opensearch-project · DarshitChanpura · Apr 26, 2024 · Mar 20, 2024 · Mar 22, 2024 · Mar 27, 2024
@@ -14,6 +14,10 @@ inputs:
     description: 'The version of security plugin that should be used, e.g "3.0.0.0"'
     required: true
 
+  download-location:
+    description: 'The location of where to download the plugin'
+    required: true
+
 runs:
   using: "composite"
   steps:
@@ -22,26 +26,5 @@ runs:
         -DremoteRepositories=https://aws.oss.sonatype.org/content/repositories/snapshots/ \
         -Dartifact=org.opensearch.plugin:${{ inputs.plugin-name }}:${{ inputs.plugin-version }}-SNAPSHOT:zip \
         -Dtransitive=false \
-        -Ddest=${{ inputs.plugin-name }}.zip
-      shell: bash
-
-    - name: Create Setup Script for Linux
-      if: ${{ runner.os == 'Linux' }}
-      run: |
-        cat > setup.sh <<'EOF'
-        chmod +x  ./opensearch-${{ inputs.opensearch-version}}-SNAPSHOT/plugins/${{ inputs.plugin-name }}/tools/install_demo_configuration.sh 
-        /bin/bash -c "yes | ./opensearch-${{ inputs.opensearch-version}}-SNAPSHOT/plugins/${{ inputs.plugin-name }}/tools/install_demo_configuration.sh -t"
-        echo "plugins.security.unsupported.restapi.allow_securityconfig_modification: true" >> ./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/config/opensearch.yml
-        echo "cluster.routing.allocation.disk.threshold_enabled: false" >> ./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/config/opensearch.yml
-        EOF
-      shell: bash
-
-    - name: Create Setup Script for Windows
-      if: ${{ runner.os == 'Windows' }}
-      run: |
-        New-Item .\setup.bat -type file
-        Set-Content .\setup.bat -Value "powershell.exe -noexit -command `".\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\plugins\${{ inputs.plugin-name }}\tools\install_demo_configuration.bat -y -i -c -t`""
-        Add-Content -Path .\setup.bat -Value "echo plugins.security.unsupported.restapi.allow_securityconfig_modification: true >> .\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\config\opensearch.yml"
-        Add-Content -Path .\setup.bat -Value "echo cluster.routing.allocation.disk.threshold_enabled: false >> .\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\config\opensearch.yml"
-        Get-Content .\setup.bat
-      shell: pwsh
+        -Ddest=${{ inputs.download-location }}.zip
+      shell: bash
@@ -34,6 +34,7 @@ runs:
         opensearch-version: ${{ env.OPENSEARCH_VERSION }}
         plugin-name: ${{ env.PLUGIN_NAME }}
         plugin-version: ${{ env.PLUGIN_VERSION }}
+        download-location: ${{ env.PLUGIN_NAME }}
 
     - name: Run Opensearch with A Single Plugin
       uses: derek-ho/start-opensearch@v2

