opensearch-project · leanneeliatra · Jun 25, 2022 · Jun 27, 2022 · Jun 27, 2022 · Jul 6, 2022
@@ -0,0 +1,45 @@
+name: 'Download Security Plugin'
+description: 'Installs OpenSearch Dashboard with a Plugin from github, then checkouts the correct dashboards version for the plugin, configures npm/yarn, and bootstraps Dashboards'
+
+inputs:
+  opensearch-version:
+    description: 'The version of OpenSearch that should be used, e.g "2.6.0"'
+    required: true
+
+  plugin-name:
+    description: 'The the name of the plugin to use, such as opensearch-security'
+    required: true
+
+  plugin-version:
+    description: 'The version of security plugin that should be used, e.g "2.6.0.0"'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - run: |
+        mvn dependency:get \
+        -DremoteRepositories=https://aws.oss.sonatype.org/content/repositories/snapshots/ \
+        -Dartifact=org.opensearch.plugin:${{ inputs.plugin-name }}:${{ inputs.plugin-version }}-SNAPSHOT:zip \
+        -Dtransitive=false \
+        -Ddest=${{ inputs.plugin-name }}.zip
+      shell: bash
+
+    - name: Create Setup Script for Linux
+      if: ${{ runner.os == 'Linux' }}
+      run: |
+        cat > setup.sh <<'EOF'
+        chmod +x  ./opensearch-${{ inputs.opensearch-version}}-SNAPSHOT/plugins/${{ inputs.plugin-name }}/tools/install_demo_configuration.sh 
+        /bin/bash -c "yes | ./opensearch-${{ inputs.opensearch-version}}-SNAPSHOT/plugins/${{ inputs.plugin-name }}/tools/install_demo_configuration.sh"
+        echo "plugins.security.unsupported.restapi.allow_securityconfig_modification: true" >> ./opensearch-${{ inputs.opensearch-version }}-SNAPSHOT/config/opensearch.yml
+        EOF
+      shell: bash
+
+    - name: Create Setup Script for Windows
+      if: ${{ runner.os == 'Windows' }}
+      run: |
+        New-Item .\setup.bat -type file
+        Set-Content .\setup.bat -Value "powershell.exe -noexit -command `".\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\plugins\${{ inputs.plugin-name }}\tools\install_demo_configuration.bat -y -i -c`""
+        Add-Content -Path .\setup.bat -Value "echo plugins.security.unsupported.restapi.allow_securityconfig_modification: true >> .\opensearch-${{ inputs.opensearch-version}}-SNAPSHOT\config\opensearch.yml"
+        Get-Content .\setup.bat
+      shell: pwsh
@@ -0,0 +1,81 @@
+name: 'Install Dashboards with Plugin'
+description: 'Installs OpenSearch Dashboard with a Plugin from github, then checkouts the correct dashboards version for the plugin, configures npm/yarn, and bootstraps Dashboards'
+
+inputs:
+  plugin_name:
+    description: 'The the name of the plugin to use, such as security-dashboards-plugin'
+    required: true
+
+outputs:
+  dashboards-directory:
+    description: "The directory where the dashboards has been configured"
+    value: ${{ steps.determine-dashboards-directory.outputs.dashboards-directory }}
+
+  plugin-directory:
+    description: "The directory where the plugin has been configured"
+    value: ${{ steps.determine-plugin-directory.outputs.plugin-directory }}
+
+runs:
+  using: "composite"
+  steps:
+    - id: determine-dashboards-directory
+      run: echo "dashboards-directory=OpenSearch-Dashboards"  >> $GITHUB_OUTPUT
+      shell: bash
+
+    - id: determine-plugin-directory
+      run: echo "::set-output name=plugin-directory::./OpenSearch-Dashboards/plugins/${{ inputs.plugin_name }}"
+      shell: bash
+
+    - uses: actions/checkout@v2
+      with:
+        path: OpenSearch-Dashboards
+        repository: opensearch-project/OpenSearch-Dashboards
+        ref: 'main'
+        fetch-depth: 0
+
+    - uses: actions/checkout@v2
+      with:
+        path: ${{ steps.determine-plugin-directory.outputs.plugin-directory }}
+
+    - id: osd-version
+      run: |
