From 5a37de32237076e07f08849d397f69d30a7fa4e0 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 23 Feb 2024 12:15:38 -0500 Subject: [PATCH 01/98] update worker class for test proxy to eventlet --- Procfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Procfile b/Procfile index fbb08fa..55abd7c 100644 --- a/Procfile +++ b/Procfile @@ -1 +1 @@ -web: gunicorn --access-logfile - --error-logfile - --log-level info --timeout 300 "cf_auth_proxy.app:create_app()" +web: gunicorn --access-logfile - --error-logfile - --log-level info --timeout 300 --worker-class eventlet "cf_auth_proxy.app:create_app()" From 3b26e0efb2778c689aa388e93b68b24a965c9099 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 23 Feb 2024 12:16:06 -0500 Subject: [PATCH 02/98] temporarily point to CI at test branch --- ci/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index fa34a6b..ebb602a 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -212,7 +212,7 @@ resources: check_every: 10s source: uri: https://github.com/cloud-gov/opensearch-dashboards-cf-auth-proxy - branch: main + branch: fix-e2e-tests commit_verification_keys: ((cloud-gov-pgp-keys)) - name: dev-opensearch-image From a8718494bea100d4ac5399f2d6ee6b6ce6a53d83 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 23 Feb 2024 15:12:15 -0500 Subject: [PATCH 03/98] refactor check for welcome message --- e2e/utils.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/e2e/utils.py b/e2e/utils.py index 4374fe9..842028e 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -55,13 +55,13 @@ def log_in(user, page, start_at=None): def handle_welcome_message(page): - total_wait_period_secs = 10 + total_wait_period_secs = 20 wait_between_retry_secs = 0.25 - num_retries = math.floor(total_wait_period_secs / wait_between_retry_secs) # this welcome page can appear anywhere in the dashboard loading process, # so we're waiting to see if it appears and handling it - for i in range(1, num_retries): + t_end = time.time() + total_wait_period_secs + while time.time() < t_end: welcome_heading = page.get_by_role( "heading", name="Welcome to OpenSearch Dashboards" ) From 81b6f49e8f566727a861970e652d7ce5ea290edd Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 27 Feb 2024 16:13:16 -0500 Subject: [PATCH 04/98] remove unused import --- e2e/utils.py | 1 - 1 file changed, 1 deletion(-) diff --git a/e2e/utils.py b/e2e/utils.py index 842028e..576bf88 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -1,4 +1,3 @@ -import math import re import time From 7ece32a82e40d2840f1c39ffafd2be6b8ebaeb3e Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 27 Feb 2024 16:13:52 -0500 Subject: [PATCH 05/98] applied black formatting --- cf_auth_proxy/app.py | 4 ++-- cf_auth_proxy/config.py | 6 +++--- cf_auth_proxy/proxy.py | 2 +- cf_auth_proxy/uaa.py | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cf_auth_proxy/app.py b/cf_auth_proxy/app.py index 60ef7e8..9326997 100644 --- a/cf_auth_proxy/app.py +++ b/cf_auth_proxy/app.py @@ -33,7 +33,7 @@ def refresh_session(): "token_format": "opaque", "refresh_token": session["refresh_token"], }, - timeout=config.REQUEST_TIMEOUT + timeout=config.REQUEST_TIMEOUT, ) try: r.raise_for_status() @@ -81,7 +81,7 @@ def callback(): auth=requests.auth.HTTPBasicAuth( config.UAA_CLIENT_ID, config.UAA_CLIENT_SECRET ), - timeout=config.REQUEST_TIMEOUT + timeout=config.REQUEST_TIMEOUT, ) try: r.raise_for_status() diff --git a/cf_auth_proxy/config.py b/cf_auth_proxy/config.py index 5698268..e22c2eb 100644 --- a/cf_auth_proxy/config.py +++ b/cf_auth_proxy/config.py @@ -37,10 +37,10 @@ def __init__(self): self.CF_API_URL = "http://mock.cf/" self.UAA_AUTH_URL = "http://mock.uaa/authorize" self.UAA_BASE_URL = "http://mock.uaa/" - self.UAA_TOKEN_URL = "http://mock.uaa/token" # nosec + self.UAA_TOKEN_URL = "http://mock.uaa/token" # nosec self.UAA_CLIENT_ID = "EXAMPLE" - self.UAA_CLIENT_SECRET = "example" # nosec - self.SECRET_KEY = "CHANGEME" # nosec + self.UAA_CLIENT_SECRET = "example" # nosec + self.SECRET_KEY = "CHANGEME" # nosec self.PERMANENT_SESSION_LIFETIME = 120 self.SESSION_REFRESH_EACH_REQUEST = False self.CF_ADMIN_GROUP_NAME = "cloud_controller.admin" diff --git a/cf_auth_proxy/proxy.py b/cf_auth_proxy/proxy.py index e51d7e5..c34eb49 100644 --- a/cf_auth_proxy/proxy.py +++ b/cf_auth_proxy/proxy.py @@ -14,7 +14,7 @@ def proxy_request(url, headers, data, cookies, method): cookies=cookies, allow_redirects=False, cert=(config.DASHBOARD_CERTIFICATE, config.DASHBOARD_CERTIFICATE_KEY), - verify=config.DASHBOARD_CERTIFICATE_CA + verify=config.DASHBOARD_CERTIFICATE_CA, ) excluded_headers = [ diff --git a/cf_auth_proxy/uaa.py b/cf_auth_proxy/uaa.py index 2e01930..0c7a268 100644 --- a/cf_auth_proxy/uaa.py +++ b/cf_auth_proxy/uaa.py @@ -16,7 +16,7 @@ def get_client_credentials_token(): auth=requests.auth.HTTPBasicAuth( config.UAA_CLIENT_ID, config.UAA_CLIENT_SECRET ), - timeout=config.REQUEST_TIMEOUT + timeout=config.REQUEST_TIMEOUT, ) try: From 9a81975cad86f9137fb41e7b87f188cba4cbcb81 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 27 Feb 2024 16:16:00 -0500 Subject: [PATCH 06/98] update pipeline to use hardened playwright image --- ci/pipeline.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index ebb602a..5dfefc2 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -172,15 +172,11 @@ jobs: DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) - task: e2e-tests + image: harden-playwright config: inputs: - name: src platform: linux - image_resource: - type: docker-image - source: - repository: mcr.microsoft.com/playwright - tag: jammy run: path: src/ci/e2e.sh params: @@ -252,6 +248,15 @@ resources: aws_region: us-gov-west-1 tag: latest +- name: harden-playwright + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: harden-playwright + aws_region: us-gov-west-1 + tag: latest + ############################ # RESOURCE TYPES From 69cbc7c02487e09f862f884be377569afca29858 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 27 Feb 2024 16:21:05 -0500 Subject: [PATCH 07/98] fix pipeline definiton --- ci/pipeline.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 5dfefc2..db0c42d 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -111,6 +111,7 @@ jobs: trigger: true passed: [deploy-test-apps] - get: general-task + - get: harden-playwright - task: provision-cf-access image: general-task config: From ee7645076fec6ef64f6c1bd00bdda6611d28dd31 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 27 Feb 2024 16:26:25 -0500 Subject: [PATCH 08/98] add check for black formatting --- ci/test.sh | 1 + dev | 3 +++ 2 files changed, 4 insertions(+) diff --git a/ci/test.sh b/ci/test.sh index 65d50ad..e48e804 100755 --- a/ci/test.sh +++ b/ci/test.sh @@ -5,4 +5,5 @@ shopt -s inherit_errexit src/dev set-up-environment src/dev bandit +src/dev black --check src/dev test diff --git a/dev b/dev index 6b09094..18db681 100755 --- a/dev +++ b/dev @@ -226,6 +226,9 @@ main() { bandit) ${python} -m bandit -r cf_auth_proxy ;; + black) + ${python} -m black . "$@" + ;; test|tests) export FLASK_ENV=unit ${python} -m piptools sync requirements.txt dev-requirements.txt From c282eed365909ab39269640bd84124e470c41ac9 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Mon, 4 Mar 2024 11:58:13 -0500 Subject: [PATCH 09/98] add config to disable welcome screen for opensearch dashboards --- docker/opensearch_dashboards/opensearch_dashboards.