opensearch-project · DarshitChanpura · Jan 23, 2024 · Jan 8, 2024 · Jan 18, 2024 · Jan 22, 2024
@@ -3,7 +3,7 @@ description: 'Installs OpenSearch Dashboard with a Plugin from github, then chec
 
 inputs:
   plugin_name:
-    description: 'The the name of the plugin to use, such as security-dashboards-plugin'
+    description: 'The name of the plugin to use, such as security-dashboards-plugin'
     required: true
 
 outputs:

@@ -0,0 +1,152 @@
+name: Run Cypress Tests
+description: 'Runs Cypress tests for the security-dashboards-plugin with opensearch_dashboards.yml and security configuration provided'
+
+inputs:
+  security_config_file:
+    description: 'Name of the security plugin config file'
+    required: false
+  dashboards_config_file:
+    description: 'Name of OpenSearch Dashboards config file'
+    required: false
+  yarn_command:
+    description: 'The yarn command to start running cypress tests'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up JDK
+      uses: actions/setup-java@v1
+      with:
+        java-version: 11
+
+    - name: Set env
+      run: |
+        opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version")
+        plugin_version=$(node -p "require('./package.json').version")
+        echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV
+        echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
+      shell: bash
+
+    - name: Download security plugin and create setup scripts
+      uses: ./.github/actions/download-plugin
+      with:
+        opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+        plugin-name: ${{ env.PLUGIN_NAME }}
+        plugin-version: ${{ env.PLUGIN_VERSION }}
+
+    # Download OpenSearch
+    - name: Download OpenSearch for Linux
+      uses: peternied/download-file@v2
+      if: ${{ runner.os == 'Linux' }}
+      with:
+        url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz
+
+    # Extract downloaded tar/zip
+    - name: Extract downloaded tar
+      if: ${{ runner.os == 'Linux' }}
+      run: |
+        tar -xzf opensearch-*.tar.gz
+        rm -f opensearch-*.tar.gz
+      shell: bash
+
+    # Install the security plugin
+    - name: Install Plugin into OpenSearch for Linux
+      if: ${{ runner.os == 'Linux'}}
+      run: |
+        chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin
+        /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip"
+      shell: bash
+
+    - name: Replace demo configuration
+      if: ${{ runner.os == 'Linux' }}
+      run: |
+        if [ -f ${{ inputs.security_config_file }} ]; then
+          mv ${{ inputs.security_config_file }} ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/config.yml
+        fi
+      shell: bash
+
+    # Run any configuration scripts
+    - name: Run Setup Script for Linux
+      if: ${{ runner.os == 'Linux' }}
+      run: |
+        echo "running linux setup"
+        chmod +x ./setup.sh
+        ./setup.sh
+      shell: bash
+
+    # OSD bootstrap
+    - name: Run Dashboard with Security Dashboards Plugin
+      uses: ./.github/actions/install-dashboards
+      with:
+        plugin_name: security-dashboards-plugin
+
+    - name: Replace dashboards configuration
+      if: ${{ runner.os == 'Linux' }}
+      run: |
+        if [ -f ${{ inputs.dashboards_config_file }} ]; then
+          mv ${{ inputs.dashboards_config_file }} ./OpenSearch-Dashboards/config/opensearch_dashboards.yml
+        fi
+      shell: bash
+
+    - name: Run pretest script
+      if: ${{ runner.os == 'Linux' }}
+      run: |
+        cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin
+        yarn pretest:jest_server
+      shell: bash
+
+    # Run OpenSearch
+    - name: Run OpenSearch with plugin on Linux
+      if: ${{ runner.os == 'Linux'}}
+      run: |
+        /bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &"
+      shell: bash
+
+    # Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time!
+    - name: Sleep while OpenSearch starts
+      uses: peternied/action-sleep@v1
+      with:
+        seconds: 30
+
+    # Verify that the server is operational
+    - name: Check OpenSearch Running on Linux
+      if: ${{ runner.os != 'Windows'}}
+      run: curl https://localhost:9200/_cat/plugins -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k -v
+      shell: bash
+
+    - if: always()
+      run: cat ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/logs/opensearch.log
+      shell: bash
+
+    - name: Run OpenSearch Dashboards with provided configuration
+      if: ${{ runner.os == 'Linux' }}
+      run: |
+        cd ./OpenSearch-Dashboards
+        nohup yarn start --no-base-path --no-watch | tee dashboard.log &
