diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 58e1faa50..1582f6d2f 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -13,62 +13,53 @@ jobs: name: Run integration tests runs-on: ubuntu-latest steps: - - name: Set up JDK 14 - uses: actions/setup-java@v1 - with: - java-version: 14 - - - name: Checkout Kibana + - name: Run OpenSearch with plugin + run: | + docker build -t opensearch-test:1.0.0-beta1 -<> config/opensearch.yml + RUN echo "discovery.type: single-node" >> config/opensearch.yml + ENTRYPOINT bin/opensearch + EOF + docker run -d -p 9200:9200 -p 9600:9600 -i opensearch-test:1.0.0-beta1 + + - name: Checkout OpenSearch Dashboard uses: actions/checkout@v2 with: - path: kibana - repository: elastic/kibana + path: OpenSearch-Dashboards + repository: opensearch-project/OpenSearch-Dashboards fetch-depth: 0 - name: Create plugins dir run: | - cd ./kibana + cd ./OpenSearch-Dashboards mkdir -p plugins - - name: Checkout security kibana plugin + - name: Checkout OpenSearch Dashboard Security plugin uses: actions/checkout@v2 with: - path: kibana/plugins/opendistro_security + path: OpenSearch-Dashboards/plugins/security-dashboards-plugin ref: ${{ github.ref }} - - - name: Get Kibana version - id: kbn_version - run: | - echo "::set-output name=kbn_version::$(jq -r '.kibana.version' ./kibana/plugins/opendistro_security/package.json)" - - - name: Get Opendistro version - id: opendistro_version - run: | - echo "::set-output name=opendistro_version::$(jq -r '.version' ./kibana/plugins/opendistro_security/package.json | sed 's/[0-9]*$/0/')" - - name: Run elasticsearch with plugin + - name: Check OpenSearch Running + continue-on-error: true + run: curl -XGET https://localhost:9200 -u 'admin:admin' -k + + - name: Get OpenSearch Dashboards version + id: osd_version run: | - wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-${{ steps.kbn_version.outputs.kbn_version }}-linux-x86_64.tar.gz - tar -xzf elasticsearch-oss-${{ steps.kbn_version.outputs.kbn_version }}-linux-x86_64.tar.gz - cd elasticsearch-${{ steps.kbn_version.outputs.kbn_version }}/ - bin/elasticsearch-plugin install -b https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro-security-${{ steps.opendistro_version.outputs.opendistro_version }}.zip - bash plugins/opendistro_security/tools/install_demo_configuration.sh -y -i - echo 'opendistro_security.unsupported.restapi.allow_securityconfig_modification: true' >> config/elasticsearch.yml - echo $(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -u admin:admin -k) - bin/elasticsearch & - sleep 30 - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' https://localhost:9200 -u admin:admin -k)" != "200" ]]; do echo "ping ElasticSearch..."; sleep 5; done' + echo "::set-output name=osd_version::$(jq -r '.opensearchDashboards.version' ./OpenSearch-Dashboards/plugins/security-dashboards-plugin/package.json)" - - name: Use kibana release commit + - name: Check OpenSearch Dashboards release tag run: | - cd ./kibana - git checkout tags/v${{ steps.kbn_version.outputs.kbn_version }} -b v${{ steps.kbn_version.outputs.kbn_version }} + cd ./OpenSearch-Dashboards + git checkout tags/${{ steps.osd_version.outputs.osd_version }} -b v${{ steps.osd_version.outputs.osd_version }} - name: Get node and yarn versions id: versions run: | - echo "::set-output name=node_version::$(cat ./kibana/.node-version)" - echo "::set-output name=yarn_version::$(jq -r '.engines.yarn' ./kibana/package.json)" + echo "::set-output name=node_version::$(cat ./OpenSearch-Dashboards/.node-version)" + echo "::set-output name=yarn_version::$(jq -r '.engines.yarn' ./OpenSearch-Dashboards/package.json)" - name: Setup node uses: actions/setup-node@v1 @@ -76,18 +67,24 @@ jobs: node-version: ${{ steps.versions.outputs.node_version }} registry-url: 'https://registry.npmjs.org' - - name: Install correct yarn version for Kibana + - name: Install correct yarn version for OpenSearch Dashboards run: | npm uninstall -g yarn echo "Installing yarn ${{ steps.versions_step.outputs.yarn_version }}" npm i -g yarn@${{ steps.versions.outputs.yarn_version }} - - name: Bootstrap Kibana + - name: Check OpenSearch Running + continue-on-error: true + run: curl -XGET https://localhost:9200 -u 'admin:admin' -k + + - name: Bootstrap OpenSearch Dashboards run: | - cd ./kibana - yarn kbn bootstrap --oss + cd ./OpenSearch-Dashboards + yarn osd bootstrap - name: Run