Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 2.x] Run cypress tests with security (#1202) #1204

Draft
wants to merge 1 commit into
base: 2.x
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
152 changes: 152 additions & 0 deletions .github/actions/run-cypress-tests/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
name: 'Runs the cypress test suite'
description: 'Re-usable workflow to run cypress tests against a cluster with or without security'

inputs:
with-security:
description: 'Whether security should be installed on the cluster the tests are run with'
required: true

runs:
using: "composite"
steps:
- name: Set up JDK
uses: actions/setup-java@v1
with:
# TODO: Parse this from index management plugin
java-version: 21
- name: Checkout index management
uses: actions/checkout@v2
with:
path: index-management
repository: opensearch-project/index-management
ref: '2.x'
- name: Run opensearch with plugin
shell: bash
if: ${{ inputs.with-security == 'false' }}
run: |
cd index-management
./gradlew run &
sleep 300
# timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Run opensearch with plugin
shell: bash
if: ${{ inputs.with-security == 'true' }}
run: |
cd index-management
./gradlew run -Dsecurity=true -Dhttps=true &
sleep 300
# timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Checkout Index Management Dashboards plugin
uses: actions/checkout@v2
with:
path: index-management-dashboards-plugin
- name: Checkout Security Dashboards plugin
uses: actions/checkout@v2
with:
repository: opensearch-project/security-dashboards-plugin
path: security-dashboards-plugin
ref: ${{ env.OPENSEARCH_DASHBOARDS_VERSION }}
- name: Checkout OpenSearch-Dashboards
uses: actions/checkout@v2
with:
repository: opensearch-project/OpenSearch-Dashboards
path: OpenSearch-Dashboards
ref: ${{ env.OPENSEARCH_DASHBOARDS_VERSION }}
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: './OpenSearch-Dashboards/.nvmrc'
registry-url: 'https://registry.npmjs.org'
- name: Install Yarn
# Need to use bash to avoid having a windows/linux specific step
shell: bash
run: |
YARN_VERSION=$(node -p "require('./OpenSearch-Dashboards/package.json').engines.yarn")
echo "Installing yarn@$YARN_VERSION"
npm i -g yarn@$YARN_VERSION
- run: node -v
shell: bash
- run: yarn -v
shell: bash
- name: Configure OpenSearch Dashboards for cypress
shell: bash
if: ${{ inputs.with-security == 'true' }}
run: |
cat << 'EOT' > ./OpenSearch-Dashboards/config/opensearch_dashboards.yml
server.host: "0.0.0.0"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
EOT
- name: Print Dashboards Config
shell: bash
if: ${{ inputs.with-security == 'true' }}
run: |
cat ./OpenSearch-Dashboards/config/opensearch_dashboards.yml
- name: Bootstrap plugin/OpenSearch-Dashboards
shell: bash
if: ${{ inputs.with-security == 'false' }}
run: |
mkdir -p OpenSearch-Dashboards/plugins
mv index-management-dashboards-plugin OpenSearch-Dashboards/plugins
- name: Bootstrap plugin/OpenSearch-Dashboards
shell: bash
if: ${{ inputs.with-security == 'true' }}
run: |
mkdir -p OpenSearch-Dashboards/plugins
mv index-management-dashboards-plugin OpenSearch-Dashboards/plugins
mv security-dashboards-plugin OpenSearch-Dashboards/plugins
- name: Bootstrap the OpenSearch Dashboard
uses: nick-fields/retry@v2
with:
timeout_minutes: 20
max_attempts: 2
command: yarn --cwd OpenSearch-Dashboards osd bootstrap --oss --single-version=loose
- name: Compile OpenSearch Dashboards
shell: bash
run: |
cd OpenSearch-Dashboards
node scripts/build_opensearch_dashboards_platform_plugins --no-examples --workers=10 --verbose
- name: Run OpenSearch-Dashboards server
shell: bash
run: |
cd OpenSearch-Dashboards
yarn start --no-base-path --no-watch --server.host="0.0.0.0" &
sleep 30
# in main branch, OSD server requires more time to bundle and bootstrap
# timeout 300 bash -c 'while [[ "$(curl -s localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done'
# for now just chrome, use matrix to do all browsers later
- name: Cypress tests
uses: cypress-io/github-action@v2
if: ${{ inputs.with-security == 'false' }}
with:
working-directory: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin
command: yarn run cypress run
wait-on: 'http://localhost:5601'
browser: chrome
- name: Cypress tests
uses: cypress-io/github-action@v2
if: ${{ inputs.with-security == 'true' }}
with:
working-directory: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin
command: yarn run cypress run --env SECURITY_ENABLED=true,openSearchUrl=https://localhost:9200,WAIT_FOR_LOADER_BUFFER_MS=500
wait-on: 'http://localhost:5601'
browser: chrome
