Finalizes changes for Permissions tab dataSource picker #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: E2E multi datasources enabled workflow | |
| on: [ push, pull_request ] | |
| env: | |
| OPENSEARCH_VERSION: '3.0.0' | |
| CI: 1 | |
| # avoid warnings like "tput: No value for $TERM and no -T specified" | |
| TERM: xterm | |
| PLUGIN_NAME: opensearch-security | |
| OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! | |
| jobs: | |
| tests: | |
| name: Run Cypress multidatasources tests | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest ] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout Branch | |
| uses: actions/checkout@v3 | |
| - name: Set env | |
| run: | | |
| opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version") | |
| plugin_version=$(node -p "require('./package.json').version") | |
| echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV | |
| echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Create remote OpenSearch Config | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| cat << 'EOT' > remote_opensearch.yml | |
| http.port: 9202 | |
| plugins.security.ssl.transport.pemcert_filepath: esnode.pem | |
| plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem | |
| plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem | |
| plugins.security.ssl.transport.enforce_hostname_verification: false | |
| plugins.security.ssl.http.pemcert_filepath: esnode.pem | |
| plugins.security.ssl.http.pemkey_filepath: esnode-key.pem | |
| plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem | |
| plugins.security.allow_unsafe_democertificates: true | |
| plugins.security.allow_default_init_securityindex: true | |
| plugins.security.authcz.admin_dn: | |
| - 'CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA' | |
| plugins.security.nodes_dn: | |
| - 'CN=node1.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA' | |
| - 'CN=node2.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA' | |
| plugins.security.audit.type: internal_opensearch | |
| plugins.security.enable_snapshot_restore_privilege: true | |
| plugins.security.check_snapshot_restore_write_privileges: true | |
| # TODO: change this back to true/just append to the created opensearch.yml the new port | |
| # after the self-signed certs issue is fixed | |
| plugins.security.ssl.http.enabled: false | |
| plugins.security.restapi.roles_enabled: [all_access, security_rest_api_access] | |
| plugins.security.system_indices.enabled: true | |
| plugins.security.system_indices.indices: [.plugins-ml-config, .plugins-ml-connector, | |
| .plugins-ml-model-group, .plugins-ml-model, .plugins-ml-task, .plugins-ml-conversation-meta, | |
| .plugins-ml-conversation-interactions, .plugins-ml-memory-meta, .plugins-ml-memory-message, | |
| .opendistro-alerting-config, .opendistro-alerting-alert*, .opendistro-anomaly-results*, | |
| .opendistro-anomaly-detector*, .opendistro-anomaly-checkpoints, .opendistro-anomaly-detection-state, | |
| .opendistro-reports-*, .opensearch-notifications-*, .opensearch-notebooks, .opensearch-observability, | |
| .ql-datasources, .opendistro-asynchronous-search-response*, .replication-metadata-store, | |
| .opensearch-knn-models, .geospatial-ip2geo-data*, .plugins-flow-framework-config, | |
| .plugins-flow-framework-templates, .plugins-flow-framework-state] | |
| node.max_local_storage_nodes: 3 | |
| EOT | |
| # Add Custom Configuration to differentiate between local and remote cluster | |
| - name: Create Custom Configuration for Linux | |
| if: ${{ runner.os == 'Linux'}} | |
| run: | | |
| echo "Creating new custom configuration" | |
| cat << 'EOT' > config_custom.yml | |
| --- | |
| _meta: | |
| type: "config" | |
| config_version: 2 | |
| config: | |
| dynamic: | |
| http: | |
| anonymous_auth_enabled: false | |
| authc: | |
| basic_internal_auth_domain: | |
| description: "Authenticate via HTTP Basic against internal users database" | |
| http_enabled: true | |
| transport_enabled: true | |
| order: 0 | |
| http_authenticator: | |
| type: basic | |
| challenge: false | |
| authentication_backend: | |
| type: intern | |
| saml_auth_domain: | |
| http_enabled: true | |
| transport_enabled: false | |
| order: 1 | |
| http_authenticator: | |
| type: saml | |
| challenge: true | |
| config: | |
| idp: | |
| entity_id: urn:example:idp | |
| metadata_url: http://localhost:7000/metadata | |
| sp: | |
| entity_id: https://localhost:9200 | |
| kibana_url: http://localhost:5601 | |
| exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 | |
| authentication_backend: | |
| type: noop | |
| EOT | |
| - name: Download security plugin and create setup scripts | |
| uses: ./.github/actions/download-plugin | |
| with: | |
| opensearch-version: ${{ env.OPENSEARCH_VERSION }} | |
| plugin-name: ${{ env.PLUGIN_NAME }} | |
| plugin-version: ${{ env.PLUGIN_VERSION }} | |
| - name: Run Opensearch with A Single Plugin | |
| uses: derek-ho/start-opensearch@9202 | |
| with: | |
| opensearch-version: ${{ env.OPENSEARCH_VERSION }} | |
| plugins: "file:$(pwd)/opensearch-security.zip" | |
| security-enabled: true | |
| admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} | |
| security_config_file: config_custom.yml | |
| opensearch_yml_file: remote_opensearch.yml | |
| opensearch_port: 9202 | |
| - name: Check OpenSearch is running | |
| # Verify that the server is operational | |
| run: | | |
| curl http://localhost:9202/_cat/plugins -v -u admin:myStrongPassword123! | |
| shell: bash | |
| # Configure the Dashboard for multi datasources | |
| - name: Create OpenSearch Dashboards Config | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| cat << 'EOT' > opensearch_dashboards_multidatasources.yml | |
| server.host: "localhost" | |
| opensearch.hosts: ["https://localhost:9200"] | |
| opensearch.ssl.verificationMode: none | |
| opensearch.username: "kibanaserver" | |
| opensearch.password: "kibanaserver" | |
| opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] | |
| opensearch_security.multitenancy.enabled: true | |
| opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] | |
| opensearch_security.readonly_mode.roles: ["kibana_read_only"] | |
| opensearch_security.cookie.secure: false | |
| data_source.enabled: true | |
| home.disableWelcomeScreen: true | |
| EOT | |
| - name: Run Cypress Tests | |
| uses: ./.github/actions/run-cypress-tests | |
| with: | |
| dashboards_config_file: opensearch_dashboards_multidatasources.yml | |
| yarn_command: 'yarn cypress:run --browser chrome --headed --env LOGIN_AS_ADMIN=true --spec "test/cypress/e2e/multi-datasources/multi_datasources_enabled.spec.js"' |