integration tests run: | - cd ./kibana/plugins/opendistro_security + echo "check if elasticsearch is ready" + curl -XGET https://localhost:9200 -u 'admin:admin' -k + cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin yarn test:jest_server --coverage diff --git a/.github/workflows/ci.yml b/.github/workflows/unit-test.yml similarity index 98% rename from .github/workflows/ci.yml rename to .github/workflows/unit-test.yml index 47275e7d7..fcdaf271e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/unit-test.yml @@ -1,4 +1,4 @@ -name: CI +name: Unit Tests on: pull_request: @@ -10,7 +10,8 @@ on: - main jobs: - build: + tests: + name: Run unit tests runs-on: ubuntu-latest steps: diff --git a/README.md b/README.md index bc3c03543..e051bfa23 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ -[![CI](https://github.com/opensearch-project/security-dashboards-plugin/workflows/CI/badge.svg?branch=main)](https://github.com/opensearch-project/security-dashboards-plugin/actions) +[![Unit tests](https://github.com/opensearch-project/security-dashboards-plugin/workflows/Unit%20Tests/badge.svg?branch=main)](https://github.com/opensearch-project/security-dashboards-plugin/actions) +[![Integration tests](https://github.com/opensearch-project/security-dashboards-plugin/workflows/Integration%20Tests/badge.svg?branch=main)](https://github.com/opensearch-project/security-dashboards-plugin/actions) [![codecov](https://codecov.io/gh/opensearch-project/security-dashboards-plugin/branch/main/graphs/badge.svg)](https://github.com/opensearch-project/security-dashboards-plugin) # OpenSearch-Dashboards Security Plugin diff --git a/package.json b/package.json index c7dd6fffb..89057736e 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "version": "1.0.0.0-beta1", "main": "target/plugins/opensearch_security_dashboards", "opensearchDashboards": { - "version": "1.0.0", + "version": "1.0.0-beta1", "templateVersion": "1.0.0" }, "license": "Apache-2.0", diff --git a/public/apps/configuration/panels/audit-logging/test/__snapshots__/audit-logging.test.tsx.snap b/public/apps/configuration/panels/audit-logging/test/__snapshots__/audit-logging.test.tsx.snap index 0ce33b794..6e9461e56 100644 --- a/public/apps/configuration/panels/audit-logging/test/__snapshots__/audit-logging.test.tsx.snap +++ b/public/apps/configuration/panels/audit-logging/test/__snapshots__/audit-logging.test.tsx.snap @@ -273,15 +273,15 @@ exports[`Audit logs render when AuditLoggingSettings.enabled is true 1`] = ` grow={false} > - elasticsearch.yml + "internalOpenSearchCode": + internal_opensearch , - "internalElasticsearchCode": - internal_elasticsearch + "opensearchCode": + opensearch.yml , } } diff --git a/test/es/elasticsearch_helper.ts b/test/es/elasticsearch_helper.ts deleted file mode 100644 index 99ae53877..000000000 --- a/test/es/elasticsearch_helper.ts +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -import { existsSync, mkdirSync } from 'fs'; -import { resolve } from 'path'; -import { ChildProcess, exec, execSync } from 'child_process'; -import wreck from '@hapi/wreck'; -import { sleep } from '../helper/sleep'; -import { - OPENSEARCH_DASHBOARDS_SERVER_USER, - OPENSEARCH_DASHBOARDS_SERVER_PASSWORD, - ELASTICSEARCH_VERSION, - SECURITY_ES_PLUGIN_VERSION, -} from '../constant'; - -const PLUGIN_ROOT_DIR = resolve(__dirname, '../..'); -const ES_INSTALL_DIR = resolve(PLUGIN_ROOT_DIR, '.es'); -let esRootDir: string; - -export function downloadElasticsearch(): string { - if (existsSync(ES_INSTALL_DIR)) { - execSync('rm -rf .es', { cwd: PLUGIN_ROOT_DIR }); - } - mkdirSync(ES_INSTALL_DIR); - - console.log('Downloading Elasticsearch...'); - const esDownloadURL = `https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-${ELASTICSEARCH_VERSION}-darwin-x86_64.tar.gz`; - execSync(`curl -o elasticsearch-oss-${ELASTICSEARCH_VERSION}.tar.gz ${esDownloadURL}`, { - cwd: ES_INSTALL_DIR, - }); - execSync(`tar -zxvf elasticsearch-oss-${ELASTICSEARCH_VERSION}.tar.gz`, { - cwd: ES_INSTALL_DIR, - }); - esRootDir = resolve(ES_INSTALL_DIR, `elasticsearch-${ELASTICSEARCH_VERSION}`); - return esRootDir; -} - -export function installEsSecurityPlugin() { - const pluginDir = resolve(esRootDir, 'plugins'); - - if (!existsSync(pluginDir)) { - mkdirSync(pluginDir); - } - execSync( - `yes | bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-${SECURITY_ES_PLUGIN_VERSION}.zip`, - { - cwd: