).to.eq(200); + } + ); }); Cypress.Commands.add('createRoleMapping', (roleID, rolemappingJson) => { diff --git a/.cypress/support/constants.js b/cypress/support/constants.js similarity index 100% rename from .cypress/support/constants.js rename to cypress/support/constants.js diff --git a/.cypress/support/e2e.js b/cypress/support/e2e.js similarity index 100% rename from .cypress/support/e2e.js rename to cypress/support/e2e.js diff --git a/cypress/support/index.d.ts b/cypress/support/index.d.ts new file mode 100644 index 000000000..61362a8c4 --- /dev/null +++ b/cypress/support/index.d.ts @@ -0,0 +1,55 @@ +/* + * Copyright OpenSearch Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +// type definitions for custom commands like "createDefaultTodos" +// / + +declare namespace Cypress { + interface Chainable { + /** + * Create a test tenant by calling REST API + * @example + * cy.createTenant('test_tenant', tenantJsonFixture ) + */ + createTenant(tenantID: string, tenantJson: string): Chainable; + } + + interface Chainable { + /** + * Create an internal user by calling REST API + * @example + * cy.createInternalUser('test_user', userJsonFixture ) + */ + createInternalUser(userID: string, userJson: string): Chainable; + } + + interface Chainable { + /** + * Create a role by calling REST API + * @example + * cy.createRole('role_name', roleJsonFixture ) + */ + createRole(roleID: string, roleJson: string): Chainable; + } + + interface Chainable { + /** + * Create a role mapping by calling REST API + * @example + * cy.createRoleMapping('role_name', rolemappingJsonFixture ) + */ + createRoleMapping(roleID: string, rolemappingJson: string): Chainable; + } +} From 7b1d7497bcada651d8523d3546e1d15b25fc1ff5 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 10:01:15 -0800 Subject: [PATCH 101/114] Relocating cypress into test dir and change the related dir in gitignore Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- .github/workflows/cypress-test-saml-e2e.yml | 2 +- .gitignore | 4 ++-- cypress.config.js | 8 ++++---- {cypress => test/cypress}/e2e/oidc/oidc_auth_test.spec.js | 0 {cypress => test/cypress}/e2e/saml/saml_auth_test.spec.js | 0 .../cypress}/fixtures/saml/samlUserRoleMappiing.json | 0 {cypress => test/cypress}/support/commands.js | 0 {cypress => test/cypress}/support/constants.js | 0 {cypress => test/cypress}/support/e2e.js | 0 {cypress => test/cypress}/support/index.d.ts | 0 11 files changed, 8 insertions(+), 8 deletions(-) rename {cypress => test/cypress}/e2e/oidc/oidc_auth_test.spec.js (100%) rename {cypress => test/cypress}/e2e/saml/saml_auth_test.spec.js (100%) rename {cypress => test/cypress}/fixtures/saml/samlUserRoleMappiing.json (100%) rename {cypress => test/cypress}/support/commands.js (100%) rename {cypress => test/cypress}/support/constants.js (100%) rename {cypress => test/cypress}/support/e2e.js (100%) rename {cypress => test/cypress}/support/index.d.ts (100%) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 490af1ad6..6f6a025e9 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -216,4 +216,4 @@ jobs: - name: Run Cypress run : | yarn add cypress --save-dev - yarn cypress:run --browser chrome --headless --spec '.cypress/e2e/oidc/*.js' + yarn cypress:run --browser chrome --headless --spec 'test/cypress/e2e/oidc/*.js' diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index a498dcac3..25578ecdc 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -198,4 +198,4 @@ jobs: - name: Run Cypress run : | yarn add cypress --save-dev - yarn cypress:run --browser chrome --headless --spec '.cypress/e2e/saml/*.js' + yarn cypress:run --browser chrome --headless --spec 'test/cypress/e2e/saml/*.js' diff --git a/.gitignore b/.gitignore index 8c0a5901f..45a42aca7 100644 --- a/.gitignore +++ b/.gitignore @@ -10,5 +10,5 @@ yarn-error.log kibana-coverage/ .DS_Store .idea/ -.cypress/screenshots -.cypress/downloads +test/cypress/screenshots +test/cypress/downloads diff --git a/cypress.config.js b/cypress.config.js index dd03c02d8..56d619ab5 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -16,16 +16,16 @@ const { defineConfig } = require('cypress'); module.exports = defineConfig({ - screenshotsFolder: 'cypress/screenshots', - downloadsFolder: 'cypress/downloads', + screenshotsFolder: 