Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds Multiple Datasources Support for Security Dashboards Plugin #1888

Merged
merged 25 commits into from
Apr 26, 2024
Merged
Show file tree
Hide file tree
Changes from 23 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
4ba9fcf
Register Datasource Picker in the top nav menu for Get Started Tab (#…
derek-ho Mar 20, 2024
eae331a
Lift state up one and generalize flow, render picker for auth tab (#1…
derek-ho Mar 22, 2024
69319fe
Add multi datasource support for the Users tab (#1848)
derek-ho Mar 27, 2024
9bceddf
Adds SSL test support, compatibility test support (#1856)
derek-ho Mar 28, 2024
be3e939
[Multiple datasource] Adds datasource picker to Permissions tab (#1857)
DarshitChanpura Mar 29, 2024
0a0af00
Add multi datasource support for the tenant and audit log tabs (#1861)
derek-ho Apr 2, 2024
d8d1c85
Adds datasource picker for Roles tab and its sub-tabs (#1871)
DarshitChanpura Apr 4, 2024
0a57e75
Support multi datasources on service accounts page (#1870)
derek-ho Apr 4, 2024
1ddef9b
Merge main
DarshitChanpura Apr 11, 2024
9f350b0
Add cluster info to toasts, adds cluster info to URL (#1877)
derek-ho Apr 12, 2024
7b8b18e
Merge branch 'main' of github.com:opensearch-project/security-dashboa…
derek-ho Apr 12, 2024
5f0f592
Revert to "admin" password for older versions
derek-ho Apr 15, 2024
9a7ed1e
[MDS] Fixes flaky cypress tests for data-source picker (#1898)
DarshitChanpura Apr 22, 2024
9cce399
Address PR feedback
derek-ho Apr 23, 2024
16b1442
Revert to 2.4 earliest
derek-ho Apr 23, 2024
3d65de4
Remove extra in line comments
derek-ho Apr 23, 2024
b6fd710
Migrate to v4 after new release
derek-ho Apr 24, 2024
98addde
Refactor code to use a request context class
derek-ho Apr 25, 2024
c048a43
Address feedback
derek-ho Apr 25, 2024
1fe0851
Merge branch 'main' into feature/supporting-multiple-datasources
derek-ho Apr 25, 2024
42feb3d
Udpate usages to create a local cluster context
derek-ho Apr 25, 2024
a93b7dc
Merge branch 'main' into feature/supporting-multiple-datasources
derek-ho Apr 25, 2024
3be7bb5
Fix cypress tests
derek-ho Apr 26, 2024
9d60f4f
Remove datasource testing matrix
derek-ho Apr 26, 2024
ec0d269
Fix password
derek-ho Apr 26, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 6 additions & 22 deletions .github/actions/download-plugin/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ inputs:
description: 'The version of security plugin that should be used, e.g "3.0.0.0"'
required: true

download-location:
description: 'The location of where to download the plugin'
required: true
derek-ho marked this conversation as resolved.
Show resolved Hide resolved

runs:
using: "composite"
steps:
Expand All @@ -22,26 +26,6 @@ runs:
-DremoteRepositories=https://aws.oss.sonatype.org/content/repositories/snapshots/ \
-Dartifact=org.opensearch.plugin:${{ inputs.plugin-name }}:${{ inputs.plugin-version }}-SNAPSHOT:zip \
-Dtransitive=false \
-Ddest=${{ inputs.plugin-name }}.zip
-Ddest=${{ inputs.download-location }}.zip
shell: bash

- name: Create Setup Script for Linux
if: ${{ runner.os == 'Linux' }}
run: |
cat > setup.sh <<'EOF'
chmod +x ./opensearch-${{ inputs.opensearch-version}}-SNAPSHOT/plugins/${{ inputs.plugin-name }}/tools/install_demo_configuration.sh
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
/bin/bash -c "yes | ./opensearch-${{ inputs.opensearch-version}}-SNAPSHOT/plugins/${{ inputs.plugin-name }}/tools/install_demo_configuration.sh -t"
echo "plugins.security.unsupported.restapi.allow_securityconfig_modification: true" >> ./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/config/opensearch.yml
echo "cluster.routing.allocation.disk.threshold_enabled: false" >> ./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/config/opensearch.yml
EOF
shell: bash