# Screenshots are only captured on failure, will change this once we do visual regression tests
- uses: actions/upload-artifact@v3
if: failure()
with:
name: cypress-screenshots
path: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin/cypress/screenshots
# Test run video was always captured, so this action uses "always()" condition
- uses: actions/upload-artifact@v3
if: always()
with:
name: cypress-videos
path: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin/cypress/videos
26 changes: 26 additions & 0 deletions .github/workflows/cypress-with-security-workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: E2E tests workflow
on:
pull_request:
branches:
- "*"
push:
branches:
- "*"
env:
OPENSEARCH_DASHBOARDS_VERSION: '2.x'
jobs:
tests:
name: Run Cypress E2E tests with security
runs-on: ubuntu-latest
env:
# prevents extra Cypress installation progress messages
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
steps:
- name: Checkout Branch
uses: actions/checkout@v3
- id: run-cypress-tests
uses: ./.github/actions/run-cypress-tests
with:
with-security: true
77 changes: 5 additions & 72 deletions .github/workflows/cypress-workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,76 +18,9 @@ jobs:
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
steps:
- name: Set up JDK
uses: actions/setup-java@v1
- name: Checkout Branch
uses: actions/checkout@v3
- id: run-cypress-tests
uses: ./.github/actions/run-cypress-tests
with:
# TODO: Parse this from index management plugin
java-version: 21
- name: Checkout index management
uses: actions/checkout@v2
with:
path: index-management
repository: opensearch-project/index-management
ref: '2.x'
- name: Run opensearch with plugin
run: |
cd index-management
./gradlew run &
sleep 300
# timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Checkout Index Management Dashboards plugin
uses: actions/checkout@v2
with:
path: index-management-dashboards-plugin
- name: Checkout OpenSearch-Dashboards
uses: actions/checkout@v2
with:
repository: opensearch-project/OpenSearch-Dashboards
path: OpenSearch-Dashboards
ref: ${{ env.OPENSEARCH_DASHBOARDS_VERSION }}
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: './OpenSearch-Dashboards/.nvmrc'
registry-url: 'https://registry.npmjs.org'
- name: Install Yarn
# Need to use bash to avoid having a windows/linux specific step
shell: bash
run: |
YARN_VERSION=$(node -p "require('./OpenSearch-Dashboards/package.json').engines.yarn")
echo "Installing yarn@$YARN_VERSION"
npm i -g yarn@$YARN_VERSION
- run: node -v
- run: yarn -v
- name: Bootstrap plugin/OpenSearch-Dashboards
run: |
mkdir -p OpenSearch-Dashboards/plugins
mv index-management-dashboards-plugin OpenSearch-Dashboards/plugins
cd OpenSearch-Dashboards/plugins/index-management-dashboards-plugin
yarn osd bootstrap
- name: Run OpenSearch-Dashboards server
run: |
cd OpenSearch-Dashboards
yarn start --no-base-path --no-watch --server.host="0.0.0.0" &
sleep 300
# timeout 300 bash -c 'while [[ "$(curl -s localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done'
# for now just chrome, use matrix to do all browsers later
- name: Cypress tests
uses: cypress-io/github-action@v2
with:
working-directory: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin
command: yarn run cypress run
wait-on: 'http://localhost:5601'
browser: chrome
# Screenshots are only captured on failure, will change this once we do visual regression tests
- uses: actions/upload-artifact@v3
if: failure()
with:
name: cypress-screenshots
path: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin/cypress/screenshots
# Test run video was always captured, so this action uses "always()" condition
- uses: actions/upload-artifact@v3
if: always()
with:
name: cypress-videos
path: OpenSearch-Dashboards/plugins/index-management-dashboards-plugin/cypress/videos
with-security: false
26 changes: 25 additions & 1 deletion cypress.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,29 @@
"SECURITY_ENABLED": false,
"username": "admin",
"password": "admin"
}
},
"clientCertificates": [
{
"url": "https://localhost:9200/.opendistro-ism*",
"ca": ["cypress/resources/root-ca.pem"],
"certs": [
{
"cert": "cypress/resources/kirk.pem",
"key": "cypress/resources/kirk-key.pem",
"passphrase": ""
}
]
},
{
"url": "https://localhost:9200/.opendistro-ism-config/_update_by_query/",
"ca": ["cypress/resources/root-ca.pem"],
"certs": [
{
"cert": "cypress/resources/kirk.pem",
"key": "cypress/resources/kirk-key.pem",
"passphrase": ""
}
]
}
]
}
12 changes: 0 additions & 12 deletions cypress/plugins/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,6 @@
/**
* @type {Cypress.PluginConfig}
*/

