Skip to content

Commit

Permalink
Run SAML Multi Auth integration tests in Cypress (opensearch-project#…
Browse files Browse the repository at this point in the history
…1729)


Signed-off-by: Craig Perkins <[email protected]>
Co-authored-by: Darshit Chanpura <[email protected]>
  • Loading branch information
cwperks and DarshitChanpura authored Jan 23, 2024
1 parent b38c754 commit a36ef1f
Show file tree
Hide file tree
Showing 8 changed files with 286 additions and 426 deletions.
2 changes: 1 addition & 1 deletion .github/actions/install-dashboards/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ description: 'Installs OpenSearch Dashboard with a Plugin from github, then chec

inputs:
plugin_name:
description: 'The the name of the plugin to use, such as security-dashboards-plugin'
description: 'The name of the plugin to use, such as security-dashboards-plugin'
required: true

outputs:
Expand Down
152 changes: 152 additions & 0 deletions .github/actions/run-cypress-tests/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
name: Run Cypress Tests
description: 'Runs Cypress tests for the security-dashboards-plugin with opensearch_dashboards.yml and security configuration provided'

inputs:
security_config_file:
description: 'Name of the security plugin config file'
required: false
dashboards_config_file:
description: 'Name of OpenSearch Dashboards config file'
required: false
yarn_command:
description: 'The yarn command to start running cypress tests'
required: true

runs:
using: "composite"
steps:
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: 11

- name: Set env
run: |
opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version")
plugin_version=$(node -p "require('./package.json').version")
echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV
echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
shell: bash

- name: Download security plugin and create setup scripts
uses: ./.github/actions/download-plugin
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}

# Download OpenSearch
- name: Download OpenSearch for Linux
uses: peternied/download-file@v2
if: ${{ runner.os == 'Linux' }}
with:
url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz

# Extract downloaded tar/zip
- name: Extract downloaded tar
if: ${{ runner.os == 'Linux' }}
run: |
tar -xzf opensearch-*.tar.gz
rm -f opensearch-*.tar.gz
shell: bash

# Install the security plugin
- name: Install Plugin into OpenSearch for Linux
if: ${{ runner.os == 'Linux'}}
run: |
chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin
/bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip"
shell: bash

- name: Replace demo configuration
if: ${{ runner.os == 'Linux' }}
run: |
if [ -f ${{ inputs.security_config_file }} ]; then
mv ${{ inputs.security_config_file }} ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/config.yml
fi
shell: bash

# Run any configuration scripts
- name: Run Setup Script for Linux
if: ${{ runner.os == 'Linux' }}
run: |
echo "running linux setup"
chmod +x ./setup.sh
./setup.sh
shell: bash

# OSD bootstrap
- name: Run Dashboard with Security Dashboards Plugin
uses: ./.github/actions/install-dashboards
with:
plugin_name: security-dashboards-plugin

- name: Replace dashboards configuration
if: ${{ runner.os == 'Linux' }}
run: |
if [ -f ${{ inputs.dashboards_config_file }} ]; then
mv ${{ inputs.dashboards_config_file }} ./OpenSearch-Dashboards/config/opensearch_dashboards.yml
fi
shell: bash

- name: Run pretest script
if: ${{ runner.os == 'Linux' }}
run: |
cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin
yarn pretest:jest_server
shell: bash

# Run OpenSearch
- name: Run OpenSearch with plugin on Linux
if: ${{ runner.os == 'Linux'}}
run: |
/bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &"
shell: bash

# Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time!
- name: Sleep while OpenSearch starts
uses: peternied/action-sleep@v1
with:
seconds: 30

# Verify that the server is operational
- name: Check OpenSearch Running on Linux
if: ${{ runner.os != 'Windows'}}
run: curl https://localhost:9200/_cat/plugins -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k -v
shell: bash

- if: always()
run: cat ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/logs/opensearch.log
shell: bash

- name: Run OpenSearch Dashboards with provided configuration
if: ${{ runner.os == 'Linux' }}
run: |
cd ./OpenSearch-Dashboards
nohup yarn start --no-base-path --no-watch | tee dashboard.log &
shell: bash

# Check if OSD is ready with a max timeout of 600 seconds
- name : Check If OpenSearch Dashboards Is Ready
if: ${{ runner.os == 'Linux' }}
run: |
cd ./OpenSearch-Dashboards
echo "Start checking OpenSearch Dashboards."
for i in {1..60}; do
if grep -q "bundles compiled successfully after" "dashboard.log"; then
echo "OpenSearch Dashboards compiled successfully."
break
fi
if [ $i -eq 60 ]; then
echo "Timeout for 600 seconds reached. OpenSearch Dashboards did not finish compiling."
exit 1
fi
sleep 10
done
shell: bash

- name: Run Cypress
run : |
yarn add cypress --save-dev
eval ${{ inputs.yarn_command }}
shell: bash
101 changes: 101 additions & 0 deletions .github/workflows/cypress-test-multiauth-e2e.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
name: Snapshot based E2E SAML multi-auth tests workflow

on: [ push, pull_request ]

env:
OPENSEARCH_VERSION: '3.0.0'
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!

jobs:
tests:
name: Run Cypress E2E SAML multi-auth tests
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}

steps:
- name: Checkout Branch
uses: actions/checkout@v3

# Add SAML Configuration
- name: Injecting SAML Configuration for Linux
if: ${{ runner.os == 'Linux'}}
run: |
echo "Creating new SAML configuration"
cat << 'EOT' > config_multiauth.yml
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
entity_id: urn:example:idp
metadata_url: http://localhost:7000/metadata
sp:
entity_id: https://localhost:9200
kibana_url: http://localhost:5601
exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464
authentication_backend:
type: noop
EOT
echo "THIS IS THE SECURITY CONFIG FILE: "
cat config_multiauth.yml
# Configure the Dashboard for SAML setup
- name: Configure OpenSearch Dashboards with multi-auth configuration including SAML
if: ${{ runner.os == 'Linux' }}
run: |
cat << 'EOT' > opensearch_dashboards_multiauth.yml
server.host: "localhost"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]
opensearch_security.auth.type: ["basicauth","saml"]
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.auth.anonymous_auth_enabled: false
home.disableWelcomeScreen: true
EOT
echo 'HERE IS THE DASHBOARD CONFIG FILE: '
cat opensearch_dashboards_multiauth.yml
- name: Run Cypress Tests
uses: ./.github/actions/run-cypress-tests
with:
security_config_file: config_multiauth.yml
dashboards_config_file: opensearch_dashboards_multiauth.yml
yarn_command: 'yarn cypress:run --browser chrome --headless --env loginMethod=saml_multiauth --spec "test/cypress/e2e/saml/*.js"'
Loading

0 comments on commit a36ef1f

Please sign in to comment.