Run cypress tests with security (#1202)

* Revert "Use admin cert and key when deleting system indices for cypress test cleanup (#1174)" This reverts commit a343286. Signed-off-by: Craig Perkins <[email protected]> * Run Cypress Tests with security Signed-off-by: Craig Perkins <[email protected]> * Create re-usable action Signed-off-by: Craig Perkins <[email protected]> * Checkout branch Signed-off-by: Craig Perkins <[email protected]> * Add shell Signed-off-by: Craig Perkins <[email protected]> * Use quotes Signed-off-by: Craig Perkins <[email protected]> * Specify openSearchUrl Signed-off-by: Craig Perkins <[email protected]> * Remove shell Signed-off-by: Craig Perkins <[email protected]> * Add security settings to dashboards config Signed-off-by: Craig Perkins <[email protected]> * Change location Signed-off-by: Craig Perkins <[email protected]> * Update location Signed-off-by: Craig Perkins <[email protected]> * Install security dashboards plugin Signed-off-by: Craig Perkins <[email protected]> * Fix indentation error Signed-off-by: Craig Perkins <[email protected]> * shell Signed-off-by: Craig Perkins <[email protected]> * Run osd bootstrap Signed-off-by: Craig Perkins <[email protected]> * Specify repository Signed-off-by: Craig Perkins <[email protected]> * Reduce time and update creds Signed-off-by: Craig Perkins <[email protected]> * Use GET /_tasks/<task_id> instead of direct access to system index Signed-off-by: Craig Perkins <[email protected]> * Fix unit tests Signed-off-by: Craig Perkins <[email protected]> * Update snapshots Signed-off-by: Craig Perkins <[email protected]> * Revert "Update snapshots" This reverts commit ce34314. Signed-off-by: Craig Perkins <[email protected]> * Add trailing slash Signed-off-by: Craig Perkins <[email protected]> * Don't copy sec-dashboards-plugin if not running with security Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]> Signed-off-by: Craig Perkins <[email protected]>
opensearch-project · Nov 4, 2024 · b1d7301 · b1d7301
1 parent 740655b
commit b1d7301
Show file tree

Hide file tree

Showing 20 changed files with 340 additions and 240 deletions.
diff --git a/.github/actions/run-cypress-tests/action.yaml b/.github/actions/run-cypress-tests/action.yaml
@@ -0,0 +1,152 @@
+name: 'Runs the cypress test suite'
+description: 'Re-usable workflow to run cypress tests against a cluster with or without security'
+
+inputs:
+  with-security:
+    description: 'Whether security should be installed on the cluster the tests are run with'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up JDK
+      uses: actions/setup-java@v1
+      with:
+        # TODO: Parse this from index management plugin
+        java-version: 21
+    - name: Checkout index management
+      uses: actions/checkout@v2
+      with:
+        path: index-management
+        repository: opensearch-project/index-management
+        ref: 'main'
+    - name: Run opensearch with plugin
+      shell: bash
+      if: ${{ inputs.with-security == 'false' }}
+      run: |
+        cd index-management
+        ./gradlew run -Dopensearch.version=${{ env.OPENSEARCH_VERSION }} &
+        sleep 300
+      # timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9200)" != "200" ]]; do sleep 5; done'
+    - name: Run opensearch with plugin
+      shell: bash
+      if: ${{ inputs.with-security == 'true' }}
+      run: |
+        cd index-management
+        ./gradlew run -Dopensearch.version=${{ env.OPENSEARCH_VERSION }} -Dsecurity=true -Dhttps=true &
+        sleep 300
+      # timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9200)" != "200" ]]; do sleep 5; done'
+    - name: Checkout Index Management Dashboards plugin
+      uses: actions/checkout@v2
+      with:
+        path: index-management-dashboards-plugin
+    - name: Checkout Security Dashboards plugin
+      uses: actions/checkout@v2
+      with:
+        repository: opensearch-project/security-dashboards-plugin
+        path: security-dashboards-plugin
+        ref: ${{ env.OPENSEARCH_DASHBOARDS_VERSION }}
+    - name: Checkout OpenSearch-Dashboards
+      uses: actions/checkout@v2
+      with:
+        repository: opensearch-project/OpenSearch-Dashboards
+        path: OpenSearch-Dashboards
+        ref: ${{ env.OPENSEARCH_DASHBOARDS_VERSION }}
+    - name: Setup Node
+      uses: actions/setup-node@v3
+      with:
