Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cypress13 testing frame work for OIDC and SAML #1579

Merged
merged 120 commits into from
Nov 29, 2023
Merged
Show file tree
Hide file tree
Changes from 119 commits
Commits
Show all changes
120 commits
Select commit Hold shift + click to select a range
924a7bf
Setup cypress13
RyanL1997 Sep 7, 2023
aeb22c6
Set up a workflow 0
RyanL1997 Sep 9, 2023
98bc733
Add the cypress screenshots path to gitignore
RyanL1997 Sep 10, 2023
e8555ae
Set up sec dashboards plugin with oidc config
RyanL1997 Sep 10, 2023
7c59cbc
Add cypress to eslint
RyanL1997 Sep 13, 2023
1feed81
Fix lint
RyanL1997 Sep 13, 2023
1a42101
Fix lint 2
RyanL1997 Sep 13, 2023
bb86669
fix eslint cypress plugin version
RyanL1997 Sep 13, 2023
0caf4b3
linux workflow draft 0
RyanL1997 Sep 13, 2023
aab999a
linux workflow draft 1
RyanL1997 Sep 13, 2023
28b54f2
add ls and pwd
RyanL1997 Sep 13, 2023
06b8435
linux workflow draft 2
RyanL1997 Sep 13, 2023
a0121b3
Switch to java 11
RyanL1997 Sep 19, 2023
61872f4
Add certificates setup with some debugging statement
RyanL1997 Sep 19, 2023
4cf185d
Fix the directory of start up opensearch
RyanL1997 Sep 19, 2023
705740a
Change the configuration of osd
RyanL1997 Sep 19, 2023
b062284
Change the oidc url to use 127
RyanL1997 Sep 19, 2023
34df590
Bump Cypress to 13.2.0 and change to yarn add for setup cypress env
RyanL1997 Sep 19, 2023
1cb1318
debugging the testing setup
RyanL1997 Sep 19, 2023
18f70e3
Fix the cypress config
RyanL1997 Sep 19, 2023
9e94191
Switch to js for cypress config file
RyanL1997 Sep 19, 2023
4cf0769
Add timeout for test
RyanL1997 Sep 20, 2023
b59a39d
Try some changes on status code
RyanL1997 Sep 20, 2023
d8e5fb5
Update to use cy.origin
RyanL1997 Sep 20, 2023
ff34560
Fix lint
RyanL1997 Sep 20, 2023
58285c4
Change to .cypress directory
RyanL1997 Sep 20, 2023
99d99b4
Fix spec path in workflow
RyanL1997 Sep 20, 2023
2934368
Extend wait to 15s
RyanL1997 Sep 20, 2023
813cc0b
extend sleep time to 700s
RyanL1997 Sep 20, 2023
6d6988d
Refactor the test
RyanL1997 Sep 21, 2023
c5f0b1b
change to localhost
RyanL1997 Sep 21, 2023
bc8ac05
Linux runner ready without comments
RyanL1997 Sep 21, 2023
edf3bdc
Enhance the first test case
RyanL1997 Sep 21, 2023
a8a02ec
Seprate the run cypress tasks
RyanL1997 Sep 21, 2023
1939733
Add debugging statement
RyanL1997 Sep 21, 2023
27bc0b7
Reduce the timeout to 600s
RyanL1997 Sep 21, 2023
7f153e6
Linux stable version commit
RyanL1997 Sep 21, 2023
9394fb9
Add windows runner commit 0
RyanL1997 Sep 21, 2023
1612093
Add windows runner commit 1 - kc setup task
RyanL1997 Sep 21, 2023
c9cdc9b
Add retry for keycloak on windows
RyanL1997 Sep 21, 2023
c00176e
Fix the redirectUris array list format for windows kc setup
RyanL1997 Sep 21, 2023
278b1d3
Try another formatting of command
RyanL1997 Sep 21, 2023
4391e9a
Try single quote on redirect uris
RyanL1997 Sep 21, 2023
6647a49
Try json approach
RyanL1997 Sep 21, 2023
48005eb
Try to fix the client mapper
RyanL1997 Sep 21, 2023
229f3f2
Fix the workflow's plugin name and fix the flaky of dev tool test case
RyanL1997 Sep 21, 2023
0900027
Add windows script for Add OIDC Configuration, by using yq
RyanL1997 Sep 21, 2023
d9760d2
Switch the cd in to Set-location -Path
RyanL1997 Sep 21, 2023
c43a631
Add a cat for security config for debugging windows yq
RyanL1997 Sep 21, 2023
9da656a
Modify injecting oidc config task
RyanL1997 Sep 22, 2023
da58f81
Modify injecting oidc config task - 2
RyanL1997 Sep 22, 2023
0516d83
Try overwriting instead of injecting
RyanL1997 Sep 22, 2023
4941ad3
Add enable log
RyanL1997 Sep 22, 2023
2671f53
Fix the config file
RyanL1997 Sep 22, 2023
66482ef
change the command of run dashboards
RyanL1997 Sep 22, 2023
225cfd7
Seprate linux and windows runner for oidc configuration
RyanL1997 Sep 25, 2023
1ed2a85
Switch back to the original startup command for dashboards
RyanL1997 Sep 25, 2023
64642dd
Fix the format
RyanL1997 Sep 25, 2023
a14c202
Merge branch 'main' into cypress12-oidc-testing
RyanL1997 Nov 14, 2023
f4a3a41
Add some debugging statement to the workflow and remove some comments
RyanL1997 Nov 14, 2023
7f7c40d
Add static client secret for keycloak - 0
RyanL1997 Nov 15, 2023
f794c39
Finish refactoring 1st test case of oidc