+        echo "::set-output name=osd-version::$(cat package.json | jq '.opensearchDashboards.version' | cut -c 2-4)"
+        echo "::set-output name=osd-x-version::$(cat package.json | jq '.opensearchDashboards.version' | cut -c 2-3)"
+      working-directory: ${{ steps.determine-plugin-directory.outputs.plugin-directory }}
+      shell: bash
+
+    - id: branch-switch-if-possible
+      continue-on-error: true # Defaults onto main if the branch switch doesn't work
+      if: ${{ steps.osd-version.outputs.osd-version }}
+      run: git checkout ${{ steps.osd-version.outputs.osd-version }} || git checkout ${{ steps.osd-version.outputs.osd-x-version }}x
+      working-directory: ./OpenSearch-Dashboards
+      shell: bash
+
+    - id: tool-versions
+      run: |
+        echo "node_version=$(cat .node-version)" >> $GITHUB_OUTPUT
+        echo "yarn_version=$(jq -r '.engines.yarn' package.json)" >> $GITHUB_OUTPUT
+      working-directory: OpenSearch-Dashboards
+      shell: bash
+
+    - uses: actions/setup-node@v1
+      with:
+        node-version: ${{ steps.tool-versions.outputs.node_version }}
+        registry-url: 'https://registry.npmjs.org'
+
+    - name: Setup Opensearch Dashboards
+      run: |
+        npm uninstall -g yarn
+        echo "Installing yarn ${{ steps.tool-versions.outputs.yarn_version }}"
+        npm i -g yarn@${{ steps.tool-versions.outputs.yarn_version }}
+        yarn cache clean
+        yarn add sha.js
+      working-directory: OpenSearch-Dashboards
+      shell: bash
+
+    - name: Bootstrap the OpenSearch Dashboard
+      uses: nick-fields/retry@v2
+      with:
+        timeout_minutes: 20
+        max_attempts: 2
+        command: yarn --cwd OpenSearch-Dashboards osd bootstrap --oss
@@ -0,0 +1,72 @@
+name: Cypress Tests
+
+on: [ push, pull_request ]
+
+env:
+  TEST_BROWSER_HEADLESS: 1
+  CI: 1
+  FTR_PATH: 'ftr'
+  START_CMD: 'node ../scripts/opensearch_dashboards --dev --no-base-path --no-watch --opensearch_security.multitenancy.enable_aggregation_view=true'
+  OPENSEARCH_SNAPSHOT_CMD: 'node ../scripts/opensearch snapshot'
+  SPEC: 'cypress/integration/plugins/security-dashboards-plugin/aggregation_view.js,'
+  OPENSEARCH_VERSION: 2.6.0
+  PLUGIN_NAME: opensearch-security
+  PLUGIN_VERSION: 2.6.0.0
+
+jobs:
+  tests:
+    name: Run Cypress tests
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest , windows-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+
+      - name: Checkout Branch
+        uses: actions/checkout@v3
+
+      - name: Download security plugin and create setup scripts
+        uses: ./.github/actions/download-plugin
+        with:
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugin-name: ${{ env.PLUGIN_NAME }}
+          plugin-version: ${{ env.PLUGIN_VERSION }}
+
+      - name: Run Opensearch with A Single Plugin
+        uses: opensearch-project/security/.github/actions/start-opensearch-with-one-plugin@main
+        with:
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugin-name: ${{ env.PLUGIN_NAME }}
+          setup-script-name: setup
+
+      - name: Run Dashboard with Security Dashboards Plugin
+        uses: ./.github/actions/install-dashboards
+        with:
+          plugin_name: security-dashboards-plugin
+
+      - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases
+        run: |
+          cd ./OpenSearch-Dashboards
+          echo 'server.host: "0.0.0.0"' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml
+          echo 'opensearch_security.multitenancy.enable_aggregation_view: true' >> ./config/opensearch_dashboards.yml
+          nohup yarn start --no-base-path --no-watch &
+          sleep 500
+          git clone https://github.com/opensearch-project/opensearch-dashboards-functional-test.git
+          cd opensearch-dashboards-functional-test