'test/cypress/screenshots', + downloadsFolder: 'test/cypress/downloads', defaultCommandTimeout: 60000, requestTimeout: 60000, responseTimeout: 60000, e2e: { setupNodeEvents(on, config) {}, - supportFile: 'cypress/support/e2e.js', + supportFile: 'test/cypress/support/e2e.js', baseUrl: 'http://localhost:5601', - specPattern: 'cypress/e2e/**/*.spec.js', + specPattern: 'test/cypress/e2e/**/*.spec.js', }, env: { openSearchUrl: 'https://localhost:9200', diff --git a/cypress/e2e/oidc/oidc_auth_test.spec.js b/test/cypress/e2e/oidc/oidc_auth_test.spec.js similarity index 100% rename from cypress/e2e/oidc/oidc_auth_test.spec.js rename to test/cypress/e2e/oidc/oidc_auth_test.spec.js diff --git a/cypress/e2e/saml/saml_auth_test.spec.js b/test/cypress/e2e/saml/saml_auth_test.spec.js similarity index 100% rename from cypress/e2e/saml/saml_auth_test.spec.js rename to test/cypress/e2e/saml/saml_auth_test.spec.js diff --git a/cypress/fixtures/saml/samlUserRoleMappiing.json b/test/cypress/fixtures/saml/samlUserRoleMappiing.json similarity index 100% rename from cypress/fixtures/saml/samlUserRoleMappiing.json rename to test/cypress/fixtures/saml/samlUserRoleMappiing.json diff --git a/cypress/support/commands.js b/test/cypress/support/commands.js similarity index 100% rename from cypress/support/commands.js rename to test/cypress/support/commands.js diff --git a/cypress/support/constants.js b/test/cypress/support/constants.js similarity index 100% rename from cypress/support/constants.js rename to test/cypress/support/constants.js diff --git a/cypress/support/e2e.js b/test/cypress/support/e2e.js similarity index 100% rename from cypress/support/e2e.js rename to test/cypress/support/e2e.js diff --git a/cypress/support/index.d.ts b/test/cypress/support/index.d.ts similarity index 100% rename from cypress/support/index.d.ts rename to test/cypress/support/index.d.ts From 898fc23e4a7ecb515e36b5007f1aeeac41bffe2f Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 19:57:42 -0800 Subject: [PATCH 102/114] Switch the dashboard config by using cat instead of echo Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 37 +++++++++++---------- .github/workflows/cypress-test-saml-e2e.yml | 33 +++++++++--------- 2 files changed, 38 insertions(+), 32 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 6f6a025e9..2c1dcc39b 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -191,23 +191,26 @@ jobs: if: ${{ runner.os == 'Linux' }} run: | cd ./OpenSearch-Dashboards - echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml - echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.connect_url: "http://127.0.0.1:8080/auth/realms/master/.well-known/openid-configuration"' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.client_id: "opensearch"' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.openid.client_secret: "${{ env.TEST_KEYCLOAK_CLIENT_SECRET }}"'>> ./config/opensearch_dashboards.yml - echo 'opensearch_security.auth.type: ["openid"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.ui.openid.login.buttonname: "OIDC"' >> ./config/opensearch_dashboards.yml - echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml + rm -rf ./config/opensearch_dashboards.yml + cat << 'EOT' > ./config/opensearch_dashboards.yml + server.host: "localhost" + opensearch.hosts: ["https://localhost:9200"] + opensearch.ssl.verificationMode: none + opensearch.username: "kibanaserver" + opensearch.password: "kibanaserver" + opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] + opensearch_security.multitenancy.enabled: true + opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] + opensearch_security.readonly_mode.roles: ["kibana_read_only"] + opensearch_security.cookie.secure: false + opensearch_security.openid.connect_url: "http://127.0.0.1:8080/auth/realms/master/.well-known/openid-configuration" + opensearch_security.openid.client_id: "opensearch" + opensearch_security.openid.client_secret: "${{ env.TEST_KEYCLOAK_CLIENT_SECRET }}" + opensearch_security.auth.type: ["openid"] + opensearch_security.auth.multiple_auth_enabled: true + opensearch_security.ui.openid.login.buttonname: "OIDC" + home.disableWelcomeScreen: true + EOT echo 'HERE IS THE DASHBOARD CONFIG' cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch & diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 25578ecdc..5ff953bde 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -175,21 +175,24 @@ jobs: if: ${{ runner.os == 'Linux' }} run: | cd ./OpenSearch-Dashboards - echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml - echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml - echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml - echo 'server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.auth.type: ["saml"]' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml - echo 'opensearch_security.auth.anonymous_auth_enabled: false' >> ./config/opensearch_dashboards.yml - echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml + rm -rf ./config/opensearch_dashboards.yml + cat << 'EOT' > ./config/opensearch_dashboards.yml + server.host: "localhost" + opensearch.hosts: ["https://localhost:9200"] + opensearch.ssl.verificationMode: none + opensearch.username: "kibanaserver" + opensearch.password: "kibanaserver" + opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] + opensearch_security.multitenancy.enabled: true + opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] + opensearch_security.readonly_mode.roles: ["kibana_read_only"] + opensearch_security.cookie.secure: false + server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"] + opensearch_security.auth.type: ["saml"] + opensearch_security.auth.multiple_auth_enabled: true + opensearch_security.auth.anonymous_auth_enabled: false + home.disableWelcomeScreen: true + EOT echo 'HERE IS THE DASHBOARD CONFIG' cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch & From de98ecee25babca1df64e8574c5e2112cea7b738 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 20:28:43 -0800 Subject: [PATCH 103/114] Add version check step for keycloak Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 2c1dcc39b..67d61cd19 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -37,18 +37,32 @@ jobs: echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV shell: bash - # Setup and Run Keycloak - - name: Get and run Keycloak on Linux + # Download and Check Keycloak Version + - name: Download and Check Keyloak Version on Linux if: ${{ runner.os == 'Linux' }} run: | echo "Downloading Keycloak ${{ env.KEYCLOAK_VERSION }}" wget https://github.com/keycloak/keycloak/releases/download/${{ env.KEYCLOAK_VERSION }}/keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz echo "Unpacking Keycloak" tar -xzf keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz + cd keycloak-${{ env.KEYCLOAK_VERSION }}/bin + chmod +x ./kc.sh + KC_ACTUAL_VERSION=$(./kc.sh --version | grep -oP 'Keycloak \K[^ ]+') + echo "Keycloak version: $KC_ACTUAL_VERSION" + if [ "$KC_ACTUAL_VERSION" != "${{ env.KEYCLOAK_VERSION }}" ]; then + echo "Version mismatch. Expected: ${{ env.KEYCLOAK_VERSION }}, Got: $KC_ACTUAL_VERSION" + exit 1 + fi + + # Setup and Run Keycloak + - name: Get and run Keycloak on Linux + if: ${{ runner.os == 'Linux' }} + run: | + pwd + ls export KEYCLOAK_ADMIN=admin export KEYCLOAK_ADMIN_PASSWORD=admin cd keycloak-${{ env.KEYCLOAK_VERSION }}/bin - chmod +x kc.sh echo "Starting keycloak" ./kc.sh start-dev --http-enabled=true --hostname-strict-https=false --http-host=localhost --http-relative-path /auth --health-enabled=true & timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:8080/auth/health)" != "200" ]]; do sleep 5; done' From e86c7b92ee29ee726b2ba1b48a9ab13bf2c73165 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 20:32:50 -0800 Subject: [PATCH 104/114] Add version check step for keycloak - fix0 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 67d61cd19..b01aa3645 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -47,11 +47,15 @@ jobs: tar -xzf keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz cd keycloak-${{ env.KEYCLOAK_VERSION }}/bin chmod +x ./kc.sh - KC_ACTUAL_VERSION=$(./kc.sh --version | grep -oP 'Keycloak \K[^ ]+') - echo "Keycloak version: $KC_ACTUAL_VERSION" - if [ "$KC_ACTUAL_VERSION" != "${{ env.KEYCLOAK_VERSION }}" ]; then - echo "Version mismatch. Expected: ${{ env.KEYCLOAK_VERSION }}, Got: $KC_ACTUAL_VERSION" + KC_ACTUAL_VERSION=$(./kc.sh --version | grep -oP 'Keycloak \K[^ ]+' | tr -d '\r\n') + echo "Extracted version: '$KC_ACTUAL_VERSION'" + EXPECTED_VERSION=$(echo "${{ env.KEYCLOAK_VERSION }}" | tr -d '\r\n') + echo "Expected version: '$EXPECTED_VERSION'" + if [ "$KC_ACTUAL_VERSION" != "$EXPECTED_VERSION" ]; then + echo "Version mismatch. Expected: '$EXPECTED_VERSION', Got: '$KC_ACTUAL_VERSION'" exit 1 + else + echo "Version match confirmed." fi # Setup and Run Keycloak From 712210c7235b99967ed36d6c63703e646a8fdf72 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 20:35:36 -0800 Subject: [PATCH 105/114] Add version check step for keycloak - fix1 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index b01aa3645..1a146b336 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -47,7 +47,7 @@ jobs: tar -xzf keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz cd keycloak-${{ env.KEYCLOAK_VERSION }}/bin chmod +x ./kc.sh - KC_ACTUAL_VERSION=$(./kc.sh --version | grep -oP 'Keycloak \K[^ ]+' | tr -d '\r\n') + KC_ACTUAL_VERSION=$(./kc.sh --version | grep -oP 'Keycloak \K[^ ]+' | head -n 1 | tr -d '\r\n') echo "Extracted version: '$KC_ACTUAL_VERSION'" EXPECTED_VERSION=$(echo "${{ env.KEYCLOAK_VERSION }}" | tr -d '\r\n') echo "Expected version: '$EXPECTED_VERSION'" From 808b645056a38da9a9d7af0649f5755d3789818a Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 21:09:12 -0800 Subject: [PATCH 106/114] Try dashboard output detection on oidc workflow-0 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 1a146b336..b92892977 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -232,7 +232,18 @@ jobs: echo 'HERE IS THE DASHBOARD CONFIG' cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch & - sleep 600 + echo "Waiting for OpenSearch Dashboards to compile..." + for i in {1..60}; do + if grep -q "bundles compiled successfully after" "nohup.out"; then + echo "OpenSearch Dashboards compiled successfully." + break + fi + if [ $i -eq 60 ]; then + echo "Timeout for 600 seconds reached. OpenSearch Dashboards did not finish compiling." + exit 1 + fi + sleep 10 + done - name: Run Cypress run : | From 6462587d4f629b6feadd4d7be086fbd11b799ab4 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 21:24:52 -0800 Subject: [PATCH 107/114] Try dashboard output detection on oidc workflow-1 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index b92892977..c518a3281 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -231,10 +231,9 @@ jobs: EOT echo 'HERE IS THE DASHBOARD CONFIG' cat ./config/opensearch_dashboards.yml - nohup yarn start --no-base-path --no-watch & - echo "Waiting for OpenSearch Dashboards to compile..." + nohup yarn start --no-base-path --no-watch | tee dashboard.log & for i in {1..60}; do - if grep -q "bundles compiled successfully after" "nohup.out"; then + if grep -q "bundles compiled successfully after" "dashboard.log"; then echo "OpenSearch Dashboards compiled successfully." break fi From 6abffa4e212a1e26453b27487b61c08245e93149 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 21:54:03 -0800 Subject: [PATCH 108/114] Add log check step for both workflows Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 5 +++++ .github/workflows/cypress-test-saml-e2e.yml | 19 +++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index c518a3281..ca5133087 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -232,6 +232,11 @@ jobs: echo 'HERE IS THE DASHBOARD CONFIG' cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch | tee dashboard.log & + + - name : Check If OpenSearch Dashboard is ready + if: ${{ runner.os == 'Linux' }} + run: | + cd ./OpenSearch-Dashboards for i in {1..60}; do if grep -q "bundles compiled successfully after" "dashboard.log"; then echo "OpenSearch Dashboards compiled successfully." diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 5ff953bde..b7ffe1349 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -195,8 +195,23 @@ jobs: EOT echo 'HERE IS THE DASHBOARD CONFIG' cat ./config/opensearch_dashboards.yml - nohup yarn start --no-base-path --no-watch & - sleep 600 + nohup yarn start --no-base-path --no-watch | tee dashboard.log & + + - name : Check If OpenSearch Dashboard is ready + if: ${{ runner.os == 'Linux' }} + run: | + cd ./OpenSearch-Dashboards + for i in {1..60}; do + if grep -q "bundles compiled successfully after" "dashboard.log"; then + echo "OpenSearch Dashboards compiled successfully." + break + fi + if [ $i -eq 60 ]; then + echo "Timeout for 600 seconds reached. OpenSearch Dashboards did not finish compiling." + exit 1 + fi + sleep 10 + done - name: Run Cypress run : | From fa670c1eec43f3b75e1ca6865bc6b7e06252069a Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 22:08:20 -0800 Subject: [PATCH 109/114] Add msg for the checking step Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 3 ++- .github/workflows/cypress-test-saml-e2e.