Skip to content

Commit

Permalink
Support security demo script changes
Browse files Browse the repository at this point in the history
Signed-off-by: Rishabh Singh <[email protected]>
  • Loading branch information
rishabh6788 committed Dec 22, 2023
1 parent f92f571 commit ce8e69e
Show file tree
Hide file tree
Showing 10 changed files with 294 additions and 180 deletions.
1 change: 1 addition & 0 deletions Pipfile
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ zipp = "~=3.8.1"
importlib-metadata = "~=4.12.0"
ruamel-yaml = "~=0.17.21"
mistune = "~=3.0.1"
semver = ">=3,<4"

[dev-packages]

Expand Down
395 changes: 228 additions & 167 deletions Pipfile.lock

Large diffs are not rendered by default.

7 changes: 7 additions & 0 deletions src/test_workflow/benchmark_test/benchmark_test_cluster.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ class BenchmarkTestCluster:
is_endpoint_public: bool
cluster_endpoint: str
cluster_endpoint_with_port: str
os_version_float: float

"""
Represents a performance test cluster. This class deploys the opensearch bundle with CDK. Supports both single
Expand All @@ -42,12 +43,14 @@ def __init__(
self,
bundle_manifest: Union[BundleManifest, BuildManifest],
config: dict,
os_version_float: float,
args: BenchmarkArgs,
current_workspace: str
) -> None:
self.manifest = bundle_manifest
self.current_workspace = current_workspace
self.args = args
self.os_version_float = os_version_float
self.output_file = "output.json"
role = config["Constants"]["Role"]
params_dict = self.setup_cdk_params(config)
Expand Down Expand Up @@ -121,6 +124,7 @@ def wait_for_processing(self, tries: int = 3, delay: int = 15, backoff: int = 2)

def setup_cdk_params(self, config: dict) -> dict:
suffix = ''
need_strong_password = False
if self.args.stack_suffix and self.manifest:
suffix = self.args.stack_suffix + '-' + self.manifest.build.id + '-' + self.manifest.build.architecture
elif self.manifest:
Expand All @@ -134,6 +138,8 @@ def setup_cdk_params(self, config: dict) -> dict:
f"{self.manifest.build.version}-linux-{self.manifest.build.architecture}-latest.tar.gz"
else:
artifact_url = self.args.distribution_url.strip()
if not self.args.insecure and self.os_version_float >= 2.12:
need_strong_password = True

return {
"distributionUrl": artifact_url,
Expand All @@ -142,6 +148,7 @@ def setup_cdk_params(self, config: dict) -> dict:
"region": config["Constants"]["Region"],
"suffix": suffix,
"securityDisabled": str(self.args.insecure).lower(),
"adminPassword": 'myStrongPassword123!' if need_strong_password else None,
"cpuArch": self.manifest.build.architecture if self.manifest else 'x64',
"singleNodeCluster": str(self.args.single_node).lower(),
"distVersion": self.manifest.build.version if self.manifest else self.args.distribution_version,
Expand Down
19 changes: 19 additions & 0 deletions src/test_workflow/benchmark_test/benchmark_test_runner.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,22 @@ def get_git_ref(self) -> str:
return 'main'
else:
return '1.x'

def get_os_version_float(self) -> float:
os_version_float: float
# For OS Versions between 2.2 to 2.9, when compared with 2.12, mathematically the versions 2.2 through 2.9
# would always be greater than 2.12. In order to make sure they are treated less than OS version 2.12
# add below logic to convert minor value to 1/100 value, so 2.2 become 2.02 which is less than 2.12.
if self.test_manifest:
major, minor = map(int, self.test_manifest.build.version.split('.')[:2])
if minor in range(1, 10):
dec_minor = minor / 100
minor = str(dec_minor).split('.')[1] # type: ignore

Check warning on line 66 in src/test_workflow/benchmark_test/benchmark_test_runner.py

