Skip to content

Commit

Permalink
Backport security workflow to 2.4 branch (#639)
Browse files Browse the repository at this point in the history
* Security Workflow (#611)

* Unify wipe indices logic after tests

Signed-off-by: bowenlan-amzn <[email protected]>

* Enhance wipeAllIndices function

Signed-off-by: bowenlan-amzn <[email protected]>

* security workflow setup

Signed-off-by: bowenlan-amzn <[email protected]>

* add more settings

Signed-off-by: bowenlan-amzn <[email protected]>

* Rewrite SecureRestClientBuilder

Signed-off-by: bowenlan-amzn <[email protected]>

* For now, use local cluster

Signed-off-by: bowenlan-amzn <[email protected]>

Signed-off-by: bowenlan-amzn <[email protected]>

* Fix deps missing

Signed-off-by: bowenlan-amzn <[email protected]>

Signed-off-by: bowenlan-amzn <[email protected]>
  • Loading branch information
bowenlan-amzn authored Jan 3, 2023
1 parent ccbde24 commit 2e0b8b6
Show file tree
Hide file tree
Showing 11 changed files with 343 additions and 42 deletions.
83 changes: 83 additions & 0 deletions .github/workflows/docker-security-test-workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: Docker Security Test Workflow
on:
pull_request:
branches:
- "*"
push:
branches:
- "*"

jobs:
test:
# This job runs on Linux
runs-on: ubuntu-latest
steps:
- name: Set Up JDK
uses: actions/setup-java@v1
with:
java-version: 17
- name: Checkout Branch
uses: actions/checkout@v2
- name: Build Index Management
run: ./gradlew assemble
- name: Pull and Run Docker
run: |
plugin=`basename $(ls build/distributions/*.zip)`
list_of_files=`ls`
list_of_all_files=`ls build/distributions/`
version=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-3`
plugin_version=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-4`
qualifier=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-1`
candidate_version=`echo $plugin|awk -F- '{print $5}'| cut -d. -f 1-1`
if qualifier
then
docker_version=$version-$qualifier
else
docker_version=$version
fi
[[ -z $candidate_version ]] && candidate_version=$qualifier && qualifier=""
echo plugin version plugin_version qualifier candidate_version docker_version
echo "($plugin) ($version) ($plugin_version) ($qualifier) ($candidate_version) ($docker_version)"
echo $ls $list_of_all_files
if docker pull opensearchstaging/opensearch:$docker_version
then
echo "FROM opensearchstaging/opensearch:$docker_version" >> Dockerfile
echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-index-management ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-index-management; fi" >> Dockerfile
echo "ADD build/distributions/$plugin /tmp/" >> Dockerfile
echo "RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/$plugin" >> Dockerfile
echo "RUN echo 'path.repo: ["/usr/share/opensearch/data/repo"]' >> /usr/share/opensearch/config/opensearch.yml" >> Dockerfile
docker build -t opensearch-index-management:test .
echo "imagePresent=true" >> $GITHUB_ENV
else
echo "imagePresent=false" >> $GITHUB_ENV
fi
- name: Run Docker Image
if: env.imagePresent == 'true'
run: |
cd ..
docker run -p 9200:9200 -d -p 9600:9600 -e "discovery.type=single-node" opensearch-index-management:test
sleep 120
- name: Run Index Management Test for security enabled test cases
if: env.imagePresent == 'true'
run: |
cluster_running=`curl -XGET https://localhost:9200/_cat/plugins -u admin:admin --insecure`
echo $cluster_running
security=`curl -XGET https://localhost:9200/_cat/plugins -u admin:admin --insecure |grep opensearch-security|wc -l`
echo $security
if [ $security -gt 0 ]
then
echo "Security plugin is available"
./gradlew integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dsecurity=true -Dhttps=true -Duser=admin -Dpassword=admin
else
echo "Security plugin is NOT available skipping this run as tests without security have already been run"
fi
- name: Upload failed logs
uses: actions/upload-artifact@v2
if: failure()
with:
name: logs
path: build/testclusters/integTest-*/logs/*
36 changes: 36 additions & 0 deletions .github/workflows/security-test-workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: Security test workflow
# This workflow is triggered on pull requests to main
on:
pull_request:
branches:
- "*"
push:
branches:
- "*"

jobs:
test:
# This job runs on Linux
runs-on: ubuntu-latest
steps:
# This step uses the setup-java Github action: https://github.com/actions/setup-java
- name: Set Up JDK
uses: actions/setup-java@v1
with:
java-version: 17
# index-management
- name: Checkout Branch
uses: actions/checkout@v2
- name: Start cluster with security plugin
run: |
./gradlew run -Dsecurity=true &
sleep 120
- name: Run integration tests
run: |
./gradlew integTestRemote -Dsecurity=true -Dhttps=true -Dtests.rest.cluster="localhost:9200" -Dtests.cluster="localhost:9200" -Dtests.clustername="integTest" -Duser=admin -Dpassword=admin
- name: Upload failed logs
uses: actions/upload-artifact@v2
if: failure()
with:
name: logs
path: build/testclusters/integTest-*/logs/*
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ build/
out/
.idea/*
!.idea/copyright
.vscode
*.ipr
*.iws
.DS_Store
Expand Down
Loading

0 comments on commit 2e0b8b6

Please sign in to comment.