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker/opensearch_dashboards/opensearch_dashboards.yml b/docker/opensearch_dashboards/opensearch_dashboards.yml index 0717be8..2d8a67a 100644 --- a/docker/opensearch_dashboards/opensearch_dashboards.yml +++ b/docker/opensearch_dashboards/opensearch_dashboards.yml @@ -19,3 +19,6 @@ opensearch.requestHeadersAllowlist: ["securitytenant","Authorization","x-forward opensearch_security.auth.type: "proxy" opensearch_security.proxycache.user_header: "x-proxy-user" opensearch_security.proxycache.roles_header: "x-proxy-roles" + +# disable the welcome screen to make e2e tests less flaky +home.disableWelcomeScreen: true From 7ee8a8fcf26139d764126fd4b6534f5283751096 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Mon, 4 Mar 2024 11:58:29 -0500 Subject: [PATCH 10/98] update opensearch docker images to 2.12.0 --- docker/opensearch/dockerfile | 2 +- docker/opensearch_dashboards/dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/opensearch/dockerfile b/docker/opensearch/dockerfile index 87c5c41..a3c06a7 100644 --- a/docker/opensearch/dockerfile +++ b/docker/opensearch/dockerfile @@ -1,4 +1,4 @@ -FROM opensearchproject/opensearch:2.9.0 as opensearch +FROM opensearchproject/opensearch:2.12.0 as opensearch # ok, this is a little weird. # we're building this image to run on Cloud Foundry, where we can diff --git a/docker/opensearch_dashboards/dockerfile b/docker/opensearch_dashboards/dockerfile index 805f33c..20ebb62 100644 --- a/docker/opensearch_dashboards/dockerfile +++ b/docker/opensearch_dashboards/dockerfile @@ -1,4 +1,4 @@ -FROM opensearchproject/opensearch-dashboards:2.9.0 AS opensearch-dashboards +FROM opensearchproject/opensearch-dashboards:2.12.0 AS opensearch-dashboards FROM scratch From eb2ae60a598278a6f7815489c83beca544bb47db Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Mon, 4 Mar 2024 17:36:06 -0500 Subject: [PATCH 11/98] downgrade docker to opensearch 2.11 --- docker/docker-compose.yml | 2 +- docker/opensearch/dockerfile | 2 +- docker/opensearch_dashboards/dockerfile | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 122c1ae..9fb9940 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -5,7 +5,7 @@ version: '3.4' x-opensearch-node-common-vars: &x-opensearch-node-common-vars cluster.name: opensearch-cluster discovery.seed_hosts: opensearch-node1,opensearch-node2 - cluster.initial_master_nodes: opensearch-node1,opensearch-node2 + cluster.initial_cluster_manager_nodes: opensearch-node1,opensearch-node2 bootstrap.memory_lock: true # along with the memlock settings below, disables swapping OPENSEARCH_JAVA_OPTS: "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM plugins.security.audit.type: debug diff --git a/docker/opensearch/dockerfile b/docker/opensearch/dockerfile index a3c06a7..ee8211f 100644 --- a/docker/opensearch/dockerfile +++ b/docker/opensearch/dockerfile @@ -1,4 +1,4 @@ -FROM opensearchproject/opensearch:2.12.0 as opensearch +FROM opensearchproject/opensearch:2.11.0 as opensearch # ok, this is a little weird. # we're building this image to run on Cloud Foundry, where we can diff --git a/docker/opensearch_dashboards/dockerfile b/docker/opensearch_dashboards/dockerfile index 20ebb62..f31179d 100644 --- a/docker/opensearch_dashboards/dockerfile +++ b/docker/opensearch_dashboards/dockerfile @@ -1,10 +1,11 @@ -FROM opensearchproject/opensearch-dashboards:2.12.0 AS opensearch-dashboards +FROM opensearchproject/opensearch-dashboards:2.11.0 AS opensearch-dashboards FROM scratch COPY --from=opensearch-dashboards / / +ARG OPENSEARCH_INITIAL_ADMIN_PASSWORD ARG OPENSEARCH_DASHBOARDS_HOME=/usr/share/opensearch-dashboards WORKDIR $OPENSEARCH_DASHBOARDS_HOME From 8dfd7705db350097f2a8d364b4d19471c88fb111 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 5 Mar 2024 17:23:13 -0500 Subject: [PATCH 12/98] update script for seeding ES data to include all env vars --- dev | 1 + 1 file changed, 1 insertion(+) diff --git a/dev b/dev index 18db681..ff4ff5e 100755 --- a/dev +++ b/dev @@ -280,6 +280,7 @@ main() { ${python} -m black . ;; seed-es-data) + source_env_vars set_cf_default_vars set_cf_env_vars seed_es_data From a16085b20fd5b3c0508af0265524fbbf7679ffeb Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 5 Mar 2024 17:23:51 -0500 Subject: [PATCH 13/98] disable new theme modal to make e2e tests less flaky --- docker/opensearch_dashboards/opensearch_dashboards.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/opensearch_dashboards/opensearch_dashboards.yml b/docker/opensearch_dashboards/opensearch_dashboards.yml index 2d8a67a..ee37170 100644 --- a/docker/opensearch_dashboards/opensearch_dashboards.yml +++ b/docker/opensearch_dashboards/opensearch_dashboards.yml @@ -22,3 +22,5 @@ opensearch_security.proxycache.roles_header: "x-proxy-roles" # disable the welcome screen to make e2e tests less flaky home.disableWelcomeScreen: true +# disable the new theme modal to make e2e tests less flaky +home.disableNewThemeModal: true From f70f086c63a1538aa27db0f6814958956b9e49e0 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 5 Mar 2024 17:24:20 -0500 Subject: [PATCH 14/98] remove test handles for intermittent welcome message that is now disabled --- e2e/utils.py | 28 +++------------------------- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/e2e/utils.py b/e2e/utils.py index 576bf88..402dbd3 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -52,33 +52,11 @@ def log_in(user, page, start_at=None): authorize_button.wait_for() authorize_button.click() - -def handle_welcome_message(page): - total_wait_period_secs = 20 - wait_between_retry_secs = 0.25 - - # this welcome page can appear anywhere in the dashboard loading process, - # so we're waiting to see if it appears and handling it - t_end = time.time() + total_wait_period_secs - while time.time() < t_end: - welcome_heading = page.get_by_role( - "heading", name="Welcome to OpenSearch Dashboards" - ) - if welcome_heading.is_visible(): - explore_button = page.get_by_text("Explore on my own") - explore_button.wait_for() - explore_button.click() - - time.sleep(wait_between_retry_secs) - - def switch_tenants(page, tenant="Global"): """ switch to the specified tenant. """ - handle_welcome_message(page) - tenant_option = page.get_by_text(re.compile(f"^{tenant}.