resolve(esRootDir), - } - ); - const installDemoScript = resolve( - pluginDir, - 'opendistro_security/tools/install_demo_configuration.sh' - ); - - execSync(`chmod a+x ${installDemoScript}`, { cwd: esRootDir }); - execSync(`yes | ${installDemoScript}`, { cwd: esRootDir }); - - // allow updating ES security plugin auth configs via API - execSync( - `echo 'opendistro_security.unsupported.restapi.allow_securityconfig_modification: true' >> config/elasticsearch.yml`, - { cwd: esRootDir } - ); -} - -export async function startElasticsearch() { - // start ES process - if (!esRootDir) { - esRootDir = resolve(ES_INSTALL_DIR, `elasticsearch-${ELASTICSEARCH_VERSION}`); - console.log(`Using esRootDir: ${esRootDir}`); - } - - console.log('Starting Elasticsearch...'); - const esCmd = resolve(esRootDir, 'bin/elasticsearch'); - const esProcess = exec(esCmd); - console.log(`Elasticsearch pid: ${esProcess.pid}`); - - // ping ES to make sure ES is up - let countdown = 30; - let pingError; - console.log('Waiting for Elasticsearch to start...'); - const osdServerCredentials = Buffer.from( - `${OPENSEARCH_DASHBOARDS_SERVER_USER}:${OPENSEARCH_DASHBOARDS_SERVER_PASSWORD}` - ); - while (countdown > 0) { - countdown = countdown - 1; - await sleep(5000); - try { - console.log('pinging ES'); - const response = await wreck.get('https://localhost:9200', { - rejectUnauthorized: false, - headers: { - authorization: `Basic ${osdServerCredentials.toString('base64')}`, - }, - }); - if ( - response.res.statusCode && - response.res.statusCode >= 200 && - response.res.statusCode < 300 - ) { - return esProcess; - } - } catch (error) { - pingError = error; - } - } - esProcess.kill('SIGINT'); - throw new Error(`Failed to launch Elasticsearch process. Error: ${pingError}`); -} - -export async function stopElasticsearch(process: ChildProcess) { - console.log('Stopping Elasticsearch'); - process.kill('SIGTERM'); - let countdown = 5; - while (countdown > 0) { - countdown = countdown - 1; - if (!process.killed) { - await sleep(1000); - } else { - return; - } - } - console.log('Force killing Elasticsearch process'); - process.kill('SIGINT'); -} diff --git a/test/es/setup_es.js b/test/es/setup_es.js deleted file mode 100644 index 4723e9ebb..000000000 --- a/test/es/setup_es.js +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -import { downloadElasticsearch, installEsSecurityPlugin } from './elasticsearch_helper'; - -console.log('Preparing Elasticsearch for testing'); -downloadElasticsearch(); -installEsSecurityPlugin(); diff --git a/test/jest_integration/basic_auth.test.ts b/test/jest_integration/basic_auth.test.ts index b4a762a56..803832e5a 100644 --- a/test/jest_integration/basic_auth.test.ts +++ b/test/jest_integration/basic_auth.test.ts @@ -45,7 +45,7 @@ describe('start OpenSearch Dashboards server', () => { username: OPENSEARCH_DASHBOARDS_SERVER_USER, password: OPENSEARCH_DASHBOARDS_SERVER_PASSWORD, }, - opendistro_security: { + opensearch_security: { auth: { anonymous_auth_enabled: true, }, @@ -70,7 +70,7 @@ describe('start OpenSearch Dashboards server', () => { username: OPENSEARCH_DASHBOARDS_SERVER_USER, password: OPENSEARCH_DASHBOARDS_SERVER_PASSWORD, }, - opendistro_security: { + opensearch_security: { auth: { anonymous_auth_enabled: false, }, diff --git a/test/jest_integration/multi_tenancy.test.ts b/test/jest_integration/multi_tenancy.test.ts index 16f469dbb..55e17127c 100644 --- a/test/jest_integration/multi_tenancy.test.ts +++ b/test/jest_integration/multi_tenancy.test.ts @@ -43,7 +43,7 @@ describe('start OpenSearch Dashboards server', () => { username: OPENSEARCH_DASHBOARDS_SERVER_USER, password: OPENSEARCH_DASHBOARDS_SERVER_PASSWORD, }, - opendistro_security: { + opensearch_security: { multitenancy: { enabled: true, tenants: { preferred: ['Private', 'Global'] } }, }, }, diff --git a/test/jest_integration/security_entity_api.test.ts b/test/jest_integration/security_entity_api.test.ts index 604ef939b..22b1b46e0 100644 --- a/test/jest_integration/security_entity_api.test.ts +++ b/test/jest_integration/security_entity_api.test.ts @@ -44,7 +44,7 @@ describe('start OpenSearch Dashboards server', () => { username: OPENSEARCH_DASHBOARDS_SERVER_USER, password: OPENSEARCH_DASHBOARDS_SERVER_PASSWORD, }, - opendistro_security: { + opensearch_security: { multitenancy: { enabled: true, tenants: { preferred: ['Private', 'Global'] } }, }, },