Skip to content

Cypress13 testing frame work for OIDC and SAML #2

Cypress13 testing frame work for OIDC and SAML

Cypress13 testing frame work for OIDC and SAML #2

name: Snapshot based E2E SAML tests workflow
on:
pull_request:
branches: [ '**' ]
env:
OPENSEARCH_VERSION: '3.0.0'
KEYCLOAK_VERSION: '21.0.1'
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security
jobs:
tests:
name: Run Cypress E2E SAML tests
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}
steps:
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: 11
- name: Checkout Branch
uses: actions/checkout@v3
- name: Set env
run: |
opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version")
plugin_version=$(node -p "require('./package.json').version")
echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV
echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
shell: bash
# Setup and Run SAML Idp
- name: Get and run SAML Idp on Linux
if: ${{ runner.os == 'Linux' }}
run: yarn pretest:jest_server
- name: Download security plugin and create setup scripts
uses: ./.github/actions/download-plugin
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}
# Download OpenSearch
- name: Download OpenSearch for Linux
uses: peternied/download-file@v2
if: ${{ runner.os == 'Linux' }}
with:
url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz
# Extract downloaded tar/zip
- name: Extract downloaded tar
if: ${{ runner.os == 'Linux' }}
run: |
tar -xzf opensearch-*.tar.gz
rm -f opensearch-*.tar.gz
shell: bash
# Install the security plugin
- name: Install Plugin into OpenSearch for Linux
if: ${{ runner.os == 'Linux'}}
run: |
chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin
/bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip"
shell: bash
# Add SAML Configuration
- name: Injecting SAML Configuration for Linux
if: ${{ runner.os == 'Linux'}}
run: |
echo "Injecting SAML configuration"
cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/
wget -O yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
chmod +x yq
yq -i ".config.dynamic.authc.saml_auth_domain.http_enabled = true" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.transport_enabled = false" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.order = 5" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.type = \"saml\"" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.challenge = true" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.idp.entity_id = \"urn:example:idp\"" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.idp.metadata_url = \"http://localhost:7000/metadata\"" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.sp.entity_id = \"https://localhost:9200\"" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.kibana_url = \"http://localhost:5601\"" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.http_authenticator.config.exchange_key = \"6aff3042-1327-4f3d-82f0-40a157ac4464\"" config.yml
yq -i ".config.dynamic.authc.saml_auth_domain.authentication_backend.type = \"noop\"" config.yml
cat ./config.yml
cd ../../..
# Run any configuration scripts
- name: Run Setup Script for Linux
if: ${{ runner.os == 'Linux' }}
run: |
echo "running linux setup"
chmod +x ./setup.sh
./setup.sh
shell: bash
# Run OpenSearch
- name: Run OpenSearch with plugin on Linux
if: ${{ runner.os == 'Linux'}}
run: |
/bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &"
shell: bash
# Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time!
- name: Sleep while OpenSearch starts
uses: peternied/action-sleep@v1
with:
seconds: 30
# Verify that the server is operational
- name: Check OpenSearch Running on Linux
if: ${{ runner.os != 'Windows'}}
run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v
shell: bash
- if: always()
run: cat ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/logs/opensearch.log
shell: bash
# OSD bootstrap
- name: Run Dashboard with Security Dashboards Plugin
uses: ./.github/actions/install-dashboards
with:
plugin_name: security-dashboards-plugin
# Configure the Dashboard for SAML setup
- name: Configure and Run OpenSearch Dashboards with SAML Configuration
if: ${{ runner.os == 'Linux' }}
run: |
cd ./OpenSearch-Dashboards
echo 'server.host: "localhost"' >> ./config/opensearch_dashboards.yml
echo 'opensearch.hosts: ["https://localhost:9200"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch.ssl.verificationMode: none' >> ./config/opensearch_dashboards.yml
echo 'opensearch.username: "kibanaserver"' >> ./config/opensearch_dashboards.yml
echo 'opensearch.password: "kibanaserver"' >> ./config/opensearch_dashboards.yml
echo 'opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.multitenancy.enabled: true' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.readonly_mode.roles: ["kibana_read_only"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.cookie.secure: false' >> ./config/opensearch_dashboards.yml
echo 'server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.auth.type: ["saml"]' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.auth.multiple_auth_enabled: true' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.ui.openid.login.buttonname: "SAML"' >> ./config/opensearch_dashboards.yml
echo 'opensearch_security.auth.anonymous_auth_enabled: false' >> ./config/opensearch_dashboards.yml
echo 'home.disableWelcomeScreen: true' >> ./config/opensearch_dashboards.yml
echo 'HERE IS THE DASHBOARD CONFIG'
cat ./config/opensearch_dashboards.yml
nohup yarn start --no-base-path --no-watch &
sleep 600
- name: Run Cypress
run : |
yarn add cypress --save-dev
yarn cypress:run --browser chrome --headless --spec '.cypress/e2e/saml/*.js'