+        node-version-file: './OpenSearch-Dashboards/.nvmrc'
+        registry-url: 'https://registry.npmjs.org'
+    - name: Install Yarn
+      # Need to use bash to avoid having a windows/linux specific step
+      shell: bash
+      run: |
+        YARN_VERSION=$(node -p "require('./OpenSearch-Dashboards/package.json').engines.yarn")
+        echo "Installing yarn@$YARN_VERSION"
+        npm i -g yarn@$YARN_VERSION
+    - run: node -v
+      shell: bash
+    - run: yarn -v
+      shell: bash
+    - name: Configure OpenSearch Dashboards for cypress
+      shell: bash
+      if: ${{ inputs.with-security == 'true' }}
+      run: |
+        cat << 'EOT' > ./OpenSearch-Dashboards/config/opensearch_dashboards.yml
+        server.host: "0.0.0.0"
+        opensearch.hosts: ["https://localhost:9200"]
+        opensearch.ssl.verificationMode: none
+        opensearch.username: "kibanaserver"
+        opensearch.password: "kibanaserver"
+        opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+        opensearch_security.multitenancy.enabled: true
+        opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
+        opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+        opensearch_security.cookie.secure: false
+        EOT
+    - name: Print Dashboards Config
+      shell: bash
+      if: ${{ inputs.with-security == 'true' }}
+      run: |
+        cat ./OpenSearch-Dashboards/config/opensearch_dashboards.yml
+    - name: Bootstrap plugin/OpenSearch-Dashboards
+      shell: bash
+      if: ${{ inputs.with-security == 'false' }}
+      run: |
+        mkdir -p OpenSearch-Dashboards/plugins
+        mv index-management-dashboards-plugin OpenSearch-Dashboards/plugins
+    - name: Bootstrap plugin/OpenSearch-Dashboards
+      shell: bash
+      if: ${{ inputs.with-security == 'true' }}
+      run: |
+        mkdir -p OpenSearch-Dashboards/plugins
+        mv index-management-dashboards-plugin OpenSearch-Dashboards/plugins
+        mv security-dashboards-plugin OpenSearch-Dashboards/plugins
+    - name: Bootstrap the OpenSearch Dashboard
+      uses: nick-fields/retry@v2
+      with:
+        timeout_minutes: 20
+        max_attempts: 2
+        command: yarn --cwd OpenSearch-Dashboards osd bootstrap --oss --single-version=loose
+    - name: Compile OpenSearch Dashboards
+      shell: bash
+      run: |
+        cd OpenSearch-Dashboards
+        node scripts/build_opensearch_dashboards_platform_plugins --no-examples --workers=10 --verbose
+    - name: Run OpenSearch-Dashboards server
+      shell: bash
+      run: |
+        cd OpenSearch-Dashboards
+        yarn start --no-base-path --no-watch --server.host="0.0.0.0" &
+        sleep 30
+      # in main branch, OSD server requires more time to bundle and bootstrap
+      # timeout 300 bash -c 'while [[ "$(curl -s localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done'
+    # for now just chrome, use matrix to do all browsers later
+    - name: Cypress tests
+      uses: cypress-io/github-action@v2
+      if: ${{ inputs.with-security == 'false' }}
+      with:
+        working-directory: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin
+        command: yarn run cypress run
+        wait-on: 'http://localhost:5601'
+        browser: chrome
+    - name: Cypress tests
+      uses: cypress-io/github-action@v2
+      if: ${{ inputs.with-security == 'true' }}
+      with:
+        working-directory: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin
+        command: yarn run cypress run --env SECURITY_ENABLED=true,openSearchUrl=https://localhost:9200,WAIT_FOR_LOADER_BUFFER_MS=500
+        wait-on: 'http://localhost:5601'
+        browser: chrome
+    # Screenshots are only captured on failure, will change this once we do visual regression tests
+    - uses: actions/upload-artifact@v3
+      if: failure()
+      with:
+        name: cypress-screenshots
+        path: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin/cypress/screenshots
+    # Test run video was always captured, so this action uses "always()" condition
+    - uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: cypress-videos
+        path: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin/cypress/videos
diff --git a/.github/workflows/cypress-with-security-workflow.yml b/.github/workflows/cypress-with-security-workflow.yml
@@ -0,0 +1,27 @@
+name: E2E tests workflow
+on:
+  pull_request:
