[Backport 2.x] Fix issue: tenant is defaulting incorrectly based on the ordering of: opensearch_security.multitenancy.tenants.preferred #2019 #1545
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Snapshot based E2E SAML tests workflow | |
on: [ push, pull_request ] | |
env: | |
OPENSEARCH_VERSION: '2.12.0' | |
CI: 1 | |
# avoid warnings like "tput: No value for $TERM and no -T specified" | |
TERM: xterm | |
PLUGIN_NAME: opensearch-security | |
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! | |
jobs: | |
tests: | |
name: Run Cypress E2E SAML tests | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest ] | |
basePath: [ "", "/osd" ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout Branch | |
uses: actions/checkout@v3 | |
# Add SAML Configuration | |
- name: Create SAML Configuration for Linux | |
if: ${{ runner.os == 'Linux'}} | |
run: | | |
echo "Creating new SAML configuration" | |
cat << 'EOT' > config_saml.yml | |
--- | |
_meta: | |
type: "config" | |
config_version: 2 | |
config: | |
dynamic: | |
http: | |
anonymous_auth_enabled: false | |
authc: | |
basic_internal_auth_domain: | |
description: "Authenticate via HTTP Basic against internal users database" | |
http_enabled: true | |
transport_enabled: true | |
order: 0 | |
http_authenticator: | |
type: basic | |
challenge: false | |
authentication_backend: | |
type: intern | |
saml_auth_domain: | |
http_enabled: true | |
transport_enabled: false | |
order: 1 | |
http_authenticator: | |
type: saml | |
challenge: true | |
config: | |
idp: | |
entity_id: urn:example:idp | |
metadata_url: http://localhost:7000/metadata | |
sp: | |
entity_id: https://localhost:9200 | |
kibana_url: http://localhost:5601${{ matrix.basePath }} | |
exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 | |
authentication_backend: | |
type: noop | |
EOT | |
# Configure the Dashboard for SAML setup | |
- name: Configure and Run OpenSearch Dashboards with SAML Configuration | |
if: ${{ runner.os == 'Linux' }} | |
run: | | |
cat << 'EOT' > opensearch_dashboards_saml.yml | |
server.host: "localhost" | |
opensearch.hosts: ["https://localhost:9200"] | |
opensearch.ssl.verificationMode: none | |
opensearch.username: "kibanaserver" | |
opensearch.password: "kibanaserver" | |
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] | |
opensearch_security.multitenancy.enabled: true | |
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] | |
opensearch_security.readonly_mode.roles: ["kibana_read_only"] | |
opensearch_security.cookie.secure: false | |
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"] | |
opensearch_security.auth.type: ["saml"] | |
opensearch_security.auth.multiple_auth_enabled: true | |
opensearch_security.auth.anonymous_auth_enabled: false | |
home.disableWelcomeScreen: true | |
EOT | |
- name: Run OSD with basePath | |
if: ${{ matrix.basePath != '' }} | |
run: | | |
echo "server.basePath: \"${{ matrix.basePath }}\"" >> opensearch_dashboards_saml.yml | |
echo "server.rewriteBasePath: true" >> opensearch_dashboards_saml.yml | |
- name: Run Cypress Tests with basePath | |
if: ${{ matrix.basePath != '' }} | |
uses: ./.github/actions/run-cypress-tests | |
with: | |
security_config_file: config_saml.yml | |
dashboards_config_file: opensearch_dashboards_saml.yml | |
yarn_command: 'yarn cypress:run --browser chrome --headless --spec "test/cypress/e2e/saml/*.js" --env basePath=${{ matrix.basePath }}' | |
osd_base_path: ${{ matrix.basePath }} | |
- name: Run Cypress Tests | |
if: ${{ matrix.basePath == '' }} | |
uses: ./.github/actions/run-cypress-tests | |
with: | |
security_config_file: config_saml.yml | |
dashboards_config_file: opensearch_dashboards_saml.yml | |
yarn_command: 'yarn cypress:run --browser chrome --headless --spec "test/cypress/e2e/saml/*.js"' |