const fs = require("fs");
const path = require("path");

module.exports = (on) => {
// const options = {
// webpackOptions: {
Expand All @@ -46,12 +42,4 @@ module.exports = (on) => {
// };
//
// on("file:preprocessor", wp(options));
on("task", {
readCertAndKey() {
const cert = fs.readFileSync(path.resolve(__dirname, "../resources/kirk.pem"));
const key = fs.readFileSync(path.resolve(__dirname, "../resources/kirk-key.pem"));

return { cert, key };
},
});
};
2 changes: 1 addition & 1 deletion cypress/resources/kirk-key.pem
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,4 @@ nBY2S57MSM11/MVslrEgGmYNnI4r1K25xlaqV6K6ztEJv6n69327MS4NG8L/gCU5
mQGwy8vIqMjAdHGLrCS35sVYBXG13knS52LJHvbVee39AbD5/LlWvjJGlQMzCLrw
F7oILW5kXxhb8S73GWcuMbuQMFVHFONbZAZgn+C9FW4l7XyRdkrbR1MRZ2km8YMs
/AHmo368d4PSNRMMzLHw8Q==
-----END PRIVATE KEY-----
-----END PRIVATE KEY-----
28 changes: 28 additions & 0 deletions cypress/resources/root-ca.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgIUDWQJmWZ9xBTsQUeOt9F5YSPpqOIwDQYJKoZIhvcNAQEL
BQAwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFt
cGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYDVQQLDBhFeGFtcGxl
IENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUgQ29tIEluYy4gUm9v
dCBDQTAeFw0yNDAyMjAxNzAwMzZaFw0zNDAyMTcxNzAwMzZaMIGPMRMwEQYKCZIm
iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ
RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290
IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEPyN7J9VGPyJcQmCBl5TGwfSzvVdWwoQU
j9aEsdfFJ6pBCDQSsj8Lv4RqL0dZra7h7SpZLLX/YZcnjikrYC+rP5OwsI9xEE/4
U98CsTBPhIMgqFK6SzNE5494BsAk4cL72dOOc8tX19oDS/PvBULbNkthQ0aAF1dg
vbrHvu7hq7LisB5ZRGHVE1k/AbCs2PaaKkn2jCw/b+U0Ml9qPuuEgz2mAqJDGYoA
WSR4YXrOcrmPuRqbws464YZbJW898/0Pn/U300ed+4YHiNYLLJp51AMkR4YEw969
VRPbWIvLrd0PQBooC/eLrL6rvud/GpYhdQEUx8qcNCKd4bz3OaQ5AgMBAAGjggEW
MIIBEjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU
F4ffoFrrZhKn1dD4uhJFPLcrAJwwgc8GA1UdIwSBxzCBxIAUF4ffoFrrZhKn1dD4
uhJFPLcrAJyhgZWkgZIwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJ
k/IsZAEZFgdleGFtcGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYD
VQQLDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUg
Q29tIEluYy4gUm9vdCBDQYIUDWQJmWZ9xBTsQUeOt9F5YSPpqOIwDQYJKoZIhvcN
AQELBQADggEBAL3Q3AHUhMiLUy6OlLSt8wX9I2oNGDKbBu0atpUNDztk/0s3YLQC
YuXgN4KrIcMXQIuAXCx407c+pIlT/T1FNn+VQXwi56PYzxQKtlpoKUL3oPQE1d0V
6EoiNk+6UodvyZqpdQu7fXVentRMk1QX7D9otmiiNuX+GSxJhJC2Lyzw65O9EUgG
1yVJon6RkUGtqBqKIuLksKwEr//ELnjmXit4LQKSnqKr0FTCB7seIrKJNyb35Qnq
qy9a/Unhokrmdda1tr6MbqU8l7HmxLuSd/Ky+L0eDNtYv6YfMewtjg0TtAnFyQov
rdXmeq1dy9HLo3Ds4AFz3Gx9076TxcRS/iI=
-----END CERTIFICATE-----
12 changes: 1 addition & 11 deletions cypress/utils/commands.js
Original file line number Diff line number Diff line change
Expand Up @@ -99,17 +99,7 @@ Cypress.Commands.add("login", () => {
Cypress.Commands.add("deleteAllIndices", () => {
cy.log("Deleting all indexes");
cy.request("DELETE", `${Cypress.env("openSearchUrl")}/index*,sample*,opensearch_dashboards*`);
cy.task("readCertAndKey").then(({ cert, key }) => {
cy.request({
method: "DELETE",
url: `${Cypress.env("openSearchUrl")}/.opendistro-ism*?expand_wildcards=all`,
headers: {},
agentOptions: {
cert,
key,
},
});
});
cy.request("DELETE", `${Cypress.env("openSearchUrl")}/.opendistro-ism*?expand_wildcards=all`);
});

Cypress.Commands.add("deleteADSystemIndices", () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Cypress.Commands.add("updateManagedIndexConfigStartTime", (index) => {
source: `ctx._source['managed_index']['schedule']['interval']['start_time'] = ${startTime}L`,
},
};
cy.request("POST", `${Cypress.env("openSearchUrl")}/${IM_CONFIG_INDEX.OPENDISTRO_ISM_CONFIG}/_update_by_query`, body);
cy.request("POST", `${Cypress.env("openSearchUrl")}/${IM_CONFIG_INDEX.OPENDISTRO_ISM_CONFIG}/_update_by_query/`, body);
});
});

Expand Down
Loading
Loading