+    branches:
+      - "*"
+  push:
+    branches:
+      - "*"
+env:
+  OPENSEARCH_DASHBOARDS_VERSION: 'main'
+  OPENSEARCH_VERSION: '3.0.0-SNAPSHOT'
+jobs:
+  tests:
+    name: Run Cypress E2E tests with security
+    runs-on: ubuntu-latest
+    env:
+      # prevents extra Cypress installation progress messages
+      CI: 1
+      # avoid warnings like "tput: No value for $TERM and no -T specified"
+      TERM: xterm
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v3
+      - id: run-cypress-tests
+        uses: ./.github/actions/run-cypress-tests
+        with:
+          with-security: true
diff --git a/.github/workflows/cypress-workflow.yml b/.github/workflows/cypress-workflow.yml
@@ -19,77 +19,9 @@ jobs:
       # avoid warnings like "tput: No value for $TERM and no -T specified"
       TERM: xterm
     steps:
-      - name: Set up JDK
-        uses: actions/setup-java@v1
+      - name: Checkout Branch
+        uses: actions/checkout@v3
+      - id: run-cypress-tests
+        uses: ./.github/actions/run-cypress-tests
         with:
-          # TODO: Parse this from index management plugin
-          java-version: 21
-      - name: Checkout index management
-        uses: actions/checkout@v2
-        with:
-          path: index-management
-          repository: opensearch-project/index-management
-          ref: 'main'
-      - name: Run opensearch with plugin
-        run: |
-          cd index-management
-          ./gradlew run -Dopensearch.version=${{ env.OPENSEARCH_VERSION }} &
-          sleep 300
-        # timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9200)" != "200" ]]; do sleep 5; done'
-      - name: Checkout Index Management Dashboards plugin
-        uses: actions/checkout@v2
-        with:
-          path: index-management-dashboards-plugin
-      - name: Checkout OpenSearch-Dashboards
-        uses: actions/checkout@v2
-        with:
-          repository: opensearch-project/OpenSearch-Dashboards
-          path: OpenSearch-Dashboards
-          ref: ${{ env.OPENSEARCH_DASHBOARDS_VERSION }}
-      - name: Setup Node
-        uses: actions/setup-node@v3
-        with:
-          node-version-file: './OpenSearch-Dashboards/.nvmrc'
-          registry-url: 'https://registry.npmjs.org'
-      - name: Install Yarn
-        # Need to use bash to avoid having a windows/linux specific step
-        shell: bash
-        run: |
-          YARN_VERSION=$(node -p "require('./OpenSearch-Dashboards/package.json').engines.yarn")
-          echo "Installing yarn@$YARN_VERSION"
-          npm i -g yarn@$YARN_VERSION
-      - run: node -v
-      - run: yarn -v
-      - name: Bootstrap plugin/OpenSearch-Dashboards
-        run: |
-          mkdir -p OpenSearch-Dashboards/plugins
-          mv index-management-dashboards-plugin OpenSearch-Dashboards/plugins
-          cd OpenSearch-Dashboards/plugins/index-management-dashboards-plugin
-          yarn osd bootstrap
-      - name: Run OpenSearch-Dashboards server
-        run: |
-          cd OpenSearch-Dashboards
-          yarn start --no-base-path --no-watch --server.host="0.0.0.0" &
-          sleep 420
-        # in main branch, OSD server requires more time to bundle and bootstrap
-        # timeout 300 bash -c 'while [[ "$(curl -s localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done'
-      # for now just chrome, use matrix to do all browsers later
-      - name: Cypress tests
-        uses: cypress-io/github-action@v2
-        with:
-          working-directory: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin
-          command: yarn run cypress run
-          wait-on: 'http://localhost:5601'
-          browser: chrome
-      # Screenshots are only captured on failure, will change this once we do visual regression tests
-      - uses: actions/upload-artifact@v3
-        if: failure()
-        with:
-          name: cypress-screenshots
-          path: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin/cypress/screenshots
-      # Test run video was always captured, so this action uses "always()" condition
-      - uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: cypress-videos
-          path: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin/cypress/videos
+          with-security: false
diff --git a/cypress.json b/cypress.json
@@ -1,14 +1,48 @@
 {
-  "defaultCommandTimeout": 60000,
-  "requestTimeout": 60000,
