Skip to content

Add workspace and multi tenancy check #359

Add workspace and multi tenancy check

Add workspace and multi tenancy check #359

name: Snapshot based E2E SAML multi-auth tests workflow
on: [ push, pull_request ]
env:
OPENSEARCH_VERSION: '3.0.0'
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
jobs:
tests:
name: Run Cypress E2E SAML multi-auth tests
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Branch
uses: actions/checkout@v3
# Add SAML Configuration
- name: Injecting SAML Configuration for Linux
if: ${{ runner.os == 'Linux'}}
run: |
echo "Creating new SAML configuration"
cat << 'EOT' > config_multiauth.yml
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
entity_id: urn:example:idp
metadata_url: http://localhost:7000/metadata
sp:
entity_id: https://localhost:9200
kibana_url: http://localhost:5601
exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464
authentication_backend:
type: noop
EOT
# Configure the Dashboard for SAML setup
- name: Configure OpenSearch Dashboards with multi-auth configuration including SAML
if: ${{ runner.os == 'Linux' }}
run: |
cat << 'EOT' > opensearch_dashboards_multiauth.yml
server.host: "localhost"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]
opensearch_security.auth.type: ["basicauth","saml"]
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.auth.anonymous_auth_enabled: false
home.disableWelcomeScreen: true
EOT
- name: Run Cypress Tests
uses: ./.github/actions/run-cypress-tests
with:
security_config_file: config_multiauth.yml
dashboards_config_file: opensearch_dashboards_multiauth.yml
yarn_command: 'yarn cypress:run --browser chrome --headless --env loginMethod=saml_multiauth --spec "test/cypress/e2e/saml/*.js"'