+          npm install cypress --save-dev
+          yarn cypress:run-with-security-and-aggregation-view --browser chrome --spec "cypress/integration/plugins/security-dashboards-plugin/aggregation_view.js"
@@ -5,108 +5,81 @@ on: [push, pull_request]
 env:
   TEST_BROWSER_HEADLESS: 1
   CI: 1
+  OPENSEARCH_VERSION: 2.6.0
+  PLUGIN_NAME: opensearch-security
+  PLUGIN_VERSION: 2.6.0.0
 
 jobs:
   tests:
     name: Run integration tests
-    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest , windows-latest ]
+    runs-on: ${{ matrix.os }}
+
     steps:
-      - name: Download OpenSearch Core
-        run: |
-          wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.1.0/latest/linux/x64/tar/builds/opensearch/dist/opensearch-min-2.1.0-linux-x64.tar.gz
-          tar -xzf opensearch-*.tar.gz
-          rm -f opensearch-*.tar.gz
-
-      - name: Download OpenSearch Security Plugin
-        run: wget -O opensearch-security.zip https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.1.0/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip
-
+      - name: Checkout Branch
+        uses: actions/checkout@v3
 
-      - name: Run OpenSearch with plugin
-        run: |
-          cat > os-ep.sh <<EOF
-          yes | opensearch-plugin install file:///docker-host/security-plugin.zip
-          chmod +x plugins/opensearch-security/tools/install_demo_configuration.sh
-          yes | plugins/opensearch-security/tools/install_demo_configuration.sh
-          echo "plugins.security.unsupported.restapi.allow_securityconfig_modification: true" >> /opensearch/config/opensearch.yml
-          chown 1001:1001 -R /opensearch
-          su -c "/opensearch/bin/opensearch" -s /bin/bash opensearch
-          EOF
-          docker build -t opensearch-test:latest -f- . <<EOF
-          FROM ubuntu:latest
-          COPY --chown=1001:1001 os-ep.sh /docker-host/
-          COPY --chown=1001:1001 opensearch-security.zip /docker-host/security-plugin.zip
-          COPY --chown=1001:1001 opensearch* /opensearch/
-          RUN chmod +x /docker-host/os-ep.sh
-          RUN useradd -u 1001 -s /sbin/nologin opensearch
-          ENV PATH="/opensearch/bin:${PATH}"
-          WORKDIR /opensearch/
-          ENTRYPOINT /docker-host/os-ep.sh
-          EOF
-          docker run -d -p 9200:9200 -p 9600:9600 -i opensearch-test:latest
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+
+      - uses: browser-actions/setup-geckodriver@v0.0.0
+      - run: geckodriver --version
 
-      - name: Checkout OpenSearch Dashboard
-        uses: actions/checkout@v2
+      - name: Set up Firefox browser
+        if: ${{ runner.os == 'Linux' }}
+        uses: browser-actions/setup-firefox@v1
+
+      - run: firefox --version
+        if: ${{ runner.os == 'Linux' }}
+
+      # Browser-action version does not work on Windows
+      - name: Set up Firefox browser for Windows
+        if: ${{ runner.os == 'Windows' }}
+        uses: RyanL1997/setup-browser@main
         with:
-          path: OpenSearch-Dashboards
-          repository: opensearch-project/OpenSearch-Dashboards
-          ref: '2.x'
-          fetch-depth: 0
-
-      - name: Create plugins dir
-        run: |
-          cd ./OpenSearch-Dashboards
-          mkdir -p plugins
-
-      - name: Checkout OpenSearch Dashboard Security plugin
-        uses: actions/checkout@v2
+          browser: firefox
+          version: latest
+
+      - name: Download security plugin and create setup scripts
+        uses: ./.github/actions/download-plugin
         with:
-          path: OpenSearch-Dashboards/plugins/security-dashboards-plugin
-          ref: ${{ github.ref }}
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugin-name: ${{ env.PLUGIN_NAME }}
+          plugin-version: ${{ env.PLUGIN_VERSION }}
 
-      - name: Check OpenSearch Running
