-
Notifications
You must be signed in to change notification settings - Fork 163
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Backport 2.x] Adds Multiple Datasources Support for Security Dashboa…
…rds Plugin (#1888) (#1911) Signed-off-by: Darshit Chanpura <[email protected]> Signed-off-by: Derek Ho <[email protected]> Co-authored-by: Darshit Chanpura <[email protected]> Co-authored-by: Darshit Chanpura <[email protected]>
- Loading branch information
1 parent
8082705
commit 54f9b35
Showing
88 changed files
with
3,342 additions
and
535 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -34,6 +34,7 @@ runs: | |
opensearch-version: ${{ env.OPENSEARCH_VERSION }} | ||
plugin-name: ${{ env.PLUGIN_NAME }} | ||
plugin-version: ${{ env.PLUGIN_VERSION }} | ||
download-location: ${{ env.PLUGIN_NAME }} | ||
|
||
- name: Run Opensearch with A Single Plugin | ||
uses: derek-ho/start-opensearch@v2 | ||
|
@@ -62,7 +63,7 @@ runs: | |
if: ${{ runner.os == 'Linux' }} | ||
run: | | ||
cd ./OpenSearch-Dashboards | ||
nohup yarn start --no-base-path --no-watch | tee dashboard.log & | ||
nohup yarn start --no-base-path --no-watch --csp.warnLegacyBrowsers=false | tee dashboard.log & | ||
shell: bash | ||
|
||
# Check if OSD is ready with a max timeout of 600 seconds | ||
|
@@ -84,8 +85,11 @@ runs: | |
done | ||
shell: bash | ||
|
||
- name: Run Cypress | ||
run : | | ||
yarn add cypress --save-dev | ||
eval ${{ inputs.yarn_command }} | ||
shell: bash | ||
- name: Run Cypress Tests with retry | ||
uses: Wandalen/[email protected] | ||
with: | ||
attempt_limit: 5 | ||
attempt_delay: 2000 | ||
command: | | ||
yarn add cypress --save-dev | ||
eval ${{ inputs.yarn_command }} |
49 changes: 49 additions & 0 deletions
49
.github/workflows/cypress-test-multidatasources-disabled-e2e.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
name: E2E multi datasources disabled workflow | ||
|
||
on: [ push, pull_request ] | ||
|
||
env: | ||
OPENSEARCH_VERSION: '3.0.0' | ||
CI: 1 | ||
# avoid warnings like "tput: No value for $TERM and no -T specified" | ||
TERM: xterm | ||
PLUGIN_NAME: opensearch-security | ||
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! | ||
|
||
jobs: | ||
tests: | ||
name: Run Cypress multidatasources tests | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
os: [ ubuntu-latest ] | ||
runs-on: ${{ matrix.os }} | ||
|
||
steps: | ||
- name: Checkout Branch | ||
uses: actions/checkout@v3 | ||
|
||
# Configure the Dashboard for multi datasources disabled (default) | ||
- name: Create OpenSearch Dashboards Config | ||
if: ${{ runner.os == 'Linux' }} | ||
run: | | ||
cat << 'EOT' > opensearch_dashboards_multidatasources.yml | ||
server.host: "0.0.0.0" | ||
opensearch.hosts: ["https://localhost:9200"] | ||
opensearch.ssl.verificationMode: none | ||
opensearch.username: "kibanaserver" | ||
opensearch.password: "kibanaserver" | ||
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] | ||
opensearch_security.multitenancy.enabled: false | ||
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] | ||
opensearch_security.readonly_mode.roles: ["kibana_read_only"] | ||
opensearch_security.cookie.secure: false | ||
data_source.enabled: false | ||
home.disableWelcomeScreen: true | ||
EOT | ||
- name: Run Cypress Tests | ||
uses: ./.github/actions/run-cypress-tests | ||
with: | ||
dashboards_config_file: opensearch_dashboards_multidatasources.yml | ||
yarn_command: 'yarn cypress:run --browser chrome --headless --env LOGIN_AS_ADMIN=true --spec "test/cypress/e2e/multi-datasources/multi_datasources_disabled.spec.js"' |
109 changes: 109 additions & 0 deletions
109
.github/workflows/cypress-test-multidatasources-enabled-e2e.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