View check run for this annotation

Codecov / codecov/patch

src/test_workflow/benchmark_test/benchmark_test_runner.py#L65-L66

Added lines #L65 - L66 were not covered by tests
os_version_float = float(f"{major}.{minor}")
else:
major, minor = map(int, self.args.distribution_version.split('.')[:2])
if minor in range(1, 10):
dec_minor = minor / 100
minor = str(dec_minor).split('.')[1] # type: ignore
os_version_float = float(f"{major}.{minor}")
return os_version_float
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,6 @@ def run_tests(self) -> None:
current_workspace = os.path.join(work_dir.name, "opensearch-cluster-cdk")
with GitRepository(self.get_cluster_repo_url(), self.get_git_ref(), current_workspace):
with WorkingDirectory(current_workspace):
with BenchmarkTestCluster.create(self.test_manifest, config, self.args, current_workspace) as test_cluster:
benchmark_test_suite = BenchmarkTestSuite(test_cluster.endpoint_with_port, self.security, self.args)
with BenchmarkTestCluster.create(self.test_manifest, config, self.get_os_version_float(), self.args, current_workspace) as test_cluster:
benchmark_test_suite = BenchmarkTestSuite(test_cluster.endpoint_with_port, self.security, self.get_os_version_float(), self.args)
retry_call(benchmark_test_suite.execute, tries=3, delay=60, backoff=2)
7 changes: 6 additions & 1 deletion src/test_workflow/benchmark_test/benchmark_test_suite.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ class BenchmarkTestSuite:
current_workspace: str
args: BenchmarkArgs
command: str
os_version_float: float

"""
Represents a performance test suite. This class runs rally test on the deployed cluster with the provided IP.
Expand All @@ -28,11 +29,13 @@ def __init__(
self,
endpoint: Any,
security: bool,
os_version_float: float,
args: BenchmarkArgs,
) -> None:
self.endpoint = endpoint
self.security = security
self.args = args
self.os_version_float = os_version_float
# Pass the cluster endpoints with -t for multi-cluster use cases(e.g. cross-cluster-replication)
self.command = 'docker run --rm'
if self.args.benchmark_config:
Expand Down Expand Up @@ -65,7 +68,9 @@ def __init__(
self.command += f" --telemetry-params '{self.args.telemetry_params}'"

def execute(self) -> None:
if self.security:
if self.security and self.os_version_float >= 2.12:
self.command += ' --client-options="timeout:300,use_ssl:true,verify_certs:false,basic_auth_user:\'admin\',basic_auth_password:\'myStrongPassword123!\'"'
elif self.security:
self.command += ' --client-options="timeout:300,use_ssl:true,verify_certs:false,basic_auth_user:\'admin\',basic_auth_password:\'admin\'"'
else:
self.command += ' --client-options="timeout:300"'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class TestBenchmarkTestCluster(unittest.TestCase):
DATA = os.path.join(os.path.dirname(__file__), "data")
BUNDLE_MANIFEST = os.path.join(DATA, "bundle_manifest.yml")

def setUp(self, args: Optional[Mock] = None, use_manifest: bool = True) -> None:
def setUp(self, args: Optional[Mock] = None, use_manifest: bool = True, os_version_float: float = 2.10) -> None:
self.args = Mock()
if args:
self.args = args
Expand All @@ -34,7 +34,7 @@ def setUp(self, args: Optional[Mock] = None, use_manifest: bool = True) -> None:
self.config = {"Constants": {"SecurityGroupId": "sg-00000000", "VpcId": "vpc-12345", "AccountId": "12345678",
"Region": "us-west-2", "Role": "role-arn", "serverAccessType": "prefixList", "restrictServerAccessTo": "pl-1234",
"isInternal": "true", "IamRoleArn": "arn:aws:iam::12344567890:role/customRole"}}
self.benchmark_test_cluster = BenchmarkTestCluster(bundle_manifest=self.manifest, config=self.config, args=self.args, current_workspace="current_workspace")
self.benchmark_test_cluster = BenchmarkTestCluster(bundle_manifest=self.manifest, config=self.config, os_version_float=os_version_float, args=self.args, current_workspace="current_workspace")

