Merge branch 'main' into proxyMultiAuth #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Snapshot based E2E SAML multi-auth tests workflow | |
on: [ push, pull_request ] | |
env: | |
OPENSEARCH_VERSION: '3.0.0' | |
CI: 1 | |
# avoid warnings like "tput: No value for $TERM and no -T specified" | |
TERM: xterm | |
PLUGIN_NAME: opensearch-security | |
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! | |
jobs: | |
tests: | |
name: Run Cypress E2E SAML multi-auth tests | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest ] | |
basePath: [ "", "/osd" ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout Branch | |
uses: actions/checkout@v3 | |
# Add SAML Configuration | |
- name: Injecting SAML Configuration for Linux | |
if: ${{ runner.os == 'Linux'}} | |
run: | | |
echo "Creating new SAML configuration" | |
cat << 'EOT' > config_multiauth.yml | |
--- | |
_meta: | |
type: "config" | |
config_version: 2 | |
config: | |
dynamic: | |
http: | |
anonymous_auth_enabled: false | |
authc: | |
basic_internal_auth_domain: | |
description: "Authenticate via HTTP Basic against internal users database" | |
http_enabled: true | |
transport_enabled: true | |
order: 0 | |
http_authenticator: | |
type: basic | |
challenge: false | |
authentication_backend: | |
type: intern | |
saml_auth_domain: | |
http_enabled: true | |
transport_enabled: false | |
order: 1 | |
http_authenticator: | |
type: saml | |
challenge: true | |
config: | |
idp: | |
entity_id: urn:example:idp | |
metadata_url: http://localhost:7000/metadata | |
sp: | |
entity_id: https://localhost:9200 | |
kibana_url: http://localhost:5601${{ matrix.basePath }} | |
exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 | |
authentication_backend: | |
type: noop | |
EOT | |
# Configure the Dashboard for SAML setup | |
- name: Configure OpenSearch Dashboards with multi-auth configuration including SAML | |
if: ${{ runner.os == 'Linux' }} | |
run: | | |
cat << 'EOT' > opensearch_dashboards_multiauth.yml | |
server.host: "localhost" | |
opensearch.hosts: ["https://localhost:9200"] | |
opensearch.ssl.verificationMode: none | |
opensearch.username: "kibanaserver" | |
opensearch.password: "kibanaserver" | |
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] | |
opensearch_security.multitenancy.enabled: true | |
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] | |
opensearch_security.readonly_mode.roles: ["kibana_read_only"] | |
opensearch_security.cookie.secure: false | |
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"] | |
opensearch_security.auth.type: ["basicauth","saml"] | |
opensearch_security.auth.multiple_auth_enabled: true | |
opensearch_security.auth.anonymous_auth_enabled: false | |
home.disableWelcomeScreen: true | |
EOT | |
- name: Run OSD with basePath | |
if: ${{ matrix.basePath != '' }} | |
run: | | |
echo "server.basePath: \"${{ matrix.basePath }}\"" >> opensearch_dashboards_multiauth.yml | |
echo "server.rewriteBasePath: true" >> opensearch_dashboards_multiauth.yml | |
- name: Run Cypress Tests with basePath | |
if: ${{ matrix.basePath != '' }} | |
uses: ./.github/actions/run-cypress-tests | |
with: | |
security_config_file: config_multiauth.yml | |
dashboards_config_file: opensearch_dashboards_multiauth.yml | |
yarn_command: 'yarn cypress:run --browser chrome --headless --env loginMethod=saml_multiauth,basePath=${{ matrix.basePath }} --spec "test/cypress/e2e/saml/*.js"' | |
osd_base_path: ${{ matrix.basePath }} | |
- name: Run Cypress Tests | |
if: ${{ matrix.basePath == '' }} | |
uses: ./.github/actions/run-cypress-tests | |
with: | |
security_config_file: config_multiauth.yml | |
dashboards_config_file: opensearch_dashboards_multiauth.yml | |
yarn_command: 'yarn cypress:run --browser chrome --headless --env loginMethod=saml_multiauth --spec "test/cypress/e2e/saml/*.js"' |