RyanL1997 Nov 16, 2023
aad5fe7
Finish refactoring 1st test case of oidc 1
RyanL1997 Nov 16, 2023
2110093
Finish refactoring 2 test case of oidc
RyanL1997 Nov 16, 2023
64a0809
Finish refactoring 3 test case of oidc
RyanL1997 Nov 17, 2023
56ac230
Merge branch 'main' into cypress12-oidc-testing
RyanL1997 Nov 20, 2023
5abf7ce
Finish refactoring 4 test case of oidc
RyanL1997 Nov 20, 2023
3712e3a
Merge branch 'main' into cypress12-oidc-testing
RyanL1997 Nov 21, 2023
5176b8b
Remove windows runner from the workflow
RyanL1997 Nov 21, 2023
baea6ea
Initial setup of saml e2e
RyanL1997 Nov 21, 2023
f562d3a
Refactor the name of tests for both saml and oidc flows
RyanL1997 Nov 21, 2023
722a7bb
Setup 1st saml test case
RyanL1997 Nov 21, 2023
d21f651
fix the initialization of saml idp
RyanL1997 Nov 22, 2023
35d5c30
Add ls and pwd for idp runup
RyanL1997 Nov 22, 2023
8dc44bb
change dir
RyanL1997 Nov 22, 2023
a342603
Set directory before run idp
RyanL1997 Nov 22, 2023
b7a5c4c
Move idp initialization before dashbaord run up
RyanL1997 Nov 22, 2023
be4a62a
Change the saml authbackend into order 1
RyanL1997 Nov 22, 2023
e2b043c
Remove button name config for saml
RyanL1997 Nov 22, 2023
e4fff29
Switch the order of saml authbackend to 7
RyanL1997 Nov 22, 2023
17ca3c4
Replace security config instead
RyanL1997 Nov 22, 2023
3a343e9
Add debugging statements
RyanL1997 Nov 22, 2023
1ea08a3
remove work directory
RyanL1997 Nov 22, 2023
6ebfdb5
Add another ls
RyanL1997 Nov 22, 2023
d9c4fbd
Add another debugging statement
RyanL1997 Nov 22, 2023
4c8249f
change the format of security config
RyanL1997 Nov 22, 2023
21c0cc3
Rename tests
RyanL1997 Nov 22, 2023
80192ed
Set up utils for customize commands
RyanL1997 Nov 22, 2023
82bb3a5
Set up fixtures and commands correctly
RyanL1997 Nov 22, 2023
382af99
Add an echo for setup script
RyanL1997 Nov 22, 2023
614d2fa
Add a ls for script running step
RyanL1997 Nov 22, 2023
034e1f3
Add admin step manually for now
RyanL1997 Nov 23, 2023
1ecc116
Add fake visit for saml test
RyanL1997 Nov 23, 2023
3a164e8
Update comments
RyanL1997 Nov 23, 2023
46edd82
Remove pkg lock json file
RyanL1997 Nov 24, 2023
6927306
Finish SAML auth test suite
RyanL1997 Nov 24, 2023
1323574
Remove old saml auth test
RyanL1997 Nov 24, 2023
beced89
Address comment
RyanL1997 Nov 24, 2023
88b1e65
Add more security commands
RyanL1997 Nov 24, 2023
57db33e
Add response code check instead of wait
RyanL1997 Nov 27, 2023
e8ffb58
Change the oidc backend config injection to use echo instead of yq
RyanL1997 Nov 28, 2023
b899080
Remove timeout
RyanL1997 Nov 28, 2023
9c5dcd3
rename the cypress dir and fix lint
RyanL1997 Nov 28, 2023
7b1d749
Relocating cypress into test dir and change the related dir in gitignore
RyanL1997 Nov 28, 2023
4538d38
Merge branch 'main' into cypress12-oidc-testing
RyanL1997 Nov 28, 2023
ed8ca20
Merge branch 'main' into cypress12-oidc-testing
RyanL1997 Nov 29, 2023
898fc23
Switch the dashboard config by using cat instead of echo
RyanL1997 Nov 29, 2023
de98ece
Add version check step for keycloak
RyanL1997 Nov 29, 2023
e86c7b9
Add version check step for keycloak - fix0
RyanL1997 Nov 29, 2023
712210c
Add version check step for keycloak - fix1
RyanL1997 Nov 29, 2023
808b645
Try dashboard output detection on oidc workflow-0
RyanL1997 Nov 29, 2023
6462587
Try dashboard output detection on oidc workflow-1
RyanL1997 Nov 29, 2023
6abffa4
Add log check step for both workflows
RyanL1997 Nov 29, 2023
fa670c1
Add msg for the checking step
RyanL1997 Nov 29, 2023
bb23594
Fix the dir in .eslintignore
RyanL1997 Nov 29, 2023
265e665
Merge branch 'main' into cypress12-oidc-testing
RyanL1997 Nov 29, 2023
ad0ca9b
Switch to checksum for kc script
RyanL1997 Nov 29, 2023
dc36116
Switch to checksum for kc script-1
RyanL1997 Nov 29, 2023
d1e0b74
Switch to checksum for kc script-2
RyanL1997 Nov 29, 2023
9f6eed5
Remove debugging statements
RyanL1997 Nov 29, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .eslintignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ node_modules
/build
/target
/.eslintrc.js
/cypress.config.js
32 changes: 22 additions & 10 deletions .eslintrc.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,15 @@ const LICENSE_HEADER = `
*/
`