+      shell: bash
+
+    # Check if OSD is ready with a max timeout of 600 seconds
+    - name : Check If OpenSearch Dashboards Is Ready
+      if: ${{ runner.os == 'Linux' }}
+      run: |
+        cd ./OpenSearch-Dashboards
+        echo "Start checking OpenSearch Dashboards."
+        for i in {1..60}; do
+          if grep -q "bundles compiled successfully after" "dashboard.log"; then
+            echo "OpenSearch Dashboards compiled successfully."
+            break
+          fi
+          if [ $i -eq 60 ]; then
+            echo "Timeout for 600 seconds reached. OpenSearch Dashboards did not finish compiling."
+            exit 1
+          fi
+          sleep 10
+        done
+      shell: bash
+
+    - name: Run Cypress
+      run : |
+        yarn add cypress --save-dev
+        eval ${{ inputs.yarn_command }}
+      shell: bash
@@ -0,0 +1,101 @@
+name: Snapshot based E2E SAML multi-auth tests workflow
+
+on: [ push, pull_request ]
+
+env:
+  OPENSEARCH_VERSION: '3.0.0'
+  CI: 1
+  # avoid warnings like "tput: No value for $TERM and no -T specified"
+  TERM: xterm
+  PLUGIN_NAME: opensearch-security
+  OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
+
+jobs:
+  tests:
+    name: Run Cypress E2E SAML multi-auth tests
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v3
+
+      # Add SAML Configuration
+      - name: Injecting SAML Configuration for Linux
+        if: ${{ runner.os == 'Linux'}}
+        run: |
+          echo "Creating new SAML configuration"
+          cat << 'EOT' > config_multiauth.yml
+          ---
+          _meta:
+            type: "config"
+            config_version: 2
+          config:
+            dynamic:
+              http:
+                anonymous_auth_enabled: false
+              authc:
+                basic_internal_auth_domain:
+                  description: "Authenticate via HTTP Basic against internal users database"
+                  http_enabled: true
+                  transport_enabled: true
+                  order: 0
+                  http_authenticator:
+                    type: basic
+                    challenge: false
+                  authentication_backend:
+                    type: intern
+                saml_auth_domain:
+                  http_enabled: true
+                  transport_enabled: false
+                  order: 1
+                  http_authenticator:
+                    type: saml
+                    challenge: true
+                    config:
+                      idp:
+                        entity_id: urn:example:idp
+                        metadata_url: http://localhost:7000/metadata
+                      sp:
+                        entity_id: https://localhost:9200
+                      kibana_url: http://localhost:5601
+                      exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464
+                  authentication_backend:
+                    type: noop
+          EOT
+          echo "THIS IS THE SECURITY CONFIG FILE: "
+          cat config_multiauth.yml
+
+      # Configure the Dashboard for SAML setup
+      - name: Configure OpenSearch Dashboards with multi-auth configuration including SAML
+        if: ${{ runner.os == 'Linux' }}
+        run: |
+          cat << 'EOT' > opensearch_dashboards_multiauth.yml
+          server.host: "localhost"
+          opensearch.hosts: ["https://localhost:9200"]
+          opensearch.ssl.verificationMode: none
+          opensearch.username: "kibanaserver"
+          opensearch.password: "kibanaserver"
+          opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+          opensearch_security.multitenancy.enabled: true
+          opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
+          opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+          opensearch_security.cookie.secure: false
+          server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]
+          opensearch_security.auth.type: ["basicauth","saml"]
+          opensearch_security.auth.multiple_auth_enabled: true
+          opensearch_security.auth.anonymous_auth_enabled: false
+          home.disableWelcomeScreen: true
+          EOT
+          echo 'HERE IS THE DASHBOARD CONFIG FILE: '
+          cat opensearch_dashboards_multiauth.yml
+
+      - name: Run Cypress Tests
+        uses: ./.github/actions/run-cypress-tests
+        with:
+          security_config_file: config_multiauth.yml
+          dashboards_config_file: opensearch_dashboards_multiauth.yml
+          yarn_command: 'yarn cypress:run --browser chrome --headless --env loginMethod=saml_multiauth --spec "test/cypress/e2e/saml/*.js"'