@patch("test_workflow.benchmark_test.benchmark_test_cluster.BenchmarkTestCluster.wait_for_processing")
def test_create_single_node_secure(self, mock_wait_for_processing: Optional[Mock]) -> None:
Expand All @@ -48,6 +48,7 @@ def test_create_single_node_secure(self, mock_wait_for_processing: Optional[Mock
self.assertEqual(self.benchmark_test_cluster.port, 443)
self.assertTrue("opensearch-infra-stack-test-suffix-007-x64" in self.benchmark_test_cluster.stack_name)
self.assertTrue("securityDisabled=false" in self.benchmark_test_cluster.params)
self.assertTrue("adminPassword" not in self.benchmark_test_cluster.params)
self.assertTrue("singleNodeCluster=true" in self.benchmark_test_cluster.params)
self.assertTrue("isInternal=true" in self.benchmark_test_cluster.params)
self.assertTrue("distributionUrl=https://artifacts.opensearch.org/bundles/1.0.0/41d5ae25183d4e699e92debfbe3f83bd/opensearch-1.0.0-linux-x64.tar.gz" in self.benchmark_test_cluster.params)
Expand Down Expand Up @@ -100,8 +101,9 @@ def test_create_multi_node(self, mock_wait_for_processing: Optional[Mock]) -> No
@patch("test_workflow.benchmark_test.benchmark_test_cluster.BenchmarkTestCluster.wait_for_processing")
def test_create_multi_node_without_manifest(self, mock_wait_for_processing: Optional[Mock]) -> None:
self.args.distribution_url = "https://artifacts.opensearch.org/2.10.0/opensearch.tar.gz"
self.args.distribution_version = '2.10.0'
TestBenchmarkTestCluster.setUp(self, self.args, False)
self.args.distribution_version = '2.12.0'
self.args.insecure = False
TestBenchmarkTestCluster.setUp(self, self.args, False, 2.12)
mock_file = MagicMock(side_effect=[{"opensearch-infra-stack-test-suffix": {"loadbalancerurl": "www.example.com"}}])
with patch("subprocess.check_call") as mock_check_call:
with patch("builtins.open", MagicMock()):
Expand All @@ -110,5 +112,7 @@ def test_create_multi_node_without_manifest(self, mock_wait_for_processing: Opti
self.assertEqual(mock_check_call.call_count, 1)
self.assertTrue("opensearch-infra-stack-test-suffix" in self.benchmark_test_cluster.stack_name)
self.assertTrue("cpuArch=x64" in self.benchmark_test_cluster.params)
self.assertTrue("distVersion=2.10.0" in self.benchmark_test_cluster.params)
self.assertTrue("distVersion=2.12.0" in self.benchmark_test_cluster.params)
self.assertTrue("securityDisabled=false" in self.benchmark_test_cluster.params)
self.assertTrue("adminPassword=myStrongPassword123!" in self.benchmark_test_cluster.params)
self.assertTrue("distributionUrl=https://artifacts.opensearch.org/2.10.0/opensearch.tar.gz" in self.benchmark_test_cluster.params)
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ def setUp(self, args: Optional[Mock] = None) -> None:
self.config = {"Constants": {"SecurityGroupId": "sg-00000000", "VpcId": "vpc-12345", "AccountId": "12345678",
"Region": "us-west-2", "Role": "role-arn", "serverAccessType": "prefixList", "restrictServerAccessTo": "pl-1234",
"isInternal": "true", "IamRoleArn": ""}}
self.benchmark_test_cluster = BenchmarkTestCluster(bundle_manifest=self.manifest, config=self.config, args=self.args, current_workspace="current_workspace")
self.benchmark_test_cluster = BenchmarkTestCluster(bundle_manifest=self.manifest, config=self.config, args=self.args, os_version_float=2.12, current_workspace="current_workspace")

