Skip to content

Forward port CVE fixes to main branch (#2145) #155

Forward port CVE fixes to main branch (#2145)

Forward port CVE fixes to main branch (#2145) #155

name: 'Install Dashboards with Plugin via Binary'
on: [push, pull_request]
env:
OPENSEARCH_VERSION: '3.0.0'
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
jobs:
verify-binary-installation:
name: Run binary installation
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
# TODO: add windows support when OSD core is stable on windows
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Branch
uses: actions/checkout@v3
- name: Set env
run: |
opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version")
plugin_version=$(node -p "require('./package.json').version")
echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV
echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
shell: bash
- name: Download security plugin and create setup scripts
uses: ./.github/actions/download-plugin
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}
download-location: ${{ env.PLUGIN_NAME }}
- name: Run Opensearch with security
uses: derek-ho/start-opensearch@v6
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip"
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
jdk-version: 21
# Configure the Dashboard
- name: Configure OpenSearch Dashboards
run: |
cat << 'EOT' > opensearch-dashboards-config.yml
server.host: "0.0.0.0"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
# Use this setting if you are running opensearch-dashboards without https
opensearch_security.cookie.secure: false
EOT
- name: Run Dashboard with Security Dashboards Plugin
id: setup-dashboards
uses: derek-ho/setup-opensearch-dashboards@v1
with:
plugin_name: security-dashboards-plugin
built_plugin_name: security-dashboards
install_zip: true
opensearch_dashboards_yml: opensearch-dashboards-config.yml
- name: Start the binary
run: |
nohup ./bin/opensearch-dashboards &
working-directory: ${{ steps.setup-dashboards.outputs.dashboards-binary-directory }}
shell: bash
- name: Health check
run: |
timeout 300 bash -c 'while [[ "$(curl -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done'
shell: bash