- name: Create Setup Script for Windows
if: ${{ runner.os == 'Windows' }}
run: |
New-Item .\setup.bat -type file
Set-Content .\setup.bat -Value "powershell.exe -noexit -command `".\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\plugins\${{ inputs.plugin-name }}\tools\install_demo_configuration.bat -y -i -c -t`""
Add-Content -Path .\setup.bat -Value "echo plugins.security.unsupported.restapi.allow_securityconfig_modification: true >> .\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\config\opensearch.yml"
Add-Content -Path .\setup.bat -Value "echo cluster.routing.allocation.disk.threshold_enabled: false >> .\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\config\opensearch.yml"
Get-Content .\setup.bat
shell: pwsh

16 changes: 10 additions & 6 deletions .github/actions/run-cypress-tests/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ runs:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}
download-location: ${{ env.PLUGIN_NAME }}

- name: Run Opensearch with A Single Plugin
uses: derek-ho/start-opensearch@v2
Expand Down Expand Up @@ -62,7 +63,7 @@ runs:
if: ${{ runner.os == 'Linux' }}
run: |
cd ./OpenSearch-Dashboards
nohup yarn start --no-base-path --no-watch | tee dashboard.log &
nohup yarn start --no-base-path --no-watch --csp.warnLegacyBrowsers=false | tee dashboard.log &
shell: bash

# Check if OSD is ready with a max timeout of 600 seconds
Expand All @@ -84,8 +85,11 @@ runs:
done
shell: bash

- name: Run Cypress
run : |
yarn add cypress --save-dev
eval ${{ inputs.yarn_command }}
shell: bash
- name: Run Cypress Tests with retry
uses: Wandalen/[email protected]
with:
attempt_limit: 5
attempt_delay: 2000
command: |
yarn add cypress --save-dev
eval ${{ inputs.yarn_command }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: E2E multi datasources disabled workflow

on: [ push, pull_request ]

env:
OPENSEARCH_VERSION: '3.0.0'
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!

jobs:
tests:
name: Run Cypress multidatasources tests
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}

steps:
- name: Checkout Branch
uses: actions/checkout@v3

# Configure the Dashboard for multi datasources disabled (default)
- name: Create OpenSearch Dashboards Config
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
if: ${{ runner.os == 'Linux' }}
run: |
cat << 'EOT' > opensearch_dashboards_multidatasources.yml
server.host: "0.0.0.0"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: false
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
data_source.enabled: false
home.disableWelcomeScreen: true
EOT

- name: Run Cypress Tests
uses: ./.github/actions/run-cypress-tests
with:
dashboards_config_file: opensearch_dashboards_multidatasources.yml
yarn_command: 'yarn cypress:run --browser chrome --headless --env LOGIN_AS_ADMIN=true --spec "test/cypress/e2e/multi-datasources/multi_datasources_disabled.spec.js"'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
109 changes: 109 additions & 0 deletions .github/workflows/cypress-test-multidatasources-enabled-e2e.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
name: E2E multi datasources enabled workflow

on: [ push, pull_request ]

env:
OPENSEARCH_VERSION: '3.0.0'
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!

jobs:
tests:
name: Run Cypress multidatasources tests
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}

steps:
- name: Checkout Branch
uses: actions/checkout@v3

- name: Set env
run: |
opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version")
plugin_version=$(node -p "require('./package.json').version")
echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV
echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
shell: bash

# Add Custom Configuration to differentiate between local and remote cluster
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
- name: Create Custom Configuration for Linux
if: ${{ runner.os == 'Linux'}}
run: |
echo "Creating new custom configuration"
cat << 'EOT' > config_custom.yml
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
EOT