-  "responseTimeout": 60000,
-  "baseUrl": "http://localhost:5601",
-  "viewportWidth": 2000,
-  "viewportHeight": 1320,
-  "env": {
-    "openSearchUrl": "http://localhost:9200",
-    "SECURITY_ENABLED": false,
-    "username": "admin",
-    "password": "admin"
-  }
-}
+    "defaultCommandTimeout": 60000,
+    "requestTimeout": 60000,
+    "responseTimeout": 60000,
+    "baseUrl": "http://localhost:5601",
+    "viewportWidth": 2000,
+    "viewportHeight": 1320,
+    "env":
+    {
+        "openSearchUrl": "http://localhost:9200",
+        "SECURITY_ENABLED": false,
+        "username": "admin",
+        "password": "admin"
+    },
+    "clientCertificates":
+    [
+        {
+            "url": "https://localhost:9200/.opendistro-ism*",
+            "ca":
+            [
+                "cypress/resources/root-ca.pem"
+            ],
+            "certs":
+            [
+                {
+                    "cert": "cypress/resources/kirk.pem",
+                    "key": "cypress/resources/kirk-key.pem",
+                    "passphrase": ""
+                }
+            ]
+        },
+        {
+            "url": "https://localhost:9200/.opendistro-ism-config/_update_by_query/",
+            "ca":
+            [
+                "cypress/resources/root-ca.pem"
+            ],
+            "certs":
+            [
+                {
+                    "cert": "cypress/resources/kirk.pem",
+                    "key": "cypress/resources/kirk-key.pem",
+                    "passphrase": ""
+                }
+            ]
+        }
+    ]
+}
diff --git a/cypress/plugins/index.js b/cypress/plugins/index.js
@@ -23,10 +23,6 @@
 /**
  * @type {Cypress.PluginConfig}
  */
-
-const fs = require("fs");
-const path = require("path");
-
 module.exports = (on) => {
   //   const options = {
   //     webpackOptions: {
@@ -46,12 +42,4 @@ module.exports = (on) => {
   //   };
   //
   //   on("file:preprocessor", wp(options));
-  on("task", {
-    readCertAndKey() {
-      const cert = fs.readFileSync(path.resolve(__dirname, "../resources/kirk.pem"));
-      const key = fs.readFileSync(path.resolve(__dirname, "../resources/kirk-key.pem"));
-
-      return { cert, key };
-    },
-  });
 };
diff --git a/cypress/resources/kirk-key.pem b/cypress/resources/kirk-key.pem
@@ -25,4 +25,4 @@ nBY2S57MSM11/MVslrEgGmYNnI4r1K25xlaqV6K6ztEJv6n69327MS4NG8L/gCU5
 mQGwy8vIqMjAdHGLrCS35sVYBXG13knS52LJHvbVee39AbD5/LlWvjJGlQMzCLrw
 F7oILW5kXxhb8S73GWcuMbuQMFVHFONbZAZgn+C9FW4l7XyRdkrbR1MRZ2km8YMs
 /AHmo368d4PSNRMMzLHw8Q==
------END PRIVATE KEY-----
+-----END PRIVATE KEY-----
diff --git a/cypress/resources/root-ca.pem b/cypress/resources/root-ca.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIExjCCA66gAwIBAgIUDWQJmWZ9xBTsQUeOt9F5YSPpqOIwDQYJKoZIhvcNAQEL
+BQAwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFt
+cGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYDVQQLDBhFeGFtcGxl
+IENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUgQ29tIEluYy4gUm9v
+dCBDQTAeFw0yNDAyMjAxNzAwMzZaFw0zNDAyMTcxNzAwMzZaMIGPMRMwEQYKCZIm
+iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ
+RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290
+IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEPyN7J9VGPyJcQmCBl5TGwfSzvVdWwoQU
+j9aEsdfFJ6pBCDQSsj8Lv4RqL0dZra7h7SpZLLX/YZcnjikrYC+rP5OwsI9xEE/4
+U98CsTBPhIMgqFK6SzNE5494BsAk4cL72dOOc8tX19oDS/PvBULbNkthQ0aAF1dg
+vbrHvu7hq7LisB5ZRGHVE1k/AbCs2PaaKkn2jCw/b+U0Ml9qPuuEgz2mAqJDGYoA
+WSR4YXrOcrmPuRqbws464YZbJW898/0Pn/U300ed+4YHiNYLLJp51AMkR4YEw969
+VRPbWIvLrd0PQBooC/eLrL6rvud/GpYhdQEUx8qcNCKd4bz3OaQ5AgMBAAGjggEW
+MIIBEjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU
+F4ffoFrrZhKn1dD4uhJFPLcrAJwwgc8GA1UdIwSBxzCBxIAUF4ffoFrrZhKn1dD4
+uhJFPLcrAJyhgZWkgZIwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJ
+k/IsZAEZFgdleGFtcGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYD
+VQQLDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUg
+Q29tIEluYy4gUm9vdCBDQYIUDWQJmWZ9xBTsQUeOt9F5YSPpqOIwDQYJKoZIhvcN
+AQELBQADggEBAL3Q3AHUhMiLUy6OlLSt8wX9I2oNGDKbBu0atpUNDztk/0s3YLQC
+YuXgN4KrIcMXQIuAXCx407c+pIlT/T1FNn+VQXwi56PYzxQKtlpoKUL3oPQE1d0V
+6EoiNk+6UodvyZqpdQu7fXVentRMk1QX7D9otmiiNuX+GSxJhJC2Lyzw65O9EUgG
+1yVJon6RkUGtqBqKIuLksKwEr//ELnjmXit4LQKSnqKr0FTCB7seIrKJNyb35Qnq
+qy9a/Unhokrmdda1tr6MbqU8l7HmxLuSd/Ky+L0eDNtYv6YfMewtjg0TtAnFyQov
+rdXmeq1dy9HLo3Ds4AFz3Gx9076TxcRS/iI=
+-----END CERTIFICATE-----