module.exports = {
root: true,
module.exports = {
root: true,
extends: ['@elastic/eslint-config-kibana', 'plugin:@elastic/eui/recommended'],
env: {
'cypress/globals': true,
},
plugins: [
'cypress',
],
rules: {
// "@osd/eslint/require-license-header": "off"
'@osd/eslint/no-restricted-paths': [
Expand All @@ -27,11 +33,17 @@ module.exports = {
zones: [
{
target: ['(public|server)/**/*'],
from: ['../../packages/**/*','packages/**/*']
from: ['../../packages/**/*','packages/**/*'],
},
]
}
]
],
},
],
// Add cypress specific rules here
'cypress/no-assigning-return-values': 'error',
cwperks marked this conversation as resolved.
Show resolved Hide resolved
'cypress/no-unnecessary-waiting': 'error',
'cypress/assertion-before-screenshot': 'warn',
'cypress/no-force': 'warn',
'cypress/no-async-tests': 'error',
RyanL1997 marked this conversation as resolved.
Show resolved Hide resolved
},
overrides: [
{
Expand All @@ -43,8 +55,8 @@ module.exports = {
licenses: [ LICENSE_HEADER ],
},
],
"no-console": 0
}
}
'no-console': 0,
},
},
],
};
};
260 changes: 260 additions & 0 deletions .github/workflows/cypress-test-oidc-e2e.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,260 @@
name: Snapshot based E2E OIDC tests workflow
on:
pull_request:
branches: [ '**' ]
env:
OPENSEARCH_VERSION: '3.0.0'
KEYCLOAK_VERSION: '21.0.1'
TEST_KEYCLOAK_CLIENT_SECRET: 'oacHfNaXyy81r2uHq1A9RY4ASryre4rZ'
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security
# This is the SHA256 checksum of the known good kc.sh script for Keycloak version 21.0.1.
KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT: 'f825ea1a9ffa5ad91673737c06857ababbb69b6b8f09e0c637b4c998517f9608'

jobs:
tests:
name: Run Cypress E2E OIDC tests
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}

steps:
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: 11

- name: Checkout Branch
uses: actions/checkout@v3

- name: Set env
run: |
opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version")
plugin_version=$(node -p "require('./package.json').version")
echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV
echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
shell: bash