- name: Download security plugin and create setup scripts
uses: ./.github/actions/download-plugin
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}
download-location: ${{env.PLUGIN_NAME}}

- name: Run Opensearch with A Single Plugin
uses: derek-ho/start-opensearch@v4
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugins: "file:$(pwd)/opensearch-security.zip"
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
security_config_file: config_custom.yml
port: 9202

- name: Check OpenSearch is running
# Verify that the server is operational
run: |
curl https://localhost:9202/_cat/plugins -v -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k
shell: bash

# Configure the Dashboard for multi datasources
- name: Create OpenSearch Dashboards Config
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
if: ${{ runner.os == 'Linux' }}
run: |
cat << 'EOT' > opensearch_dashboards_multidatasources.yml
server.host: "localhost"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
data_source.enabled: true
home.disableWelcomeScreen: true
data_source.ssl.verificationMode: none
EOT

- name: Run Cypress Tests
uses: ./.github/actions/run-cypress-tests
with:
dashboards_config_file: opensearch_dashboards_multidatasources.yml
yarn_command: 'yarn cypress:run --browser chrome --headless --env LOGIN_AS_ADMIN=true --spec "test/cypress/e2e/multi-datasources/multi_datasources_enabled.spec.js"'
1 change: 1 addition & 0 deletions .github/workflows/cypress-test-tenancy-disabled.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ jobs:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}
download-location: ${{ env.PLUGIN_NAME }}

- name: Run Opensearch with security
uses: derek-ho/start-opensearch@v2
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/cypress-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ jobs:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}
download-location: ${{ env.PLUGIN_NAME }}

- name: Run Opensearch with security
uses: derek-ho/start-opensearch@v2
Expand Down
29 changes: 27 additions & 2 deletions .github/workflows/integration-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ env:
TEST_BROWSER_HEADLESS: 1
CI: 1
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
OPENSEARCH_INITIAL_ADMIN_PASSWORD: admin
derek-ho marked this conversation as resolved.
Show resolved Hide resolved

jobs:
tests:
Expand All @@ -15,6 +15,7 @@ jobs:
fail-fast: false
matrix:
os: [ ubuntu-latest , windows-latest ]
peternied marked this conversation as resolved.
Show resolved Hide resolved
datasource_version: [2.4.0, 2.13.0, 3.0.0]
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
runs-on: ${{ matrix.os }}

steps:
Expand All @@ -34,12 +35,36 @@ jobs:
echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
shell: bash

- name: Download security plugin and create setup scripts
- name: Download security plugin and create setup scripts for remote cluster
uses: ./.github/actions/download-plugin
with:
opensearch-version: ${{ matrix.datasource_version }}
plugin-name: ${{ env.PLUGIN_NAME }}
download-location: ${{env.PLUGIN_NAME}}-${{matrix.datasource_version}}
plugin-version: ${{matrix.datasource_version}}.0

- name: Download security plugin and create setup scripts for local cluster
uses: ./.github/actions/download-plugin
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
download-location: ${{env.PLUGIN_NAME}}
plugin-version: ${{ env.PLUGIN_VERSION }}

- name: Run Opensearch with A Single Plugin Remote Cluster
uses: derek-ho/start-opensearch@v4
with:
opensearch-version: ${{ matrix.datasource_version }}
plugins: "file:$(pwd)/opensearch-security-${{matrix.datasource_version}}.zip"
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
security_config_file: ${{ inputs.security_config_file }}
port: 9202

- name: Check OpenSearch remote is running
run: |
curl https://localhost:9202/_cat/plugins -v -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k
shell: bash

- name: Run Opensearch with security
uses: derek-ho/start-opensearch@v2
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/verify-binary-installation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ jobs:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}
download-location: ${{ env.PLUGIN_NAME }}

