Adding @derek-ho as a maintainer (#1758) #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Snapshot based E2E SAML multi-auth tests workflow | |
on: [ push, pull_request ] | |
env: | |
OPENSEARCH_VERSION: '3.0.0' | |
CI: 1 | |
# avoid warnings like "tput: No value for $TERM and no -T specified" | |
TERM: xterm | |
PLUGIN_NAME: opensearch-security | |
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! | |
jobs: | |
tests: | |
name: Run Cypress E2E SAML multi-auth tests | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout Branch | |
uses: actions/checkout@v3 | |
# Add SAML Configuration | |
- name: Injecting SAML Configuration for Linux | |
if: ${{ runner.os == 'Linux'}} | |
run: | | |
echo "Creating new SAML configuration" | |
cat << 'EOT' > config_multiauth.yml | |
--- | |
_meta: | |
type: "config" | |
config_version: 2 | |
config: | |
dynamic: | |
http: | |
anonymous_auth_enabled: false | |
authc: | |
basic_internal_auth_domain: | |
description: "Authenticate via HTTP Basic against internal users database" | |
http_enabled: true | |
transport_enabled: true | |
order: 0 | |
http_authenticator: | |
type: basic | |
challenge: false | |
authentication_backend: | |
type: intern | |
saml_auth_domain: | |
http_enabled: true | |
transport_enabled: false | |
order: 1 | |
http_authenticator: | |
type: saml | |
challenge: true | |
config: | |
idp: | |
entity_id: urn:example:idp | |
metadata_url: http://localhost:7000/metadata | |
sp: | |
entity_id: https://localhost:9200 | |
kibana_url: http://localhost:5601 | |
exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 | |
authentication_backend: | |
type: noop | |
EOT | |
echo "THIS IS THE SECURITY CONFIG FILE: " | |
cat config_multiauth.yml | |
# Configure the Dashboard for SAML setup | |
- name: Configure OpenSearch Dashboards with multi-auth configuration including SAML | |
if: ${{ runner.os == 'Linux' }} | |
run: | | |
cat << 'EOT' > opensearch_dashboards_multiauth.yml | |
server.host: "localhost" | |
opensearch.hosts: ["https://localhost:9200"] | |
opensearch.ssl.verificationMode: none | |
opensearch.username: "kibanaserver" | |
opensearch.password: "kibanaserver" | |
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] | |
opensearch_security.multitenancy.enabled: true | |
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] | |
opensearch_security.readonly_mode.roles: ["kibana_read_only"] | |
opensearch_security.cookie.secure: false | |
server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"] | |
opensearch_security.auth.type: ["basicauth","saml"] | |
opensearch_security.auth.multiple_auth_enabled: true | |
opensearch_security.auth.anonymous_auth_enabled: false | |
home.disableWelcomeScreen: true | |
EOT | |
echo 'HERE IS THE DASHBOARD CONFIG FILE: ' | |
cat opensearch_dashboards_multiauth.yml | |
- name: Run Cypress Tests | |
uses: ./.github/actions/run-cypress-tests | |
with: | |
security_config_file: config_multiauth.yml | |
dashboards_config_file: opensearch_dashboards_multiauth.yml | |
yarn_command: 'yarn cypress:run --browser chrome --headless --env loginMethod=saml_multiauth --spec "test/cypress/e2e/saml/*.js"' |