@@ -0,0 +1,49 @@
+name: E2E multi datasources disabled workflow
+
+on: [ push, pull_request ]
+
+env:
+  OPENSEARCH_VERSION: '3.0.0'
+  CI: 1
+  # avoid warnings like "tput: No value for $TERM and no -T specified"
+  TERM: xterm
+  PLUGIN_NAME: opensearch-security
+  OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
+
+jobs:
+  tests:
+    name: Run Cypress multidatasources tests
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v3
+
+      # Configure the Dashboard for multi datasources disabled (default)
+      - name: Create OpenSearch Dashboards Config
+        if: ${{ runner.os == 'Linux' }}
+        run: |
+          cat << 'EOT' > opensearch_dashboards_multidatasources.yml
+          server.host: "0.0.0.0"
+          opensearch.hosts: ["https://localhost:9200"]
+          opensearch.ssl.verificationMode: none
+          opensearch.username: "kibanaserver"
+          opensearch.password: "kibanaserver"
+          opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+          opensearch_security.multitenancy.enabled: false
+          opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
+          opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+          opensearch_security.cookie.secure: false
+          data_source.enabled: false
+          home.disableWelcomeScreen: true
+          EOT
+
+      - name: Run Cypress Tests
+        uses: ./.github/actions/run-cypress-tests
+        with:
+          dashboards_config_file: opensearch_dashboards_multidatasources.yml
+          yarn_command: 'yarn cypress:run --browser chrome --headless --env LOGIN_AS_ADMIN=true --spec "test/cypress/e2e/multi-datasources/multi_datasources_disabled.spec.js"'
@@ -0,0 +1,126 @@
+name: E2E multi datasources enabled workflow
+
+on: [ push, pull_request ]
+
+env:
+  OPENSEARCH_VERSION: '3.0.0'
+  CI: 1
+  # avoid warnings like "tput: No value for $TERM and no -T specified"
+  TERM: xterm
+  PLUGIN_NAME: opensearch-security
+  OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
+
+jobs:
+  tests:
+    name: Run Cypress multidatasources tests
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v3
+
+      - name: Set env
+        run: |
+          opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version")
+          plugin_version=$(node -p "require('./package.json').version")
+          echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV
+          echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
+        shell: bash
+
+      # Add Custom Configuration to differentiate between local and remote cluster
+      - name: Create Custom Configuration for Linux
+        if: ${{ runner.os == 'Linux'}}
+        run: |
+          echo "Creating new custom configuration"
+          cat << 'EOT' > config_custom.yml
+          ---
+          _meta:
+            type: "config"
+            config_version: 2
+          config:
+            dynamic:
+              http:
+                anonymous_auth_enabled: false
+              authc:
+                basic_internal_auth_domain:
+                  description: "Authenticate via HTTP Basic against internal users database"
+                  http_enabled: true
+                  transport_enabled: true
+                  order: 0
+                  http_authenticator:
+                    type: basic
+                    challenge: false
+                  authentication_backend:
+                    type: intern
+                saml_auth_domain:
+                  http_enabled: true
+                  transport_enabled: false
+                  order: 1
+                  http_authenticator:
+                    type: saml
+                    challenge: true
+                    config:
+                      idp:
+                        entity_id: urn:example:idp
+                        metadata_url: http://localhost:7000/metadata
+                      sp:
+                        entity_id: https://localhost:9200
+                      kibana_url: http://localhost:5601
+                      exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464
+                  authentication_backend:
+                    type: noop
+          EOT
+
+      - name: Download security plugin and create setup scripts
+        uses: ./.github/actions/download-plugin
+        with:
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugin-name: ${{ env.PLUGIN_NAME }}
+          plugin-version: ${{ env.PLUGIN_VERSION }}
+          download-location: ${{env.PLUGIN_NAME}}
+
+      - name: Run Opensearch with A Single Plugin
+        uses: derek-ho/start-opensearch@graceful-t
+        with:
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugins: "file:$(pwd)/opensearch-security.zip"
+          security-enabled: true
+          admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
+          security_config_file: config_custom.yml
+          port: 9202
+
+      - name: Check OpenSearch is running
+          # Verify that the server is operational
+        run: |
+          curl https://localhost:9202/_cat/plugins -v -u admin:myStrongPassword123! -k
+        shell: bash
+
+      # Configure the Dashboard for multi datasources
+      - name: Create OpenSearch Dashboards Config
+        if: ${{ runner.os == 'Linux' }}
+        run: |
+          cat << 'EOT' > opensearch_dashboards_multidatasources.yml
+          server.host: "localhost"
+          opensearch.hosts: ["https://localhost:9200"]
+          opensearch.ssl.verificationMode: none
+          opensearch.username: "kibanaserver"
+          opensearch.password: "kibanaserver"
+          opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+          opensearch_security.multitenancy.enabled: true
+          opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
+          opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+          opensearch_security.cookie.secure: false
+          data_source.enabled: true
+          home.disableWelcomeScreen: true
+          data_source.ssl.verificationMode: none
+          EOT
+
+      - name: Run Cypress Tests
+        uses: ./.github/actions/run-cypress-tests
+        with:
+          dashboards_config_file: opensearch_dashboards_multidatasources.yml
+          yarn_command: 'yarn cypress:run --browser chrome --headless --env LOGIN_AS_ADMIN=true --spec "test/cypress/e2e/multi-datasources/multi_datasources_enabled.spec.js"'
@@ -44,6 +44,7 @@ jobs:
           opensearch-version: ${{ env.OPENSEARCH_VERSION }}
           plugin-name: ${{ env.PLUGIN_NAME }}
           plugin-version: ${{ env.PLUGIN_VERSION }}
+          download-location: ${{ env.PLUGIN_NAME }}
 
       - name: Run Opensearch with security
         uses: derek-ho/start-opensearch@v2

@@ -44,6 +44,7 @@ jobs:
           opensearch-version: ${{ env.OPENSEARCH_VERSION }}
           plugin-name: ${{ env.PLUGIN_NAME }}
           plugin-version: ${{ env.PLUGIN_VERSION }}
+          download-location: ${{ env.PLUGIN_NAME }}
 