# Download and Check Keycloak Version
- name: Download and Check Keyloak Version on Linux
if: ${{ runner.os == 'Linux' }}
run: |
echo "Downloading Keycloak ${{ env.KEYCLOAK_VERSION }}"
wget https://github.com/keycloak/keycloak/releases/download/${{ env.KEYCLOAK_VERSION }}/keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz
cwperks marked this conversation as resolved.
Show resolved Hide resolved
echo "Unpacking Keycloak"
tar -xzf keycloak-${{ env.KEYCLOAK_VERSION }}.tar.gz
cd keycloak-${{ env.KEYCLOAK_VERSION }}/bin
chmod +x ./kc.sh
echo "Generating checksum for the downloaded kc.sh script..."
DOWNLOADED_CHECKSUM=$(sha256sum kc.sh | awk '{print $1}')
echo "Downloaded kc.sh checksum: $DOWNLOADED_CHECKSUM"
echo "Known good kc.sh checksum: ${{ env.KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT }}"
KNOWN_GOOD_CHECKSUM="${{ env.KNOWN_CHECKSUM_OF_KEYCLOAK_SCRIPT }}"
if [ "$DOWNLOADED_CHECKSUM" != "$KNOWN_GOOD_CHECKSUM" ]; then
echo "Checksum mismatch. The kc.sh script does not match the known good version. Please check https://github.com/keycloak/keycloak and verify the updates."
exit 1
else
echo "Checksum match confirmed. Proceeding with setup."
fi
chmod +x ./kc.sh

# Setup and Run Keycloak
- name: Get and run Keycloak on Linux
if: ${{ runner.os == 'Linux' }}
run: |
pwd
ls
export KEYCLOAK_ADMIN=admin
export KEYCLOAK_ADMIN_PASSWORD=admin
cd keycloak-${{ env.KEYCLOAK_VERSION }}/bin
echo "Starting keycloak"
./kc.sh start-dev --http-enabled=true --hostname-strict-https=false --http-host=localhost --http-relative-path /auth --health-enabled=true &
peternied marked this conversation as resolved.
Show resolved Hide resolved
timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:8080/auth/health)" != "200" ]]; do sleep 5; done'
chmod +x kcadm.sh
echo "Creating client"
./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin
CID=$(./kcadm.sh create clients -r master -s clientId=opensearch -s secret="${{ env.TEST_KEYCLOAK_CLIENT_SECRET }}" -s 'attributes."access.token.lifespan"=60' -s 'redirectUris=["http://localhost:5603/auth/openid/login", "http://localhost:5601", "http://localhost:5601/auth/openid/login"]' -i)
./kcadm.sh get clients/$CID/installation/providers/keycloak-oidc-keycloak-json > tmp
RyanL1997 marked this conversation as resolved.
Show resolved Hide resolved

echo "Getting client secret for dashboards configuration purpose"
CLIENT_SECRET=$(grep -o '"secret" : "[^"]*' tmp | grep -o '[^"]*$')
echo "KEYCLOAK_CLIENT_SECRET=$CLIENT_SECRET" >> $GITHUB_ENV
echo "The client secret is: $CLIENT_SECRET"
echo "Creating client mapper"
./kcadm.sh create clients/$CID/protocol-mappers/models -r master -s 'config."id.token.claim"=true' -s 'config."multivalued"=true' -s 'config."claim.name"="roles"' -s 'config."userinfo.token.claim"=true' -s 'config."access.token.claim"=true' -s 'name=rolemapper' -s 'protocolMapper=oidc-usermodel-realm-role-mapper' -s "protocol=openid-connect"

- name: Download security plugin and create setup scripts
uses: ./.github/actions/download-plugin
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
plugin-version: ${{ env.PLUGIN_VERSION }}