-        continue-on-error: true
-        run: curl -XGET https://localhost:9200 -u 'admin:admin' -k
+      - name: Run Opensearch with A Single Plugin
+        uses: opensearch-project/security/.github/actions/start-opensearch-with-one-plugin@main
+        with:
+          opensearch-version: ${{ env.OPENSEARCH_VERSION }}
+          plugin-name: ${{ env.PLUGIN_NAME }}
+          setup-script-name: setup
 
-      # - name: Get OpenSearch Dashboards version
-      #   id: osd_version
-      #   run: |
-      #     echo "::set-output name=osd_version::$(jq -r '.opensearchDashboards.version' ./OpenSearch-Dashboards/plugins/security-dashboards-plugin/package.json)"
-
-      # - name: Check OpenSearch Dashboards release tag
-      #   run: |
-      #     cd ./OpenSearch-Dashboards
-      #     git checkout tags/${{ steps.osd_version.outputs.osd_version }} -b v${{ steps.osd_version.outputs.osd_version }}
-
-      - name: Get node and yarn versions
-        id: versions
-        run: |
-          echo "::set-output name=node_version::$(cat ./OpenSearch-Dashboards/.node-version)"
-          echo "::set-output name=yarn_version::$(jq -r '.engines.yarn' ./OpenSearch-Dashboards/package.json)"
-
-      - name: Setup node
-        uses: actions/setup-node@v1
+      - id: install-dashboards
+        uses: ./.github/actions/install-dashboards
         with:
-          node-version: ${{ steps.versions.outputs.node_version }}
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: Install correct yarn version for OpenSearch Dashboards
-        run: |
-          npm uninstall -g yarn
-          echo "Installing yarn ${{ steps.versions_step.outputs.yarn_version }}"
-          npm i -g yarn@${{ steps.versions.outputs.yarn_version }}
-
-      - name: Check OpenSearch Running
-        continue-on-error: true
-        run: curl -XGET https://localhost:9200 -u 'admin:admin' -k
+          plugin_name: security-dashboards-plugin
 
-      - name: Bootstrap OpenSearch Dashboards
-        run: |
-          cd ./OpenSearch-Dashboards
-          yarn osd bootstrap
-
-      - name: Run integration tests
+      - name: Start Dashboards in background
+        run: node scripts/build_opensearch_dashboards_platform_plugins.js
+        working-directory: ${{ steps.install-dashboards.outputs.dashboards-directory }}
+
+      - name: Run integration tests on Linux
+        if: ${{ runner.os == 'Linux' }}
         run: |
           echo "check if opensearch is ready"
           curl -XGET https://localhost:9200 -u 'admin:admin' -k
-          cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin
           yarn test:jest_server --coverage
+        working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }}
+
+      - name: Run integration tests on Windows
+        if: ${{ runner.os == 'Windows' }}
+        run: |
+          echo "check if opensearch is ready"
+          curl -XGET https://localhost:9200 -u 'admin:admin' -k
+          node .\test\run_jest_tests.js --config .\test\jest.config.server.js --testPathIgnorePatterns saml_auth.test.ts
+        working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }}
@@ -0,0 +1,14 @@
+name: Prerequisite Checks
+
+on: [push, pull_request]
+
+jobs:
+  tests:
+    name: Run prerequisite checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for the existence of the OpenSearch Security Plugin artifact
+        env:
+          opensearch_version: 2.5.0
+          opensearch_security_plugin_version: 2.5.0.0
+        run: wget -S --spider https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/${opensearch_version}/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-${opensearch_security_plugin_version}.zip || (echo "Please make sure security plugin has been bumped to the same version and added to manifest." && exit 1)