Cypress13 testing frame work for OIDC and SAML #35
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Snapshot based E2E SAML tests workflow | |
| on: | |
| pull_request: | |
| branches: [ '**' ] | |
| env: | |
| OPENSEARCH_VERSION: '3.0.0' | |
| CI: 1 | |
| # avoid warnings like "tput: No value for $TERM and no -T specified" | |
| TERM: xterm | |
| PLUGIN_NAME: opensearch-security | |
| jobs: | |
| tests: | |
| name: Run Cypress E2E SAML tests | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest ] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Set up JDK | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 11 | |
| - name: Checkout Branch | |
| uses: actions/checkout@v3 | |
| - name: Set env | |
| run: | | |
| opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version") | |
| plugin_version=$(node -p "require('./package.json').version") | |
| echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV | |
| echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Download security plugin and create setup scripts | |
| uses: ./.github/actions/download-plugin | |
| with: | |
| opensearch-version: ${{ env.OPENSEARCH_VERSION }} | |
| plugin-name: ${{ env.PLUGIN_NAME }} | |
| plugin-version: ${{ env.PLUGIN_VERSION }} | |
| # Download OpenSearch | |
| - name: Download OpenSearch for Linux | |
| uses: peternied/download-file@v2 | |
| if: ${{ runner.os == 'Linux' }} | |
| with: | |
| url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz | |
| # Extract downloaded tar/zip | |
| - name: Extract downloaded tar | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| tar -xzf opensearch-*.tar.gz | |
| rm -f opensearch-*.tar.gz | |
| shell: bash | |
| # TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT | |
| - name: Write password to initialAdminPassword location | |
| if: ${{ runner.os == 'Linux'}} | |
| run: | |
| echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt | |
| shell: bash | |
| # Install the security plugin | |
| - name: Install Plugin into OpenSearch for Linux | |
| if: ${{ runner.os == 'Linux'}} | |
| run: | | |
| chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin | |
| /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip" | |
| shell: bash | |
| # Add SAML Configuration | |
| - name: Injecting SAML Configuration for Linux | |
| if: ${{ runner.os == 'Linux'}} | |
| run: | | |
| echo "Creating new SAML configuration" | |
| pwd | |
| cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/ | |
| rm -rf config.yml | |
| ls | |
| cat << 'EOT' > config.yml | |
| --- | |
| _meta: | |
| type: "config" | |
| config_version: 2 | |
| config: | |
| dynamic: | |
| http: | |
| anonymous_auth_enabled: false | |
| authc: | |
| basic_internal_auth_domain: | |
| description: "Authenticate via HTTP Basic against internal users database" | |
| http_enabled: true | |
| transport_enabled: true | |
| order: 0 | |
| http_authenticator: | |
| type: basic | |
| challenge: false | |
| authentication_backend: | |
| type: intern | |
| saml_auth_domain: | |
| http_enabled: true | |
| transport_enabled: false | |
| order: 1 | |
| http_authenticator: | |
| type: saml | |
| challenge: true | |
| config: | |
| idp: | |
| entity_id: urn:example:idp | |
| metadata_url: http://localhost:7000/metadata | |
| sp: | |
| entity_id: https://localhost:9200 | |
| kibana_url: http://localhost:5601 | |
| exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 | |
| authentication_backend: | |
| type: noop | |
| EOT | |
| echo "THIS IS THE SECURITY CONFIG FILE: " | |
| cat config.yml | |
| # Run any configuration scripts | |
| - name: Run Setup Script for Linux | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| echo "running linux setup" | |
| chmod +x ./setup.sh | |
| ls | |
| echo "THIS IS THE SETUP SCRIPT !!!" | |
| cat ./setup.sh | |
| ./setup.sh | |
| shell: bash | |
| # Run OpenSearch | |
| - name: Run OpenSearch with plugin on Linux | |
| if: ${{ runner.os == 'Linux'}} | |
| run: | | |
| /bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &" | |
| shell: bash | |
| # Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time! | |
| - name: Sleep while OpenSearch starts | |
| uses: peternied/action-sleep@v1 | |
| with: | |
| seconds: 30 | |
| # Verify that the server is operational | |
| - name: Check OpenSearch Running on Linux | |
| if: ${{ runner.os != 'Windows'}} | |
| run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v | |
| shell: bash | |
| - if: always() | |
| run: cat ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/logs/opensearch.log | |
| shell: bash | |
| # OSD bootstrap | |
| - name: Run Dashboard with Security Dashboards Plugin | |
| uses: ./.github/actions/install-dashboards | |
| with: | |
| plugin_name: security-dashboards-plugin | |
| # Setup and Run SAML Idp | |
| - name: Get and run SAML Idp on Linux | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin | |
| yarn pretest:jest_server | |
| # Configure the Dashboard for SAML setup | |
| - name: Configure and Run OpenSearch Dashboards with SAML Configuration | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| cd ./OpenSearch-Dashboards | |
| echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml | |
| echo 'server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch_security.auth.type: ["saml"]' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml | |
| echo 'opensearch_security.auth.anonymous_auth_enabled: false' >> ./config/opensearch_dashboards.yml | |
| echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml | |
| echo 'HERE IS THE DASHBOARD CONFIG' | |
| cat ./config/opensearch_dashboards.yml | |
| nohup yarn start --no-base-path --no-watch & | |
| sleep 600 | |
| - name: Run Cypress | |
| run : | | |
| yarn add cypress --save-dev | |
| yarn cypress:run --browser chrome --headless --spec '.cypress/e2e/saml/*.js' |