@patch("test_workflow.benchmark_test.benchmark_test_cluster.BenchmarkTestCluster.wait_for_processing")
def test_create_min_cluster(self, mock_wait_for_processing: Optional[Mock]) -> None:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ def test_run(self, mock_suite: Mock, mock_cluster: Mock, mock_git: Mock, mock_te
"--distribution-url",
"https://artifacts.opensearch.org/2.10.0/opensearch.tar.gz",
"--distribution-version",
"2.10.0",
"2.3.0",
"--config", os.path.join(os.path.dirname(__file__), "data", "test-config.yml"),
"--workload", "test",
"--suffix", "test"])
Expand All @@ -67,9 +67,15 @@ def test_run_with_dist_url_and_version(self, mock_suite: Mock, mock_cluster: Moc
benchmark_args = BenchmarkArgs()
runner = BenchmarkTestRunners.from_args(benchmark_args)
runner.run()

mock_git.assert_called_with("https://github.com/opensearch-project/opensearch-cluster-cdk.git", "main",
os.path.join(tempfile.gettempdir(), "opensearch-cluster-cdk"))
mock_cluster.assert_called_with(None, {'Description': 'Configuration file to store contants required to run rally for performance test',
'Constants': {'Repository': 'https://github.com/opensearch-project/opensearch-cluster-cdk', 'cidr': '172.31.0.0/16',
'VpcId': 'vpc-12345678', 'AccountId': 123456789098, 'dataNodeStorage': 200,
'serverAccessType': 'prefixList', 'restrictServerAccessTo': 'pl-01a74268', 'Region': 'eu-west-1', 'isInternal': True,
'Role': 'test-set-up'}}, 2.03,
benchmark_args,
os.path.join(tempfile.gettempdir(), "opensearch-cluster-cdk"))
self.assertEqual(mock_suite.call_count, 1)
self.assertEqual(mock_cluster.call_count, 1)
self.assertEqual(mock_git.call_count, 1)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ def setUp(self, **kwargs: Any) -> None:
self.args.exclude_tasks = kwargs['exclude_tasks'] if 'exclude_tasks' in kwargs else None
self.args.include_tasks = kwargs['include_tasks'] if 'include_tasks' in kwargs else None
self.endpoint = "abc.com"
self.benchmark_test_suite = BenchmarkTestSuite(endpoint=self.endpoint, security=False, args=self.args)
self.benchmark_test_suite = BenchmarkTestSuite(endpoint=self.endpoint, security=False, os_version_float=2.10, args=self.args)

def test_execute_default(self) -> None:
with patch("subprocess.check_call") as mock_check_call:
Expand All @@ -35,8 +35,19 @@ def test_execute_default(self) -> None:
'docker run --rm opensearchproject/opensearch-benchmark:latest execute-test --workload=nyc_taxis '
'--pipeline=benchmark-only --target-hosts=abc.com --client-options="timeout:300"')

def test_execute_security_enabled_version_212_or_greater(self) -> None:
benchmark_test_suite = BenchmarkTestSuite(endpoint=self.endpoint, security=True, os_version_float=2.12, args=self.args)
with patch("subprocess.check_call") as mock_check_call:
benchmark_test_suite.execute()
self.assertEqual(mock_check_call.call_count, 1)
self.assertEqual(benchmark_test_suite.command,
'docker run --rm opensearchproject/opensearch-benchmark:latest execute-test '
'--workload=nyc_taxis --pipeline=benchmark-only '
'--target-hosts=abc.com --client-options="timeout:300,use_ssl:true,'
'verify_certs:false,basic_auth_user:\'admin\',basic_auth_password:\'myStrongPassword123!\'"')

def test_execute_security_enabled(self) -> None:
benchmark_test_suite = BenchmarkTestSuite(endpoint=self.endpoint, security=True, args=self.args)
benchmark_test_suite = BenchmarkTestSuite(endpoint=self.endpoint, security=True, os_version_float=2.10, args=self.args)
with patch("subprocess.check_call") as mock_check_call:
benchmark_test_suite.execute()
self.assertEqual(mock_check_call.call_count, 1)
Expand Down

0 comments on commit ce8e69e

Please sign in to comment.