*$")) tenant_option.wait_for() tenant_option.click() @@ -115,6 +93,6 @@ def go_to_discover_page(page): refresh_button = page.get_by_text("Refresh") refresh_button.wait_for() - # the box the results are in - content_box = page.locator("css=div.dscWrapper__content") - content_box.wait_for() + # wait for the columhs header, which indicates the results box has loaded + refresh_button = page.get_by_text("Columns") + refresh_button.wait_for() From d543ac05e92651a0f3423278de9ca1006fc8d1ce Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 5 Mar 2024 17:24:49 -0500 Subject: [PATCH 15/98] refactor e2e tests for user 1 to use page locators per playwright guidance --- e2e/test_discover_filters_logs.py | 26 ++++++-------------------- 1 file changed, 6 insertions(+), 20 deletions(-) diff --git a/e2e/test_discover_filters_logs.py b/e2e/test_discover_filters_logs.py index 4c05615..f2bbac7 100644 --- a/e2e/test_discover_filters_logs.py +++ b/e2e/test_discover_filters_logs.py @@ -8,26 +8,12 @@ def test_see_correct_logs_in_discover_user_1(user_1, page): go_to_discover_page(page) - assert page.query_selector(".dscTimechart") is not None - - org_should_exist_results = page.query_selector_all("text=org_id_1") - assert len(org_should_exist_results) == 0 - - space_should_exist_results = page.query_selector_all("text=space_id_1") - assert len(space_should_exist_results) >= 1 - - should_not_exist_results = page.query_selector_all("text=/(org|space)_id_2/") - assert len(should_not_exist_results) == 0 - - space_should_not_exist_results = page.query_selector_all( - "text=org_1_both_orgs_space" - ) - assert len(space_should_not_exist_results) == 0 - - space_should_not_exist_results = page.query_selector_all( - "text=org_2_both_orgs_space" - ) - assert len(space_should_not_exist_results) == 0 + assert page.get_by_text("1 hit").count() == 1 + assert page.get_by_text("org_id_1").count() == 0 + assert page.get_by_text("space_id_1").count() == 1 + assert page.locator("text=/(org|space)_id_2/").count() == 0 + assert page.get_by_text("org_1_both_orgs_space").count() == 0 + assert page.get_by_text("org_2_both_orgs_space").count() == 0 def test_see_correct_logs_in_discover_user_2(user_2, page): From f51e5ae7aeeca6ba154b8db853d506bf8fda352c Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 5 Mar 2024 17:44:05 -0500 Subject: [PATCH 16/98] refactor e2e tests for other users to use page locators per playwright guidance --- e2e/test_discover_filters_logs.py | 86 +++++++++---------------------- 1 file changed, 23 insertions(+), 63 deletions(-) diff --git a/e2e/test_discover_filters_logs.py b/e2e/test_discover_filters_logs.py index f2bbac7..258d62d 100644 --- a/e2e/test_discover_filters_logs.py +++ b/e2e/test_discover_filters_logs.py @@ -10,8 +10,9 @@ def test_see_correct_logs_in_discover_user_1(user_1, page): assert page.get_by_text("1 hit").count() == 1 assert page.get_by_text("org_id_1").count() == 0 + assert page.get_by_text("org_id_2").count() == 0 assert page.get_by_text("space_id_1").count() == 1 - assert page.locator("text=/(org|space)_id_2/").count() == 0 + assert page.get_by_text("space_id_2").count() == 0 assert page.get_by_text("org_1_both_orgs_space").count() == 0 assert page.get_by_text("org_2_both_orgs_space").count() == 0 @@ -23,24 +24,13 @@ def test_see_correct_logs_in_discover_user_2(user_2, page): go_to_discover_page(page) - assert page.query_selector(".dscTimechart") is not None - - org_should_exist_results = page.query_selector_all("text=org_id_2") - assert len(org_should_exist_results) >= 1 - - space_should_exist_results = page.query_selector_all("text=space_id_2") - assert len(space_should_exist_results) >= 1 - - should_not_exist_results = page.query_selector_all("text=/(org|space)_id_1/") - assert len(should_not_exist_results) == 0 - - space_should_not_exist_results = page.query_selector_all( - "text=org_1_both_orgs_space" - ) - assert len(space_should_not_exist_results) == 0 - - space_should_exist_results = page.query_selector_all("text=org_2_both_orgs_space") - assert len(space_should_exist_results) >= 1 + assert page.get_by_text("3 hits").count() == 1 + assert page.get_by_text("org_id_1").count() == 0 + assert page.get_by_text("org_id_2").count() == 1 + assert page.get_by_text("space_id_1").count() == 0 + assert page.get_by_text("space_id_2").count() == 1 + assert page.get_by_text("org_1_both_orgs_space").count() == 0 + assert page.get_by_text("org_2_both_orgs_space").count() == 1 def test_see_correct_logs_in_discover_user_3(user_3, page): @@ -50,29 +40,13 @@ def test_see_correct_logs_in_discover_user_3(user_3, page): go_to_discover_page(page) - assert page.query_selector(".dscTimechart") is not None - - org_should_exist_results = page.query_selector_all("text=org_id_1") - assert len(org_should_exist_results) == 0 - - org_should_exist_results = page.query_selector_all("text=org_id_2") - assert len(org_should_exist_results) == 0 - - space_should_exist_results = page.query_selector_all("text=space_id_1") - assert len(space_should_exist_results) >= 1 - - space_should_exist_results = page.query_selector_all("text=space_id_2") - assert len(space_should_exist_results) >= 1 - - space_should_not_exist_results = page.query_selector_all( - "text=org_1_both_orgs_space" - ) - assert len(space_should_not_exist_results) == 0 - - space_should_not_exist_results = page.query_selector_all( - "text=org_2_both_orgs_space" - ) - assert len(space_should_not_exist_results) == 0 + assert page.get_by_text("2 hits").count() == 1 + assert page.get_by_text("org_id_1").count() == 0 + assert page.get_by_text("org_id_2").count() == 0 + assert page.get_by_text("space_id_1").count() == 1 + assert page.get_by_text("space_id_2").count() == 1 + assert page.get_by_text("org_1_both_orgs_space").count() == 0 + assert page.get_by_text("org_2_both_orgs_space").count() == 0 def test_see_correct_logs_in_discover_user_4(user_4, page): @@ -82,24 +56,10 @@ def test_see_correct_logs_in_discover_user_4(user_4, page): go_to_discover_page(page) - assert page.query_selector(".dscTimechart") is not None - - org_should_exist_results = page.query_selector_all("text=org_id_1") - assert len(org_should_exist_results) == 0 - - org_should_exist_results = page.query_selector_all("text=org_id_2") - assert len(org_should_exist_results) == 0 - - space_should_exist_results = page.query_selector_all("text=space_id_1") - assert len(space_should_exist_results) == 0 - - space_should_exist_results = page.query_selector_all("text=space_id_2") - assert len(space_should_exist_results) == 0 - - space_should_exist_results = page.query_selector_all("text=org_1_both_orgs_space") - assert len(space_should_exist_results) >= 1 - - space_should_not_exist_results = page.query_selector_all( - "text=org_2_both_orgs_space" - ) - assert len(space_should_not_exist_results) == 0 + assert page.get_by_text("1 hit").count() == 1 + assert page.get_by_text("org_id_1").count() == 0 + assert page.get_by_text("org_id_2").count() == 0 + assert page.get_by_text("space_id_1").count() == 0 + assert page.get_by_text("space_id_2").count() == 0 + assert page.get_by_text("org_1_both_orgs_space").count() == 1 + assert page.get_by_text("org_2_both_orgs_space").count() == 0 From 51e6146cc69c45effafb28b872f72ae204cf1a83 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 5 Mar 2024 17:46:56 -0500 Subject: [PATCH 17/98] update CI seed script to wipe test index on every run --- ci/seed-es-data.sh | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/ci/seed-es-data.sh b/ci/seed-es-data.sh index 85334e4..b0ea4bc 100644 --- a/ci/seed-es-data.sh +++ b/ci/seed-es-data.