From 1d84633026c81104c1599aecec2a1d46ba0e1dbf Mon Sep 17 00:00:00 2001
From: Peter Zhu <zhujiaxi@amazon.com>
Date: Mon, 10 Oct 2022 17:34:45 -0400
Subject: [PATCH] Opensearch security plugin windows install certs demo config
 and add batch install script (#2704)

* Security script for install.sh add windows specific changes

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add Windows install batch and resolve security plugin demo config issues

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add more comments

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add more comments

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add more comments

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add more comments

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add sql 2.4.0

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add sql 2.4.0

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add comments

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add comments

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add comments

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
---
 DEVELOPER_GUIDE.md                            | 22 +++++
 manifests/2.4.0/opensearch-2.4.0.yml          |  9 ++
 scripts/components/OpenSearch/install.sh      |  8 +-
 scripts/components/security/install.sh        | 83 +++++++++++++++++++
 .../tar/linux/opensearch-tar-install.sh       |  0
 .../windows/opensearch-windows-install.bat    | 22 +++++
 tests/jenkins/TestDockerScanJob.groovy        | 10 +++
 7 files changed, 151 insertions(+), 3 deletions(-)
 create mode 100755 scripts/components/security/install.sh
 rename scripts/{legacy => startup}/tar/linux/opensearch-tar-install.sh (100%)
 create mode 100644 scripts/startup/zip/windows/opensearch-windows-install.bat

diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md
index e25a3f21d2..caa4f0d61a 100644
--- a/DEVELOPER_GUIDE.md
+++ b/DEVELOPER_GUIDE.md
@@ -276,7 +276,29 @@ Each jenkins library should have a test case associated with it. Eg: [TestSignAr
 - Jenkins' library test should extend [BuildPipelineTest.groovy](tests/jenkins/BuildPipelineTest.groovy)
 - Create a dummy job such as [Hello_Jenkinsfile](tests/jenkins/jobs/Hello_Jenkinsfile) to call and test the function
   and output [Hello_Jenkinsfile.txt](tests/jenkins/jobs/Hello_Jenkinsfile.txt)
+- If using remote libs from [opensearch-build-libraries](https://github.com/opensearch-project/opensearch-build-libraries) repository with tag (ex: 1.0.0), make sure
+  both the Jenkins Test file as well as the Jenkins Job file are overriding the libs version with the same tag (ex: 1.0.0), or Jacoco test will fail to generate reports.
+  This would happen if defaultVersion in BuildPipelineTest.groovy (default to 'main') have a different HEAD commit id compares to tag commit id you defined to use.
+```
+super.setUp()
+......
+helper.registerSharedLibrary(
+    library().name('jenkins')
+        .defaultVersion('1.0.0')
+        .allowOverride(true)
+        .implicit(true)
+        .targetPath('vars')
+        .retriever(gitSource('https://github.com/opensearch-project/opensearch-build-libraries.git'))
+        .build()
+)
+```
 
+```
+lib = library(identifier: 'jenkins@1.0.0', retriever: modernSCM([
+    $class: 'GitSCMSource',
+    remote: 'https://github.com/opensearch-project/opensearch-build-libraries.git',
+]))
+```
 
 #### Testing in Jenkins
 * [Build_OpenSearch_Dashboards_Jenkinsfile](tests/jenkins/jobs/Build_OpenSearch_Dashboards_Jenkinsfile): is similar to [OpenSearch Dashboards Jenkinsfile](jenkins/opensearch-dashboards/Jenkinsfile) w/o notifications.
diff --git a/manifests/2.4.0/opensearch-2.4.0.yml b/manifests/2.4.0/opensearch-2.4.0.yml
index 94388c320e..b43a98921a 100644
--- a/manifests/2.4.0/opensearch-2.4.0.yml
+++ b/manifests/2.4.0/opensearch-2.4.0.yml
@@ -101,3 +101,12 @@ components:
     checks:
       - gradle:properties:version
       - gradle:dependencies:opensearch.version
+  - name: sql
+    repository: https://github.com/opensearch-project/sql.git
+    ref: '2.x'
+    platforms:
+      - linux
+      - windows
+    checks:
+      - gradle:properties:version
+      - gradle:dependencies:opensearch.version: opensearch-sql-plugin
diff --git a/scripts/components/OpenSearch/install.sh b/scripts/components/OpenSearch/install.sh
index 13c0a37b8e..09106a9a1e 100755
--- a/scripts/components/OpenSearch/install.sh
+++ b/scripts/components/OpenSearch/install.sh
@@ -80,9 +80,11 @@ cd $DIR
 
 ## Copy the tar installation script into the bundle
 if [ "$DISTRIBUTION" = "tar" ]; then
-    cp ../../../scripts/legacy/tar/linux/opensearch-tar-install.sh "$OUTPUT/"
+    cp -v ../../../scripts/startup/tar/linux/opensearch-tar-install.sh "$OUTPUT/"
 