       - name: Run Opensearch with security
         uses: derek-ho/start-opensearch@v2

@@ -6,7 +6,7 @@ env:
   TEST_BROWSER_HEADLESS: 1
   CI: 1
   PLUGIN_NAME: opensearch-security
-  OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
+  OPENSEARCH_INITIAL_ADMIN_PASSWORD: admin
 
 jobs:
   tests:
@@ -15,6 +15,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [ ubuntu-latest , windows-latest ]
+        os_bwc_version: [2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.11.0, 2.12.0, 3.0.0]
     runs-on: ${{ matrix.os }}
 
     steps:
@@ -34,12 +35,36 @@ jobs:
           echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
         shell: bash
 
-      - name: Download security plugin and create setup scripts
+      - name: Download security plugin and create setup scripts for remote cluster
+        uses: ./.github/actions/download-plugin
+        with:
+          opensearch-version: ${{ matrix.os_bwc_version }}
+          plugin-name: ${{ env.PLUGIN_NAME }}
+          download-location: ${{env.PLUGIN_NAME}}-${{matrix.os_bwc_version}}
+          plugin-version: ${{matrix.os_bwc_version}}.0
+
+      - name: Download security plugin and create setup scripts for local cluster
         uses: ./.github/actions/download-plugin
         with:
           opensearch-version: ${{ env.OPENSEARCH_VERSION }}
           plugin-name: ${{ env.PLUGIN_NAME }}
+          download-location: ${{env.PLUGIN_NAME}}
           plugin-version: ${{ env.PLUGIN_VERSION }}
+
+      - name: Run Opensearch with A Single Plugin Remote Cluster
+        uses: derek-ho/start-opensearch@graceful-t
+        with:
+          opensearch-version: ${{ matrix.os_bwc_version }}
+          plugins: "file:$(pwd)/opensearch-security-${{matrix.os_bwc_version}}.zip"
+          security-enabled: true
+          admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
+          security_config_file: ${{ inputs.security_config_file }}
+          port: 9202
+
+      - name: Check OpenSearch remote is running
+        run: |
+          curl https://localhost:9202/_cat/plugins -v -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k
+        shell: bash
 
       - name: Run Opensearch with security
         uses: derek-ho/start-opensearch@v2

@@ -36,6 +36,7 @@ jobs:
           opensearch-version: ${{ env.OPENSEARCH_VERSION }}
           plugin-name: ${{ env.PLUGIN_NAME }}
           plugin-version: ${{ env.PLUGIN_VERSION }}
+          download-location: ${{ env.PLUGIN_NAME }}
 
       - name: Run Opensearch with security
         uses: derek-ho/start-opensearch@v2

@@ -32,4 +32,5 @@ module.exports = defineConfig({
     adminUserName: 'admin',
     adminPassword: 'myStrongPassword123!',
   },
+  experimentalMemoryManagement: true,
 });
@@ -10,7 +10,9 @@
     "savedObjectsManagement"
   ],
   "optionalPlugins": [
-    "managementOverview"
+    "managementOverview",
+    "dataSource",
+    "dataSourceManagement"
   ],
   "server": true,
   "ui": true

@@ -21,15 +21,15 @@
 import { AccountInfo } from './types';
 
 export function fetchAccountInfo(http: HttpStart): Promise<AccountInfo> {
-  return httpGet(http, API_ENDPOINT_ACCOUNT_INFO);
+  return httpGet({ http, url: API_ENDPOINT_ACCOUNT_INFO });
 }
 
 export async function fetchAccountInfoSafe(http: HttpStart): Promise<AccountInfo | undefined> {
-  return httpGetWithIgnores<AccountInfo>(http, API_ENDPOINT_ACCOUNT_INFO, [401]);
+  return httpGetWithIgnores<AccountInfo>({ http, url: API_ENDPOINT_ACCOUNT_INFO, ignores: [401] });
 }
 
 export async function logout(http: HttpStart, logoutUrl?: string): Promise<void> {
-  await httpPost(http, API_AUTH_LOGOUT);
+  await httpPost({ http, url: API_AUTH_LOGOUT });
   setShouldShowTenantPopup(null);
   // Clear everything in the sessionStorage since they can contain sensitive information
   sessionStorage.clear();
@@ -52,8 +52,12 @@
   newPassword: string,
   currentPassword: string
 ): Promise<void> {
-  await httpPost(http, API_ENDPOINT_ACCOUNT_INFO, {
-    password: newPassword,
-    current_password: currentPassword,
+  await httpPost({
+    http,
+    url: API_ENDPOINT_ACCOUNT_INFO,
+    body: {
+      password: newPassword,
+      current_password: currentPassword,
+    },
   });
 }