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index ca5133087..af34085bb 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -233,10 +233,11 @@ jobs: cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch | tee dashboard.log & - - name : Check If OpenSearch Dashboard is ready + - name : Check If OpenSearch Dashboards Is Ready if: ${{ runner.os == 'Linux' }} run: | cd ./OpenSearch-Dashboards + echo "Start checking OpenSearch Dashboards." for i in {1..60}; do if grep -q "bundles compiled successfully after" "dashboard.log"; then echo "OpenSearch Dashboards compiled successfully." diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index b7ffe1349..4517cf702 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -197,10 +197,11 @@ jobs: cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch | tee dashboard.log & - - name : Check If OpenSearch Dashboard is ready + - name : Check If OpenSearch Dashboards Is Ready if: ${{ runner.os == 'Linux' }} run: | cd ./OpenSearch-Dashboards + echo "Start checking OpenSearch Dashboards." for i in {1..60}; do if grep -q "bundles compiled successfully after" "dashboard.log"; then echo "OpenSearch Dashboards compiled successfully." From bb235941b392a4382124ce0e3208a6b8242f8bce Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Tue, 28 Nov 2023 22:50:04 -0800 Subject: [PATCH 110/114] Fix the dir in .eslintignore Signed-off-by: Ryan Liang --- .eslintignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.eslintignore b/.eslintignore index 5ee33b072..154111996 100644 --- a/.eslintignore +++ b/.eslintignore @@ -4,4 +4,4 @@ node_modules /build /target /.eslintrc.js -cypress.config.js +/cypress.config.js From ad0ca9b146081f698a1991a980226dfce9f38668 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 29 Nov 2023 09:44:05 -0800 Subject: [PATCH 111/114] Switch to checksum for kc script Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index af34085bb..574854cb8 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -10,6 +10,7 @@ env: # avoid warnings like "tput: No value for $TERM and no -T specified" TERM: xterm PLUGIN_NAME: opensearch-security + KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT: xxx jobs: tests: @@ -47,16 +48,17 @@ jobs: tar -xzf keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz cd keycloak-${{ env.KEYCLOAK_VERSION }}/bin chmod +x ./kc.sh - KC_ACTUAL_VERSION=$(./kc.sh --version | grep -oP 'Keycloak \K[^ ]+' | head -n 1 | tr -d '\r\n') - echo "Extracted version: '$KC_ACTUAL_VERSION'" - EXPECTED_VERSION=$(echo "${{ env.KEYCLOAK_VERSION }}" | tr -d '\r\n') - echo "Expected version: '$EXPECTED_VERSION'" - if [ "$KC_ACTUAL_VERSION" != "$EXPECTED_VERSION" ]; then - echo "Version mismatch. Expected: '$EXPECTED_VERSION', Got: '$KC_ACTUAL_VERSION'" - exit 1 + echo "Generating checksum for the downloaded kc.sh script..." + DOWNLOADED_CHECKSUM=$(sha256sum kc.sh | awk '{print $1}') + echo "Downloaded kc.sh checksum: $DOWNLOADED_CHECKSUM" + KNOWN_GOOD_CHECKSUM="${{ env.KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT }}" + if [ "$DOWNLOADED_CHECKSUM" != "$KNOWN_GOOD_CHECKSUM" ]; then + echo "Checksum mismatch. The kc.sh script does not match the known good version. Please check https://github.com/keycloak/keycloak and verify the updates." + exit 1 else - echo "Version match confirmed." + echo "Checksum match confirmed. Proceeding with setup." fi + chmod +x ./kc.sh # Setup and Run Keycloak - name: Get and run Keycloak on Linux From dc361164c3dcf7f5b4cf4e441e6c7cfac847d966 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 29 Nov 2023 09:50:55 -0800 Subject: [PATCH 112/114] Switch to checksum for kc script-1 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index 574854cb8..cbf0ac34c 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -10,7 +10,8 @@ env: # avoid warnings like "tput: No value for $TERM and no -T