 elif [ "$DISTRIBUTION" = "rpm" ]; then
-    cp -a ../../../scripts/pkg/service_templates/opensearch/* "$OUTPUT/../"
-    cp -a ../../../scripts/pkg/build_templates/opensearch/* "$OUTPUT/../"
+    cp -va ../../../scripts/pkg/service_templates/opensearch/* "$OUTPUT/../"
+    cp -va ../../../scripts/pkg/build_templates/opensearch/* "$OUTPUT/../"
+elif [ "$DISTRIBUTION" = "zip" ] && [ "$PLATFORM" = "windows" ]; then
+    cp -v ../../../scripts/startup/zip/windows/opensearch-windows-install.bat "$OUTPUT/"
 fi
diff --git a/scripts/components/security/install.sh b/scripts/components/security/install.sh
new file mode 100755
index 0000000000..2c9e1c18a1
--- /dev/null
+++ b/scripts/components/security/install.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+set -ex
+
+function usage() {
+    echo "Usage: $0 [args]"
+    echo ""
+    echo "Arguments:"
+    echo -e "-v VERSION\t[Required] OpenSearch version."
+    echo -e "-s SNAPSHOT\t[Optional] Build a snapshot, default is 'false'."
+    echo -e "-p PLATFORM\t[Optional] Platform, default is 'uname -s'."
+    echo -e "-a ARCHITECTURE\t[Optional] Build architecture, default is 'uname -m'."
+    echo -e "-f ARTIFACTS\t[Optional] Location of build artifacts."
+    echo -e "-o OUTPUT\t[Optional] Output path."
+    echo -e "-h help"
+}
+
+while getopts ":h:v:q:s:o:p:a:f:" arg; do
+    case $arg in
+        h)
+            usage
+            exit 1
+            ;;
+        v)
+            VERSION=$OPTARG
+            ;;
+        q)
+            QUALIFIER=$OPTARG
+            ;;
+        s)
+            SNAPSHOT=$OPTARG
+            ;;
+        o)
+            OUTPUT=$OPTARG
+            ;;
+        p)
+            PLATFORM=$OPTARG
+            ;;
+        a)
+            ARCHITECTURE=$OPTARG
+            ;;
+        f)
+            ARTIFACTS=$ARTIFACTS
+            ;;
+        :)
+            echo "Error: -${OPTARG} requires an argument"
+            usage
+            exit 1
+            ;;
+        ?)
+            echo "Invalid option: -${arg}"
+            exit 1
+            ;;
+    esac
+done
+
+if [ -z "$VERSION" ]; then
+    echo "Error: missing version."
+    usage
+    exit 1
+fi
+
+[ -z "$SNAPSHOT" ] && SNAPSHOT="false"
+[ -z "$PLATFORM" ] && PLATFORM=$(uname -s | awk '{print tolower($0)}')
+[ -z "$ARCHITECTURE" ] && ARCHITECTURE=`uname -m`
+
+SECURITY_PLUGIN="opensearch-security"
+chmod -c 755 $OUTPUT/plugins/$SECURITY_PLUGIN/tools/*.sh
+
+if [ "$PLATFORM" = "windows" ]; then
+    chmod -c 755 $OUTPUT/plugins/$SECURITY_PLUGIN/tools/*.bat
+
+    # Temporary solution to run shell script on Windows through MinGW
+    # Tracking issue: https://github.com/opensearch-project/security/issues/2148
+    $OUTPUT/plugins/$SECURITY_PLUGIN/tools/install_demo_configuration.sh -y -i -s
+fi
diff --git a/scripts/legacy/tar/linux/opensearch-tar-install.sh b/scripts/startup/tar/linux/opensearch-tar-install.sh
similarity index 100%
rename from scripts/legacy/tar/linux/opensearch-tar-install.sh
rename to scripts/startup/tar/linux/opensearch-tar-install.sh
diff --git a/scripts/startup/zip/windows/opensearch-windows-install.bat b/scripts/startup/zip/windows/opensearch-windows-install.bat
new file mode 100644
index 0000000000..eaae2ce03a
--- /dev/null
+++ b/scripts/startup/zip/windows/opensearch-windows-install.bat
@@ -0,0 +1,22 @@
+:: SPDX-License-Identifier: Apache-2.0
+:: Copyright OpenSearch Contributors
+
+@echo off
+
+:: Set variables and cd into the location of the batch script
+PUSHD "%~dp0"
+SET "OPENSEARCH_HOME=%CD%"
+SET "OPENSEARCH_PATH_CONF=%OPENSEARCH_HOME%\config"
+
+:: Echo User Inputs
+ECHO "OPENSEARCH_HOME: %OPENSEARCH_HOME%"
+ECHO "OPENSEARCH_PATH_CONF: %OPENSEARCH_PATH_CONF%"
+
+:: Start OpenSearch
+ECHO Start OpenSearch
+IF "%~1" == "" (
+    CALL "%OPENSEARCH_HOME%\bin\opensearch.bat"
+    ) ELSE (
+    CALL "%OPENSEARCH_HOME%\bin\opensearch.bat" "%*"
+    )
+
diff --git a/tests/jenkins/TestDockerScanJob.groovy b/tests/jenkins/TestDockerScanJob.groovy
index 96e2053bab..7911b62994 100644
--- a/tests/jenkins/TestDockerScanJob.groovy
+++ b/tests/jenkins/TestDockerScanJob.groovy
@@ -18,6 +18,16 @@ class TestDockerScanJob extends BuildPipelineTest {
 
         super.setUp()
 
+        helper.registerSharedLibrary(
+            library().name('jenkins')
+                .defaultVersion('1.0.1')
+                .allowOverride(true)
+                .implicit(true)
+                .targetPath('vars')
+                .retriever(gitSource('https://github.com/opensearch-project/opensearch-build-libraries.git'))
+                .build()
+        )
+
         // Variables
         binding.setVariable('IMAGE_FULL_NAME', 'alpine:3')