- name: Run Opensearch with security
uses: derek-ho/start-opensearch@v2
Expand Down
2 changes: 2 additions & 0 deletions common/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ export const MAX_INTEGER = 2147483647;
export const MAX_LENGTH_OF_COOKIE_BYTES = 4000;
export const ESTIMATED_IRON_COOKIE_OVERHEAD = 1.5;

export const LOCAL_CLUSTER_ID = '';

export enum AuthType {
BASIC = 'basicauth',
OPEN_ID = 'openid',
Expand Down
4 changes: 4 additions & 0 deletions cypress.config.js
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,9 @@ module.exports = defineConfig({
openSearchUrl: 'https://localhost:9200',
adminUserName: 'admin',
adminPassword: 'myStrongPassword123!',
externalDataSourceAdminUserName: 'admin',
externalDataSourceAdminPassword: 'myStrongPassword123!',
externalDataSourceLabel: '9202',
externalDataSourceEndpoint: 'https://localhost:9202'
},
});
4 changes: 3 additions & 1 deletion opensearch_dashboards.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@
"savedObjectsManagement"
],
"optionalPlugins": [
"managementOverview"
"managementOverview",
"dataSource",
"dataSourceManagement"
],
"server": true,
"ui": true
Expand Down
28 changes: 21 additions & 7 deletions public/apps/account/utils.tsx
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -16,20 +16,30 @@
import { HttpStart } from 'opensearch-dashboards/public';
import { API_AUTH_LOGOUT } from '../../../common';
import { setShouldShowTenantPopup } from '../../utils/storage-utils';
import { httpGet, httpGetWithIgnores, httpPost } from '../configuration/utils/request-utils';
import { API_ENDPOINT_ACCOUNT_INFO } from './constants';
import { AccountInfo } from './types';
import { createLocalClusterRequestContext } from '../configuration/utils/request-utils';

export function fetchAccountInfo(http: HttpStart): Promise<AccountInfo> {
return httpGet(http, API_ENDPOINT_ACCOUNT_INFO);
return createLocalClusterRequestContext().httpGet({

Check warning on line 24 in public/apps/account/utils.tsx

View check run for this annotation

Codecov / codecov/patch

public/apps/account/utils.tsx#L24

Added line #L24 was not covered by tests
http,
url: API_ENDPOINT_ACCOUNT_INFO,
});
}

export async function fetchAccountInfoSafe(http: HttpStart): Promise<AccountInfo | undefined> {
return httpGetWithIgnores<AccountInfo>(http, API_ENDPOINT_ACCOUNT_INFO, [401]);
return createLocalClusterRequestContext().httpGetWithIgnores<AccountInfo>({

Check warning on line 31 in public/apps/account/utils.tsx

View check run for this annotation

Codecov / codecov/patch

public/apps/account/utils.tsx#L31

Added line #L31 was not covered by tests
http,
url: API_ENDPOINT_ACCOUNT_INFO,
ignores: [401],
});
}

export async function logout(http: HttpStart, logoutUrl?: string): Promise<void> {
await httpPost(http, API_AUTH_LOGOUT);
await createLocalClusterRequestContext().httpPost({

Check warning on line 39 in public/apps/account/utils.tsx

View check run for this annotation

Codecov / codecov/patch

public/apps/account/utils.tsx#L39

Added line #L39 was not covered by tests
http,
url: API_AUTH_LOGOUT,
});
setShouldShowTenantPopup(null);
// Clear everything in the sessionStorage since they can contain sensitive information
sessionStorage.clear();
Expand All @@ -52,8 +62,12 @@
newPassword: string,
currentPassword: string
): Promise<void> {
await httpPost(http, API_ENDPOINT_ACCOUNT_INFO, {
password: newPassword,
current_password: currentPassword,
await createLocalClusterRequestContext().httpPost({

Check warning on line 65 in public/apps/account/utils.tsx

View check run for this annotation

Codecov / codecov/patch

public/apps/account/utils.tsx#L65

Added line #L65 was not covered by tests
http,
url: API_ENDPOINT_ACCOUNT_INFO,
body: {
password: newPassword,
current_password: currentPassword,
},
});
}
Loading
Loading