name: E2E multi datasources enabled workflow | ||
|
||
on: [ push, pull_request ] | ||
|
||
env: | ||
OPENSEARCH_VERSION: '3.0.0' | ||
CI: 1 | ||
# avoid warnings like "tput: No value for $TERM and no -T specified" | ||
TERM: xterm | ||
PLUGIN_NAME: opensearch-security | ||
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! | ||
|
||
jobs: | ||
tests: | ||
name: Run Cypress multidatasources tests | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
os: [ ubuntu-latest ] | ||
runs-on: ${{ matrix.os }} | ||
|
||
steps: | ||
- name: Checkout Branch | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set env | ||
run: | | ||
opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version") | ||
plugin_version=$(node -p "require('./package.json').version") | ||
echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV | ||
echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV | ||
shell: bash | ||
|
||
# Add Custom Configuration to differentiate between local and remote cluster | ||
- name: Create Custom Configuration for Linux | ||
if: ${{ runner.os == 'Linux'}} | ||
run: | | ||
echo "Creating new custom configuration" | ||
cat << 'EOT' > config_custom.yml | ||
--- | ||
_meta: | ||
type: "config" | ||
config_version: 2 | ||
config: | ||
dynamic: | ||
http: | ||
anonymous_auth_enabled: false | ||
authc: | ||
basic_internal_auth_domain: | ||
description: "Authenticate via HTTP Basic against internal users database" | ||
http_enabled: true | ||
transport_enabled: true | ||
order: 0 | ||
http_authenticator: | ||
type: basic | ||
challenge: false | ||
authentication_backend: | ||
type: intern | ||
EOT | ||
- name: Download security plugin and create setup scripts | ||
uses: ./.github/actions/download-plugin | ||
with: | ||
opensearch-version: ${{ env.OPENSEARCH_VERSION }} | ||
plugin-name: ${{ env.PLUGIN_NAME }} | ||
plugin-version: ${{ env.PLUGIN_VERSION }} | ||
download-location: ${{env.PLUGIN_NAME}} | ||
|
||
- name: Run Opensearch with A Single Plugin | ||
uses: derek-ho/start-opensearch@v4 | ||
with: | ||
opensearch-version: ${{ env.OPENSEARCH_VERSION }} | ||
plugins: "file:$(pwd)/opensearch-security.zip" | ||
security-enabled: true | ||
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} | ||
security_config_file: config_custom.yml | ||
port: 9202 | ||
|
||
- name: Check OpenSearch is running | ||
# Verify that the server is operational | ||
run: | | ||
curl https://localhost:9202/_cat/plugins -v -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k | ||
shell: bash | ||
|
||
# Configure the Dashboard for multi datasources | ||
- name: Create OpenSearch Dashboards Config | ||
if: ${{ runner.os == 'Linux' }} | ||
run: | | ||
cat << 'EOT' > opensearch_dashboards_multidatasources.yml | ||
server.host: "localhost" | ||
opensearch.hosts: ["https://localhost:9200"] | ||
opensearch.ssl.verificationMode: none | ||
opensearch.username: "kibanaserver" | ||
opensearch.password: "kibanaserver" | ||
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] | ||
opensearch_security.multitenancy.enabled: true | ||
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] | ||
opensearch_security.readonly_mode.roles: ["kibana_read_only"] | ||
opensearch_security.cookie.secure: false | ||
data_source.enabled: true | ||
home.disableWelcomeScreen: true | ||
data_source.ssl.verificationMode: none | ||
EOT | ||
- name: Run Cypress Tests | ||
uses: ./.github/actions/run-cypress-tests | ||
with: | ||
dashboards_config_file: opensearch_dashboards_multidatasources.yml | ||
yarn_command: 'yarn cypress:run --browser chrome --headless --env LOGIN_AS_ADMIN=true --spec "test/cypress/e2e/multi-datasources/multi_datasources_enabled.spec.js"' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.