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -euo pipefail -shopt -s inherit_errexit || true +shopt -s inherit_errexit 2>/dev/null || true function cleanup() { rm "${cookie_jar}" @@ -71,6 +71,12 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ "composed_of": ["ct_apps"] }' | jq +# Delete index if it already exists +echo "delete index if it already exists" +curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ + -X DELETE \ + https://localhost:9200/logs-app-now | jq + echo "Creating index" curl --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X PUT \ @@ -180,7 +186,7 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ "message": "no_space_id" }' | jq -# user 1 should be able to see this log +# user 1 should not be able to see this log # user 2 should not be able to see it # user 3 should be able to see this log # user 4 should not be able to see it @@ -269,7 +275,7 @@ curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ -d '{"tenant":"","username":"'"${ES_USER}"'"}' echo "Creating index pattern" -curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ +INDEX_PATTERN_GUID=$(curl --cookie-jar ${cookie_jar} -b ${cookie_jar} \ -X POST \ -H "content-type: application/json" \ -H "x-proxy-roles: admin" \ @@ -283,7 +289,7 @@ curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ "title": "logs-app-*", "timeFieldName": "@timestamp" } - }' | jq + }' | jq -r '.id') echo "Setting default index" curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ @@ -294,4 +300,4 @@ curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ -H 'x-forwarded-for: 127.0.0.1' \ -H "osd-xsrf: true" \ http://localhost:5601/api/opensearch-dashboards/settings \ - -d '{"changes":{"defaultIndex":"logs-app-*"}}' | jq + -d "{\"changes\":{\"defaultIndex\":\"$INDEX_PATTERN_GUID\"}}" | jq From 849f135ae209ad31c573578b76e24325addb7204 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 5 Mar 2024 17:48:48 -0500 Subject: [PATCH 18/98] apply black formatting --- e2e/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/e2e/utils.py b/e2e/utils.py index 402dbd3..ab0e113 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -52,6 +52,7 @@ def log_in(user, page, start_at=None): authorize_button.wait_for() authorize_button.click() + def switch_tenants(page, tenant="Global"): """ switch to the specified tenant. From a6622fa5628713861a0e4a848b97e955e4ab7f89 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 09:26:17 -0500 Subject: [PATCH 19/98] update dev script for seeding ES data to work in CI --- dev | 1 - 1 file changed, 1 deletion(-) diff --git a/dev b/dev index ff4ff5e..18db681 100755 --- a/dev +++ b/dev @@ -280,7 +280,6 @@ main() { ${python} -m black . ;; seed-es-data) - source_env_vars set_cf_default_vars set_cf_env_vars seed_es_data From 6e21811bbc4eacb6eab6b3b2260f507fdac8a098 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 09:43:57 -0500 Subject: [PATCH 20/98] updated locator for hamburger menu to not rely on CSS class --- e2e/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/utils.py b/e2e/utils.py index ab0e113..8bef724 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -80,7 +80,7 @@ def switch_tenants(page, tenant="Global"): def go_to_discover_page(page): # open the hamburger menu hamburger_button = page.locator( - f"css=div.euiHeaderSectionItem.euiHeaderSectionItem--borderRight.header__toggleNavButtonSection" + 'button[aria-label="Toggle primary navigation"]' ) hamburger_button.wait_for() hamburger_button.click() From f1d51b12fb805ebebaf8c91427c7ba7180c24330 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 10:13:35 -0500 Subject: [PATCH 21/98] fix CI script to handle 404 from delete index request & improve error handling --- ci/seed-es-data.sh | 60 +++++++++++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 25 deletions(-) diff --git a/ci/seed-es-data.sh b/ci/seed-es-data.sh index b0ea4bc..2cac93e 100644 --- a/ci/seed-es-data.sh +++ b/ci/seed-es-data.sh @@ -30,7 +30,7 @@ done # we have to create index and component templates # to work around the baked-in stream templates echo "creating component template" -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X PUT \ -H "content-type: application/json" \ https://localhost:9200/_component_template/ct_apps \ @@ -61,7 +61,7 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ }' | jq echo "Creating index template" -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X PUT \ -H "content-type: application/json" \ https://localhost:9200/_index_template/it_apps \ @@ -72,13 +72,24 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ }' | jq # Delete index if it already exists -echo "delete index if it already exists" -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +echo "Deleting index (if it already exists)" +OUTPUT_FILE=$(mktemp) +HTTP_CODE=$(curl --silent \ + --output "$OUTPUT_FILE" \ + --write-out "%{http_code}" \ + -k \ + -u "${ES_USER}":"${ES_PASSWORD}" \ -X DELETE \ - https://localhost:9200/logs-app-now | jq + https://localhost:9200/logs-app-now) +if [[ $HTTP_CODE != 200 && $HTTP_CODE != 404 ]]; then + >&2 jq < "$OUTPUT_FILE" + exit 22 +fi +jq < "$OUTPUT_FILE" +rm "$OUTPUT_FILE" echo "Creating index" -curl --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X PUT \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now \ @@ -87,16 +98,15 @@ curl --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ "properties": { "@cf": { "dynamic": true, + "type": "object", "properties": { - "@cf": { - "space_id": { - "type": "keyword", - "index": true - }, - "org_id": { - "type": "keyword", - "index": true - } + "space_id": { + "type": "keyword", + "index": true + }, + "org_id": { + "type": "keyword", + "index": true } } } @@ -144,7 +154,7 @@ echo "creating test document 1/7" # It doesn't seem to make the docs available otherwise # We could probably just do this on the last doc we index, but doing # it on all of them makes it easier to modify the script -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -162,7 +172,7 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ # user 3 should be able to see this log # user 4 should not be able to see it echo "creating test document 2/7" -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -177,7 +187,7 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ # none of the users should be able to see this log echo "creating test document 3/7" -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -191,7 +201,7 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ # user 3 should be able to see this log # user 4 should not be able to see it echo "creating test document 4/7" -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -206,7 +216,7 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ # user 3 should be able to see this log # user 4 should not be able to see it echo "creating test document 5/7" -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -221,7 +231,7 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ # user 3 should not be able to see it # user 4 should be able to see this log echo "creating test document 6/7" -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -239,7 +249,7 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ # user 3 should not be able to see it # user 4 should not be able to see it echo "creating test document 7/7" -curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -255,7 +265,7 @@ curl --fail --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ # for the opensearch dashboards stuff, we need cookies just to deal with the multitenancy echo "Setting up opensearch dashboards http session" # this curl is just to get a cookie ready -curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ +curl --fail-with-body --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ -X GET \ -H "x-proxy-roles: admin" \ -H "x-proxy-user: admin" \ @@ -264,7 +274,7 @@ curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ http://localhost:5601/api/v1/configuration/account | jq echo "Switching to default tenant" -curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ +curl --fail-with-body --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ -X POST \ -H "content-type: application/json" \ -H "x-proxy-roles: admin" \ @@ -292,7 +302,7 @@ INDEX_PATTERN_GUID=$(curl --cookie-jar ${cookie_jar} -b ${cookie_jar} \ }' | jq -r '.id') echo "Setting default index" -curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ +curl --fail-with-body --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ -X POST \ -H "content-type: application/json" \ -H "x-proxy-roles: admin" \ From a4a27985eca3a38d95c1fa01a9f30776d8e50aa0 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 10:14:04 -0500 Subject: [PATCH 22/98] add dev script for seeding data locally --- dev | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dev b/dev index 18db681..1bab01b 100755 --- a/dev +++ b/dev @@ -279,6 +279,12 @@ main() { format) ${python} -m black . ;; + seed-es-data-local) + source_env_vars + set_cf_default_vars + set_cf_env_vars + seed_es_data + ;; seed-es-data) set_cf_default_vars set_cf_env_vars From 48fa39151c2a630babda15fac9044a58a4c15b2f Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 10:19:29 -0500 Subject: [PATCH 23/98] update README --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ab3b7f6..b35c180 100644 --- a/README.md +++ b/README.md @@ -56,10 +56,15 @@ To debug the e2e tests (see ): PWDEBUG=1 ./dev e2e-local ``` -To target specific e2e test(s), you can supply an `E2E_TEST_FILTER` environment variable: +You can specify [any `pytest` flags](https://docs.pytest.org/en/7.1.x/reference/reference.html#command-line-flags) or [Playwright CLI flags](https://playwright.dev/python/docs/test-runners#cli-arguments) for `e2e-local`. + +To target specific e2e test(s): ```shell -E2E_TEST_FILTER="discover_user" ./dev e2e-local +# run the test_see_correct_logs_in_discover_user_1 test +./dev e2e-local -k 'test_see_correct_logs_in_discover_user_1' +# run all the test_see_correct_logs_in_discover_user* tests +./dev e2e-local -k 'test_see_correct_logs_in_discover_user' ``` To retain video records of failed tests: From fcbcf6b39a46cffa543cd79b4e38548503ac317c Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 10:19:54 -0500 Subject: [PATCH 24/98] apply black formatting --- e2e/utils.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/e2e/utils.py b/e2e/utils.py index 8bef724..5909df0 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -79,9 +79,7 @@ def switch_tenants(page, tenant="Global"): def go_to_discover_page(page): # open the hamburger menu - hamburger_button = page.locator( - 'button[aria-label="Toggle primary navigation"]' - ) + hamburger_button = page.locator('button[aria-label="Toggle primary navigation"]') hamburger_button.wait_for() hamburger_button.click() From a956cfde0acece00b68dc52a38aca3f758365d62 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 10:56:09 -0500 Subject: [PATCH 25/98] update opensearch containers to 2.12 --- docker/opensearch/dockerfile | 2 +- docker/opensearch_dashboards/dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/opensearch/dockerfile b/docker/opensearch/dockerfile index ee8211f..a3c06a7 100644 --- a/docker/opensearch/dockerfile +++ b/docker/opensearch/dockerfile @@ -1,4 +1,4 @@ -FROM opensearchproject/opensearch:2.11.0 as opensearch +FROM opensearchproject/opensearch:2.12.0 as opensearch # ok, this is a little weird. # we're building this image to run on Cloud Foundry, where we can diff --git a/docker/opensearch_dashboards/dockerfile b/docker/opensearch_dashboards/dockerfile index f31179d..df4cbe2 100644 --- a/docker/opensearch_dashboards/dockerfile +++ b/docker/opensearch_dashboards/dockerfile @@ -1,4 +1,4 @@ -FROM opensearchproject/opensearch-dashboards:2.11.0 AS opensearch-dashboards +FROM opensearchproject/opensearch-dashboards:2.12.0 AS opensearch-dashboards FROM scratch From f86e024cf3550c4d75fde16267e85f44bf65f374 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 10:56:40 -0500 Subject: [PATCH 26/98] update docker compose file to set required value for opensearch admin password --- docker/docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 9fb9940..6ea12cd 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -8,7 +8,7 @@ x-opensearch-node-common-vars: &x-opensearch-node-common-vars cluster.initial_cluster_manager_nodes: opensearch-node1,opensearch-node2 bootstrap.memory_lock: true # along with the memlock settings below, disables swapping OPENSEARCH_JAVA_OPTS: "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - plugins.security.audit.type: debug + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_PASSWORD} x-opensearch-node: &x-opensearch-node build: ./opensearch @@ -60,6 +60,7 @@ services: opensearch_security.auth_type: "proxy" opensearch_security.proxycache.user_header: "x-proxy-user" opensearch_security.proxycache.roles_header: "x-proxy-roles" + OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD} networks: - opensearch-net volumes: From 92865fcad9f318b8dd047cdba709c2c0d02c19e2 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 10:56:57 -0500 Subject: [PATCH 27/98] update sample .env file --- .env-sample | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/.env-sample b/.env-sample index 54829bc..f42ed74 100644 --- a/.env-sample +++ b/.env-sample @@ -18,18 +18,8 @@ SECRET_KEY=changeme CF_ADMIN_GROUP_NAME="" # only necessary for running e2e tests locally - From cdb3f360e285d2244ab8b40a699c665510472608 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 10:57:52 -0500 Subject: [PATCH 28/98] update seed script to use new opensearch username/password env vars --- ci/seed-es-data.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/ci/seed-es-data.sh b/ci/seed-es-data.sh index 2cac93e..6300e23 100644 --- a/ci/seed-es-data.sh +++ b/ci/seed-es-data.sh @@ -11,8 +11,8 @@ trap cleanup exit cookie_jar=$(mktemp) required_env_vars=( - ES_USER - ES_PASSWORD + OPENSEARCH_USER + OPENSEARCH_PASSWORD CF_ORG_1_ID CF_ORG_1_SPACE_1_ID CF_ORG_1_BOTH_ORGS_SPACE_ID @@ -30,7 +30,7 @@ done # we have to create index and component templates # to work around the baked-in stream templates echo "creating component template" -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X PUT \ -H "content-type: application/json" \ https://localhost:9200/_component_template/ct_apps \ @@ -61,7 +61,7 @@ curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k }' | jq echo "Creating index template" -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X PUT \ -H "content-type: application/json" \ https://localhost:9200/_index_template/it_apps \ @@ -78,7 +78,7 @@ HTTP_CODE=$(curl --silent \ --output "$OUTPUT_FILE" \ --write-out "%{http_code}" \ -k \ - -u "${ES_USER}":"${ES_PASSWORD}" \ + -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" \ -X DELETE \ https://localhost:9200/logs-app-now) if [[ $HTTP_CODE != 200 && $HTTP_CODE != 404 ]]; then @@ -89,7 +89,7 @@ jq < "$OUTPUT_FILE" rm "$OUTPUT_FILE" echo "Creating index" -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X PUT \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now \ @@ -154,7 +154,7 @@ echo "creating test document 1/7" # It doesn't seem to make the docs available otherwise # We could probably just do this on the last doc we index, but doing # it on all of them makes it easier to modify the script -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -172,7 +172,7 @@ curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k # user 3 should be able to see this log # user 4 should not be able to see it echo "creating test document 2/7" -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -187,7 +187,7 @@ curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k # none of the users should be able to see this log echo "creating test document 3/7" -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -201,7 +201,7 @@ curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k # user 3 should be able to see this log # user 4 should not be able to see it echo "creating test document 4/7" -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -216,7 +216,7 @@ curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k # user 3 should be able to see this log # user 4 should not be able to see it echo "creating test document 5/7" -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -231,7 +231,7 @@ curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k # user 3 should not be able to see it # user 4 should be able to see this log echo "creating test document 6/7" -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -249,7 +249,7 @@ curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k # user 3 should not be able to see it # user 4 should not be able to see it echo "creating test document 7/7" -curl --fail-with-body --silent --show-error -u "${ES_USER}":"${ES_PASSWORD}" -k \ +curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ -X POST \ -H "content-type: application/json" \ https://localhost:9200/logs-app-now/_doc?refresh=true \ @@ -282,7 +282,7 @@ curl --fail-with-body --silent --show-error --cookie-jar ${cookie_jar} -b ${cook -H 'x-forwarded-for: 127.0.0.1' \ -H "osd-xsrf: true" \ http://localhost:5601/api/v1/multitenancy/tenant \ - -d '{"tenant":"","username":"'"${ES_USER}"'"}' + -d '{"tenant":"","username":"'"${OPENSEARCH_USER}"'"}' echo "Creating index pattern" INDEX_PATTERN_GUID=$(curl --cookie-jar ${cookie_jar} -b ${cookie_jar} \ From 567d6f5cfde14c95ed2c85a0224f488a2ce769d7 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 10:59:55 -0500 Subject: [PATCH 29/98] update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b35c180..83468cc 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ The following are optional: ## Running the auth-proxy locally 1. Copy `.env-sample` to `.env` and update the configuration values -1. From the `docker` directory, run `docker-compose up` +1. Run `./dev start-cluster` to start up the Docker containers for OpenSearch and OpenSearch Dashboards 1. Run `./dev serve` (note: you must be on the VPN/using Zscaler because you will be redirected to the CF dev environment to login) ### Running the e2e tests locally From 8f774c660c30d8d13894647dc4cebed6c54087bd Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 11:00:16 -0500 Subject: [PATCH 30/98] update script for starting docker cluster --- dev | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/dev b/dev index 1bab01b..7601ebf 100755 --- a/dev +++ b/dev @@ -244,12 +244,11 @@ main() { export FLASK_APP="cf_auth_proxy.app:create_app()" ${python} -m flask run -p "${PORT}" ;; - cluster) - + start-cluster) + source_env_vars pushd docker - docker-compose up --force-recreate --build -d + docker-compose up --force-recreate --build "$@" popd - ;; destroy-cluster) pushd docker From e3113da4ceab4ea29bad11a9213bf66e546868b8 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 11:01:27 -0500 Subject: [PATCH 31/98] rename ci/seed-es-data.sh -> ci/seed-opensearch-data.sh --- ci/init-config.sh | 2 +- ci/{seed-es-data.sh => seed-opensearch-data.sh} | 0 dev | 14 +++++++------- 3 files changed, 8 insertions(+), 8 deletions(-) rename ci/{seed-es-data.sh => seed-opensearch-data.sh} (100%) diff --git a/ci/init-config.sh b/ci/init-config.sh index 4fc623b..fcb3459 100755 --- a/ci/init-config.sh +++ b/ci/init-config.sh @@ -19,4 +19,4 @@ ssh_pid=$! echo "Waiting for tunnel to come up ..." sleep 10 -./dev seed-es-data +./dev seed-opensearch-data diff --git a/ci/seed-es-data.sh b/ci/seed-opensearch-data.sh similarity index 100% rename from ci/seed-es-data.sh rename to ci/seed-opensearch-data.sh diff --git a/dev b/dev index 7601ebf..3e9c7da 100755 --- a/dev +++ b/dev @@ -194,8 +194,8 @@ set_cf_env_vars() { export CF_ORG_2_BOTH_ORGS_SPACE_ID } -seed_es_data() { - bash ./ci/seed-es-data.sh +seed_opensearch_data() { + bash ./ci/seed-opensearch-data.sh } provision_cf_access() { @@ -272,22 +272,22 @@ main() { source_env_vars set_cf_default_vars set_cf_env_vars - seed_es_data + seed_opensearch_data ${python} -m pytest e2e --browser firefox "$@" ;; format) ${python} -m black . ;; - seed-es-data-local) + seed-opensearch-data-local) source_env_vars set_cf_default_vars set_cf_env_vars - seed_es_data + seed_opensearch_data ;; - seed-es-data) + seed-opensearch-data) set_cf_default_vars set_cf_env_vars - seed_es_data + seed_opensearch_data ;; *) usage From b9e1e84dab5f64e3fca8d0e7b4a7d0d924c689b9 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 13:39:24 -0500 Subject: [PATCH 32/98] update pipeline to use new environment vars for opensearch admin username/password --- cf/opensearch-dashboards-manifest.yml | 1 + cf/opensearch-manifest.yml | 2 +- ci/pipeline.yml | 6 ++++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cf/opensearch-dashboards-manifest.yml b/cf/opensearch-dashboards-manifest.yml index e924b64..ddac244 100644 --- a/cf/opensearch-dashboards-manifest.yml +++ b/cf/opensearch-dashboards-manifest.yml @@ -20,5 +20,6 @@ applications: "opensearch_security.auth_type": "proxy" "opensearch_security.proxycache.user_header": "x-proxy-user" "opensearch_security.proxycache.roles_header": "x-proxy-roles" + OPENSEARCH_PASSWORD: ((opensearch_password)) routes: - route: dashboard-test.apps.internal diff --git a/cf/opensearch-manifest.yml b/cf/opensearch-manifest.yml index 55e2aaa..34a6c3b 100644 --- a/cf/opensearch-manifest.yml +++ b/cf/opensearch-manifest.yml @@ -19,4 +19,4 @@ applications: "discovery.type": single-node "node.name": opensearch-node1 "OPENSEARCH_JAVA_OPTS": "-Xms2048m -Xmx2048m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - "plugins.security.audit.type": debug + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index db0c42d..cccca62 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -61,12 +61,14 @@ jobs: manifest: src/cf/opensearch-manifest.yml vars: opensearch_app_name: ((dev-test-opensearch-app-name)) + opensearch_password: ((es-admin-password)) - put: cf-dev params: manifest: src/cf/opensearch-dashboards-manifest.yml vars: dashboards_app_name: ((dev-test-opensearch-dashboards-app-name)) + opensearch_password: ((es-admin-password)) - put: cf-dev params: @@ -159,8 +161,8 @@ jobs: params: <<: *dev-cf-auth-params - ES_USER: ((es-admin-username)) - ES_PASSWORD: ((es-admin-password)) + OPENSEARCH_USER: ((es-admin-username)) + OPENSEARCH_PASSWORD: ((es-admin-password)) CF_ORG_1_NAME: ((dev-test-org-1-name)) CF_ORG_2_NAME: ((dev-test-org-2-name)) From 84f87947c8d8bfaf75c5adf1c610dec25e3e8b13 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 13:57:20 -0500 Subject: [PATCH 33/98] update credhub vars for opensearch admin username/password --- ci/pipeline.