forked from opensearch-project/security-dashboards-plugin
-
Notifications
You must be signed in to change notification settings - Fork 10
114 lines (105 loc) · 4.51 KB
/
cypress-test-multiauth-e2e.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: Snapshot based E2E SAML multi-auth tests workflow
on: [ push, pull_request ]
env:
OPENSEARCH_VERSION: '3.0.0'
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
jobs:
tests:
name: Run Cypress E2E SAML multi-auth tests
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
basePath: [ "", "/osd" ]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Branch
uses: actions/checkout@v4
# Add SAML Configuration
- name: Injecting SAML Configuration for Linux
if: ${{ runner.os == 'Linux'}}
run: |
echo "Creating new SAML configuration"
cat << 'EOT' > config_multiauth.yml
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
entity_id: urn:example:idp
metadata_url: http://localhost:7000/metadata
sp:
entity_id: https://localhost:9200
kibana_url: http://localhost:5601${{ matrix.basePath }}
exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464
authentication_backend:
type: noop
EOT
# Configure the Dashboard for SAML setup
- name: Configure OpenSearch Dashboards with multi-auth configuration including SAML
if: ${{ runner.os == 'Linux' }}
run: |
cat << 'EOT' > opensearch_dashboards_multiauth.yml
server.host: "localhost"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]
opensearch_security.auth.type: ["basicauth","saml"]
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.auth.anonymous_auth_enabled: false
home.disableWelcomeScreen: true
EOT
- name: Run OSD with basePath
if: ${{ matrix.basePath != '' }}
run: |
echo "server.basePath: \"${{ matrix.basePath }}\"" >> opensearch_dashboards_multiauth.yml
echo "server.rewriteBasePath: true" >> opensearch_dashboards_multiauth.yml
- name: Run Cypress Tests with basePath
if: ${{ matrix.basePath != '' }}
uses: ./.github/actions/run-cypress-tests
with:
security_config_file: config_multiauth.yml
dashboards_config_file: opensearch_dashboards_multiauth.yml
yarn_command: 'yarn cypress:run --browser chrome --headless --env loginMethod=saml_multiauth,basePath=${{ matrix.basePath }} --spec "test/cypress/e2e/saml/*.js"'
osd_base_path: ${{ matrix.basePath }}
- name: Run Cypress Tests
if: ${{ matrix.basePath == '' }}
uses: ./.github/actions/run-cypress-tests
with:
security_config_file: config_multiauth.yml
dashboards_config_file: opensearch_dashboards_multiauth.yml
yarn_command: 'yarn cypress:run --browser chrome --headless --env loginMethod=saml_multiauth --spec "test/cypress/e2e/saml/*.js"'