specified" TERM: xterm PLUGIN_NAME: opensearch-security - KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT: xxx + # This is the SHA256 checksum of the known good kc.sh script for Keycloak version 21.0.1. + KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT: 'f825ea1a9ffa5ad91673737c06857ababbb69b6b8f09e0c637b4c998517f9608' jobs: tests: From d1e0b74e689b90ab5bad4135d2007e8d2721b66c Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 29 Nov 2023 09:55:51 -0800 Subject: [PATCH 113/114] Switch to checksum for kc script-2 Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index cbf0ac34c..edb75e855 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -52,6 +52,7 @@ jobs: echo "Generating checksum for the downloaded kc.sh script..." DOWNLOADED_CHECKSUM=$(sha256sum kc.sh | awk '{print $1}') echo "Downloaded kc.sh checksum: $DOWNLOADED_CHECKSUM" + echo "Known good kc.sh checksum: ${{ env.KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT }}" KNOWN_GOOD_CHECKSUM="${{ env.KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT }}" if [ "$DOWNLOADED_CHECKSUM" != "$KNOWN_GOOD_CHECKSUM" ]; then echo "Checksum mismatch. The kc.sh script does not match the known good version. Please check https://github.com/keycloak/keycloak and verify the updates." From 9f6eed5514d3df4c504132c03ebfe91b1c7f2cb4 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 29 Nov 2023 11:03:19 -0800 Subject: [PATCH 114/114] Remove debugging statements Signed-off-by: Ryan Liang --- .github/workflows/cypress-test-oidc-e2e.yml | 8 ++------ .github/workflows/cypress-test-saml-e2e.yml | 8 ++------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/.github/workflows/cypress-test-oidc-e2e.yml b/.github/workflows/cypress-test-oidc-e2e.yml index edb75e855..c673018b7 100644 --- a/.github/workflows/cypress-test-oidc-e2e.yml +++ b/.github/workflows/cypress-test-oidc-e2e.yml @@ -66,8 +66,6 @@ jobs: - name: Get and run Keycloak on Linux if: ${{ runner.os == 'Linux' }} run: | - pwd - ls export KEYCLOAK_ADMIN=admin export KEYCLOAK_ADMIN_PASSWORD=admin cd keycloak-${{ env.KEYCLOAK_VERSION }}/bin @@ -79,7 +77,6 @@ jobs: ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin CID=$(./kcadm.sh create clients -r master -s clientId=opensearch -s secret="${{ env.TEST_KEYCLOAK_CLIENT_SECRET }}" -s 'attributes."access.token.lifespan"=60' -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i) ./kcadm.sh get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp - echo "Getting client secret for dashboards configuration purpose" CLIENT_SECRET=$(grep -o '"secret" : "[^"]*' tmp | grep -o '[^"]*$') echo "KEYCLOAK_CLIENT_SECRET=$CLIENT_SECRET" >> $GITHUB_ENV @@ -122,10 +119,8 @@ jobs: if: ${{ runner.os == 'Linux'}} run: | echo "Creating new SAML configuration" - pwd cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ rm -rf config.yml - ls cat << 'EOT' > config.yml --- _meta: @@ -233,10 +228,11 @@ jobs: opensearch_security.ui.openid.login.buttonname: "OIDC" home.disableWelcomeScreen: true EOT - echo 'HERE IS THE DASHBOARD CONFIG' + echo 'HERE IS THE DASHBOARD CONFIG FILE: ' cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch | tee dashboard.log & + # Check if OSD is ready with a max timeout of 600 seconds - name : Check If OpenSearch Dashboards Is Ready if: ${{ runner.os == 'Linux' }} run: | diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 4517cf702..7a329a9cc 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -77,10 +77,8 @@ jobs: if: ${{ runner.os == 'Linux'}} run: | echo "Creating new SAML configuration" - pwd cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ rm -rf config.yml - ls cat << 'EOT' > config.yml --- _meta: @@ -128,9 +126,6 @@ jobs: run: | echo "running linux setup" chmod +x ./setup.sh - ls - echo "THIS IS THE SETUP SCRIPT !!!" - cat ./setup.sh ./setup.sh shell: bash @@ -193,10 +188,11 @@ jobs: opensearch_security.auth.anonymous_auth_enabled: false home.disableWelcomeScreen: true EOT - echo 'HERE IS THE DASHBOARD CONFIG' + echo 'HERE IS THE DASHBOARD CONFIG FILE: ' cat ./config/opensearch_dashboards.yml nohup yarn start --no-base-path --no-watch | tee dashboard.log & + # Check if OSD is ready with a max timeout of 600 seconds - name : Check If OpenSearch Dashboards Is Ready if: ${{ runner.os == 'Linux' }} run: |