From 1fc41a383e844e6c0a080e8e966f7510dbe65657 Mon Sep 17 00:00:00 2001 From: Heemin Kim Date: Wed, 4 Oct 2023 15:22:57 -0700 Subject: [PATCH] Add integration test against security enabled cluster Signed-off-by: Heemin Kim --- .github/workflows/test_security.yml | 88 +++++++++++++++++++ CHANGELOG.md | 1 + .../OpenSearchSecureRestTestCase.java | 5 ++ 3 files changed, 94 insertions(+) create mode 100644 .github/workflows/test_security.yml diff --git a/.github/workflows/test_security.yml b/.github/workflows/test_security.yml new file mode 100644 index 00000000..be0062ca --- /dev/null +++ b/.github/workflows/test_security.yml @@ -0,0 +1,88 @@ +name: Test Geospatial on Secure Cluster +on: + schedule: + - cron: '0 0 * * *' # every night + push: + branches: + - "*" + - "feature/**" + pull_request: + branches: + - "*" + - "feature/**" + +jobs: + Build-ad: + strategy: + matrix: + java: [ 11,17 ] + os: [ubuntu-latest] + fail-fast: true + + name: Test k-NN on Secure Cluster + runs-on: ${{ matrix.os }} + + steps: + - name: Checkout Geospatial + uses: actions/checkout@v1 + + - name: Setup Java ${{ matrix.java }} + uses: actions/setup-java@v1 + with: + java-version: ${{ matrix.java }} + + - name: Assemble Geospatial + run: | + ./gradlew assemble + + # example of variables: + # plugin = opensearch-geospatial-2.7.0.0-SNAPSHOT.zip + # version = 2.7.0 + # plugin_version = 2.7.0.0 + # qualifier = `SNAPSHOT` + - name: Pull and Run Docker + run: | + plugin=`basename $(ls build/distributions/*.zip)` + version=`echo $plugin|awk -F- '{print $3}'| cut -d. -f 1-3` + plugin_version=`echo $plugin|awk -F- '{print $3}'| cut -d. -f 1-4` + qualifier=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-1` + if [ $qualifier != `SNAPSHOT` ]; + then + docker_version=$version-$qualifier + else + docker_version=$version + fi + echo plugin version plugin_version qualifier docker_version + echo "($plugin) ($version) ($plugin_version) ($qualifier) ($docker_version)" + + cd .. + if docker pull opensearchstaging/opensearch:$docker_version + then + echo "FROM opensearchstaging/opensearch:$docker_version" >> Dockerfile + echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-geospatial ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-geospatial; fi" >> Dockerfile + echo "ADD geospatial/build/distributions/$plugin /tmp/" >> Dockerfile + echo "RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/$plugin" >> Dockerfile + docker build -t opensearch-geospatial:test . + echo "imagePresent=true" >> $GITHUB_ENV + else + echo "imagePresent=false" >> $GITHUB_ENV + fi + + - name: Run Docker Image + if: env.imagePresent == 'true' + run: | + cd .. + docker run -p 9200:9200 -d -p 9600:9600 -e "discovery.type=single-node" opensearch-geospatial:test + sleep 90 + + - name: Run Geospatial Integ Test + if: env.imagePresent == 'true' + run: | + security=`curl -XGET https://localhost:9200/_cat/plugins?v -u admin:admin --insecure |grep opensearch-security|wc -l` + if [ $security -gt 0 ] + then + echo "Security plugin is available" + ./gradlew integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="docker-cluster" -Dhttps=true -Duser=admin -Dpassword=admin + else + echo "Security plugin is NOT available, skipping integration tests" + fi diff --git a/CHANGELOG.md b/CHANGELOG.md index 4526e876..23aba8da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### Bug Fixes * Fix flaky test, testIndexingMultiPolygon ([#483](https://github.com/opensearch-project/geospatial/pull/483)) ### Infrastructure +* Add integration test against security enabled cluster ([#513](https://github.com/opensearch-project/geospatial/pull/513)) ### Documentation ### Maintenance ### Refactoring diff --git a/src/test/java/org/opensearch/geospatial/OpenSearchSecureRestTestCase.java b/src/test/java/org/opensearch/geospatial/OpenSearchSecureRestTestCase.java index d4bfa4cd..b9b7e6ef 100644 --- a/src/test/java/org/opensearch/geospatial/OpenSearchSecureRestTestCase.java +++ b/src/test/java/org/opensearch/geospatial/OpenSearchSecureRestTestCase.java @@ -57,6 +57,7 @@ public abstract class OpenSearchSecureRestTestCase extends OpenSearchRestTestCas private static final String SYS_PROPERTY_KEY_PASSWORD = "password"; private static final String DEFAULT_SOCKET_TIMEOUT = "60s"; private static final String INTERNAL_INDICES_PREFIX = "."; + private static final String SYSTEM_INDEX_PREFIX = "security-auditlog"; private static String protocol; @Override @@ -172,6 +173,10 @@ public void deleteExternalIndices() throws IOException { .map(index -> (String) index.get("index")) .filter(indexName -> indexName != null) .filter(indexName -> !indexName.startsWith(INTERNAL_INDICES_PREFIX)) + // This is hack to remove the security audit index from deletion. We will need a proper fix where + // we delete the indices after a test is completed. + // Issue: https://github.com/opensearch-project/geospatial/issues/428 + .filter(indexName -> !indexName.startsWith(SYSTEM_INDEX_PREFIX)) .collect(Collectors.toList()); for (String indexName : externalIndices) {