# Download OpenSearch
- name: Download OpenSearch for Linux
uses: peternied/download-file@v2
if: ${{ runner.os == 'Linux' }}
with:
url: https://artifacts.opensearch.org/snapshots/core/opensearch/${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/opensearch-min-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT-linux-x64-latest.tar.gz

# Extract downloaded tar/zip
- name: Extract downloaded tar
if: ${{ runner.os == 'Linux' }}
run: |
tar -xzf opensearch-*.tar.gz
rm -f opensearch-*.tar.gz
shell: bash

# Install the security plugin
- name: Install Plugin into OpenSearch for Linux
if: ${{ runner.os == 'Linux'}}
run: |
chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin
/bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch-plugin install file:$(pwd)/opensearch-security.zip"
shell: bash

# Add OIDC Configuration
- name: Injecting OIDC Configuration for Linux
if: ${{ runner.os == 'Linux'}}
run: |
echo "Creating new SAML configuration"
pwd
cd ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch-security/
rm -rf config.yml
ls
cat << 'EOT' > config.yml
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
subject_key: preferred_username
roles_key: roles
openid_connect_url: http://localhost:8080/auth/realms/master/.well-known/openid-configuration
authentication_backend:
type: noop
EOT
echo "THIS IS THE SECURITY CONFIG FILE: "
cat config.yml

# TODO: REMOVE THIS ONCE ADMIN JAVA TOOL SUPPORT IT
- name: Write password to initialAdminPassword location
if: ${{ runner.os == 'Linux'}}
run:
echo admin >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt
shell: bash

# Run any configuration scripts
- name: Run Setup Script for Linux
if: ${{ runner.os == 'Linux' }}
run: |
echo "running linux setup"
chmod +x ./setup.sh
./setup.sh
shell: bash

# Run OpenSearch
- name: Run OpenSearch with plugin on Linux
if: ${{ runner.os == 'Linux'}}
run: |
/bin/bash -c "./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/bin/opensearch &"
shell: bash

# Give the OpenSearch process some time to boot up before sending any requires, might need to increase the default time!
- name: Sleep while OpenSearch starts
uses: peternied/action-sleep@v1
with:
seconds: 30

# Verify that the server is operational
- name: Check OpenSearch Running on Linux
if: ${{ runner.os != 'Windows'}}
run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v
shell: bash

- if: always()
run: cat ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/logs/opensearch.log
shell: bash

# OSD bootstrap
- name: Run Dashboard with Security Dashboards Plugin
uses: ./.github/actions/install-dashboards
with:
plugin_name: security-dashboards-plugin

# Configure the Dashboard for OIDC setup
- name: Configure and Run OpenSearch Dashboards with Cypress Test Cases
if: ${{ runner.os == 'Linux' }}
run: |
cd ./OpenSearch-Dashboards
rm -rf ./config/opensearch_dashboards.yml
cat << 'EOT' > ./config/opensearch_dashboards.yml
server.host: "localhost"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
opensearch_security.openid.connect_url: "http://127.0.0.1:8080/auth/realms/master/.well-known/openid-configuration"
opensearch_security.openid.client_id: "opensearch"
opensearch_security.openid.client_secret: "${{ env.TEST_KEYCLOAK_CLIENT_SECRET }}"
opensearch_security.auth.type: ["openid"]
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.ui.openid.login.buttonname: "OIDC"
home.disableWelcomeScreen: true
EOT
echo 'HERE IS THE DASHBOARD CONFIG'
cat ./config/opensearch_dashboards.yml
nohup yarn start --no-base-path --no-watch | tee dashboard.log &

- name : Check If OpenSearch Dashboards Is Ready
if: ${{ runner.os == 'Linux' }}
run: |
cd ./OpenSearch-Dashboards
echo "Start checking OpenSearch Dashboards."
for i in {1..60}; do
if grep -q "bundles compiled successfully after" "dashboard.log"; then
echo "OpenSearch Dashboards compiled successfully."
break
fi
if [ $i -eq 60 ]; then
echo "Timeout for 600 seconds reached. OpenSearch Dashboards did not finish compiling."
exit 1
fi
sleep 10
done

- name: Run Cypress
run : |
yarn add cypress --save-dev
yarn cypress:run --browser chrome --headless --spec 'test/cypress/e2e/oidc/*.js'
Loading
Loading