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index cccca62..729a3f4 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -61,14 +61,14 @@ jobs: manifest: src/cf/opensearch-manifest.yml vars: opensearch_app_name: ((dev-test-opensearch-app-name)) - opensearch_password: ((es-admin-password)) + opensearch_password: ((opensearch-admin-password)) - put: cf-dev params: manifest: src/cf/opensearch-dashboards-manifest.yml vars: dashboards_app_name: ((dev-test-opensearch-dashboards-app-name)) - opensearch_password: ((es-admin-password)) + opensearch_password: ((opensearch-admin-password)) - put: cf-dev params: @@ -161,8 +161,8 @@ jobs: params: <<: *dev-cf-auth-params - OPENSEARCH_USER: ((es-admin-username)) - OPENSEARCH_PASSWORD: ((es-admin-password)) + OPENSEARCH_USER: ((opensearch-admin-username)) + OPENSEARCH_PASSWORD: ((opensearch-admin-password)) CF_ORG_1_NAME: ((dev-test-org-1-name)) CF_ORG_2_NAME: ((dev-test-org-2-name)) From 902969264fdf4ca66c9de846b19eab3643e11cc3 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 6 Mar 2024 16:39:14 -0500 Subject: [PATCH 34/98] remove test condition on UI element that no longer exists in opensearch 2.12 --- e2e/utils.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/e2e/utils.py b/e2e/utils.py index 5909df0..d7d2b20 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -91,7 +91,3 @@ def go_to_discover_page(page): # wait for the refresh button, signifying the discover page has loaded refresh_button = page.get_by_text("Refresh") refresh_button.wait_for() - - # wait for the columhs header, which indicates the results box has loaded - refresh_button = page.get_by_text("Columns") - refresh_button.wait_for() From b38e84aaaf258b9c7d85b873a5f755c4a3d9c03f Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 7 Mar 2024 10:06:21 -0500 Subject: [PATCH 35/98] update proxy app instances to use 1G of memory --- cf/proxy-manifest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/cf/proxy-manifest.yml b/cf/proxy-manifest.yml index 19e0124..6962b9f 100644 --- a/cf/proxy-manifest.yml +++ b/cf/proxy-manifest.yml @@ -25,3 +25,4 @@ applications: UAA_CLIENT_SECRET: ((uaa_client_secret)) SECRET_KEY: ((secret_key)) SESSION_LIFETIME: ((session_lifetime)) + memory: 1G From 2019c8aa08fac88983565028dc98eee3c92007cf Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 7 Mar 2024 10:48:17 -0500 Subject: [PATCH 36/98] increase number of gunicorn workers per container --- Procfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Procfile b/Procfile index 55abd7c..c70fd97 100644 --- a/Procfile +++ b/Procfile @@ -1 +1 @@ -web: gunicorn --access-logfile - --error-logfile - --log-level info --timeout 300 --worker-class eventlet "cf_auth_proxy.app:create_app()" +web: gunicorn --access-logfile - --error-logfile - --log-level info --timeout 300 --workers 4 --worker-class eventlet "cf_auth_proxy.app:create_app()" From a391a006ff0a241414e9ec460cf45c8ef6a7d3f2 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 7 Mar 2024 10:53:02 -0500 Subject: [PATCH 37/98] refactor code to have separate requirements.txt for local dev, for handling things like playwright which are installed by default in the CI container but not locally --- dev | 11 +++++++++-- local-requirements.txt | 14 ++++++++++++++ pip-tools/dev-requirements.in | 1 - pip-tools/local-requirements.in | 1 + 4 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 local-requirements.txt create mode 100644 pip-tools/local-requirements.in diff --git a/dev b/dev index 3e9c7da..3bab50c 100755 --- a/dev +++ b/dev @@ -66,11 +66,15 @@ popd () { update_requirements() { export CUSTOM_COMPILE_COMMAND="./dev update-requirements" + $python -m piptools compile \ + --quiet \ + --output-file=local-requirements.txt \ + pip-tools/local-requirements.in $python -m piptools compile \ --quiet \ --output-file=requirements.txt \ pip-tools/requirements.in - $python -m piptools compile \ + $python -m piptools compile \ --quiet \ --output-file=dev-requirements.txt \ pip-tools/dev-requirements.in @@ -91,6 +95,8 @@ set_up_ci_environment () { set_up_environment () { python -m venv venv source venv/bin/activate + # make sure we have requirements for local dev, like playwright + ${python} -m pip install -r local-requirements.txt # do this first to make sure we have piptools ${python} -m pip install -r dev-requirements.txt # do this again for syncs that might involve deletions @@ -103,10 +109,11 @@ upgrade_requirements() { if [[ $# -ge 2 ]]; then echo "can't update more than one package at a time" fi + ${python} -m piptools compile --upgrade-package "$1" --output-file local-requirements.txt pip-tools/local-requirements.in ${python} -m piptools compile --upgrade-package "$1" --output-file requirements.txt pip-tools/requirements.in ${python} -m piptools compile --upgrade-package "$1" --output-file dev-requirements.txt pip-tools/dev-requirements.in - else + ${python} -m piptools compile --output-file local-requirements.txt pip-tools/local-requirements.in ${python} -m piptools compile --upgrade --output-file requirements.txt pip-tools/requirements.in ${python} -m piptools compile --upgrade --output-file dev-requirements.txt pip-tools/dev-requirements.in fi diff --git a/local-requirements.txt b/local-requirements.txt new file mode 100644 index 0000000..2b8152f --- /dev/null +++ b/local-requirements.txt @@ -0,0 +1,14 @@ +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile --output-file=local-requirements.txt pip-tools/local-requirements.in +# +greenlet==3.0.3 + # via playwright +playwright==1.42.0 + # via -r pip-tools/local-requirements.in +pyee==11.0.1 + # via playwright +typing-extensions==4.10.0 + # via pyee diff --git a/pip-tools/dev-requirements.in b/pip-tools/dev-requirements.in index 681ee78..3ca9f86 100644 --- a/pip-tools/dev-requirements.in +++ b/pip-tools/dev-requirements.in @@ -2,7 +2,6 @@ bandit black pip-tools -playwright pyotp pytest pytest-playwright diff --git a/pip-tools/local-requirements.in b/pip-tools/local-requirements.in new file mode 100644 index 0000000..508a5f4 --- /dev/null +++ b/pip-tools/local-requirements.in @@ -0,0 +1 @@ +playwright From 058cfed791a65c21b06221dfa770eda9e91c8d23 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 7 Mar 2024 10:59:28 -0500 Subject: [PATCH 38/98] Revert "refactor code to have separate requirements.txt for local dev, for handling things like playwright which are installed by default in the CI container but not locally" This reverts commit a391a006ff0a241414e9ec460cf45c8ef6a7d3f2. --- dev | 11 ++--------- local-requirements.txt | 14 -------------- pip-tools/dev-requirements.in | 1 + pip-tools/local-requirements.in | 1 - 4 files changed, 3 insertions(+), 24 deletions(-) delete mode 100644 local-requirements.txt delete mode 100644 pip-tools/local-requirements.in diff --git a/dev b/dev index 3bab50c..3e9c7da 100755 --- a/dev +++ b/dev @@ -66,15 +66,11 @@ popd () { update_requirements() { export CUSTOM_COMPILE_COMMAND="./dev update-requirements" - $python -m piptools compile \ - --quiet \ - --output-file=local-requirements.txt \ - pip-tools/local-requirements.in $python -m piptools compile \ --quiet \ --output-file=requirements.txt \ pip-tools/requirements.in - $python -m piptools compile \ + $python -m piptools compile \ --quiet \ --output-file=dev-requirements.txt \ pip-tools/dev-requirements.in @@ -95,8 +91,6 @@ set_up_ci_environment () { set_up_environment () { python -m venv venv source venv/bin/activate - # make sure we have requirements for local dev, like playwright - ${python} -m pip install -r local-requirements.txt # do this first to make sure we have piptools ${python} -m pip install -r dev-requirements.txt # do this again for syncs that might involve deletions @@ -109,11 +103,10 @@ upgrade_requirements() { if [[ $# -ge 2 ]]; then echo "can't update more than one package at a time" fi - ${python} -m piptools compile --upgrade-package "$1" --output-file local-requirements.txt pip-tools/local-requirements.in ${python} -m piptools compile --upgrade-package "$1" --output-file requirements.txt pip-tools/requirements.in ${python} -m piptools compile --upgrade-package "$1" --output-file dev-requirements.txt pip-tools/dev-requirements.in + else - ${python} -m piptools compile --output-file local-requirements.txt pip-tools/local-requirements.in ${python} -m piptools compile --upgrade --output-file requirements.txt pip-tools/requirements.in ${python} -m piptools compile --upgrade --output-file dev-requirements.txt pip-tools/dev-requirements.in fi diff --git a/local-requirements.txt b/local-requirements.txt deleted file mode 100644 index 2b8152f..0000000 --- a/local-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -# -# This file is autogenerated by pip-compile with Python 3.10 -# by the following command: -# -# pip-compile --output-file=local-requirements.txt pip-tools/local-requirements.in -# -greenlet==3.0.3 - # via playwright -playwright==1.42.0 - # via -r pip-tools/local-requirements.in -pyee==11.0.1 - # via playwright -typing-extensions==4.10.0 - # via pyee diff --git a/pip-tools/dev-requirements.in b/pip-tools/dev-requirements.in index 3ca9f86..681ee78 100644 --- a/pip-tools/dev-requirements.in +++ b/pip-tools/dev-requirements.in @@ -2,6 +2,7 @@ bandit black pip-tools +playwright pyotp pytest pytest-playwright diff --git a/pip-tools/local-requirements.in b/pip-tools/local-requirements.in deleted file mode 100644 index 508a5f4..0000000 --- a/pip-tools/local-requirements.in +++ /dev/null @@ -1 +0,0 @@ -playwright From c3895f09f1a0ce049187f770a50e20428c6cdd9f Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 7 Mar 2024 11:35:43 -0500 Subject: [PATCH 39/98] update playwright e2e test to use auto-waiting assertions --- e2e/test_discover_filters_logs.py | 57 ++++++++++++++++--------------- e2e/test_setup.py | 12 ++++--- 2 files changed, 37 insertions(+), 32 deletions(-) diff --git a/e2e/test_discover_filters_logs.py b/e2e/test_discover_filters_logs.py index 258d62d..6f8a200 100644 --- a/e2e/test_discover_filters_logs.py +++ b/e2e/test_discover_filters_logs.py @@ -1,3 +1,4 @@ +from playwright.sync_api import expect from .utils import log_in, switch_tenants, go_to_discover_page @@ -8,13 +9,13 @@ def test_see_correct_logs_in_discover_user_1(user_1, page): go_to_discover_page(page) - assert page.get_by_text("1 hit").count() == 1 - assert page.get_by_text("org_id_1").count() == 0 - assert page.get_by_text("org_id_2").count() == 0 - assert page.get_by_text("space_id_1").count() == 1 - assert page.get_by_text("space_id_2").count() == 0 - assert page.get_by_text("org_1_both_orgs_space").count() == 0 - assert page.get_by_text("org_2_both_orgs_space").count() == 0 + expect(page.get_by_text("1 hit")).to_be_visible() + expect(page.get_by_text("org_id_1")).not_to_be_visible() + expect(page.get_by_text("org_id_2")).not_to_be_visible() + expect(page.get_by_text("space_id_1")).to_be_visible() + expect(page.get_by_text("space_id_2")).not_to_be_visible() + expect(page.get_by_text("org_1_both_orgs_space")).not_to_be_visible() + expect(page.get_by_text("org_2_both_orgs_space")).not_to_be_visible() def test_see_correct_logs_in_discover_user_2(user_2, page): @@ -24,13 +25,13 @@ def test_see_correct_logs_in_discover_user_2(user_2, page): go_to_discover_page(page) - assert page.get_by_text("3 hits").count() == 1 - assert page.get_by_text("org_id_1").count() == 0 - assert page.get_by_text("org_id_2").count() == 1 - assert page.get_by_text("space_id_1").count() == 0 - assert page.get_by_text("space_id_2").count() == 1 - assert page.get_by_text("org_1_both_orgs_space").count() == 0 - assert page.get_by_text("org_2_both_orgs_space").count() == 1 + expect(page.get_by_text("3 hits")).to_be_visible() + expect(page.get_by_text("org_id_1")).not_to_be_visible() + expect(page.get_by_text("org_id_2")).to_be_visible() + expect(page.get_by_text("space_id_1")).not_to_be_visible() + expect(page.get_by_text("space_id_2")).to_be_visible() + expect(page.get_by_text("org_1_both_orgs_space")).not_to_be_visible() + expect(page.get_by_text("org_2_both_orgs_space")).to_be_visible() def test_see_correct_logs_in_discover_user_3(user_3, page): @@ -40,13 +41,13 @@ def test_see_correct_logs_in_discover_user_3(user_3, page): go_to_discover_page(page) - assert page.get_by_text("2 hits").count() == 1 - assert page.get_by_text("org_id_1").count() == 0 - assert page.get_by_text("org_id_2").count() == 0 - assert page.get_by_text("space_id_1").count() == 1 - assert page.get_by_text("space_id_2").count() == 1 - assert page.get_by_text("org_1_both_orgs_space").count() == 0 - assert page.get_by_text("org_2_both_orgs_space").count() == 0 + expect(page.get_by_text("2 hits")).to_be_visible() + expect(page.get_by_text("org_id_1")).not_to_be_visible() + expect(page.get_by_text("org_id_2")).not_to_be_visible() + expect(page.get_by_text("space_id_1")).to_be_visible() + expect(page.get_by_text("space_id_2")).to_be_visible() + expect(page.get_by_text("org_1_both_orgs_space")).not_to_be_visible() + expect(page.get_by_text("org_2_both_orgs_space")).not_to_be_visible() def test_see_correct_logs_in_discover_user_4(user_4, page): @@ -56,10 +57,10 @@ def test_see_correct_logs_in_discover_user_4(user_4, page): go_to_discover_page(page) - assert page.get_by_text("1 hit").count() == 1 - assert page.get_by_text("org_id_1").count() == 0 - assert page.get_by_text("org_id_2").count() == 0 - assert page.get_by_text("space_id_1").count() == 0 - assert page.get_by_text("space_id_2").count() == 0 - assert page.get_by_text("org_1_both_orgs_space").count() == 1 - assert page.get_by_text("org_2_both_orgs_space").count() == 0 + expect(page.get_by_text("1 hit")).to_be_visible() + expect(page.get_by_text("org_id_1")).not_to_be_visible() + expect(page.get_by_text("org_id_2")).not_to_be_visible() + expect(page.get_by_text("space_id_1")).not_to_be_visible() + expect(page.get_by_text("space_id_2")).not_to_be_visible() + expect(page.get_by_text("org_1_both_orgs_space")).to_be_visible() + expect(page.get_by_text("org_2_both_orgs_space")).not_to_be_visible() diff --git a/e2e/test_setup.py b/e2e/test_setup.py index 6f0fc6e..c8c2750 100644 --- a/e2e/test_setup.py +++ b/e2e/test_setup.py @@ -1,3 +1,5 @@ +import re +from playwright.sync_api import expect from urllib.parse import urljoin from . import AUTH_PROXY_URL from .utils import log_in @@ -5,7 +7,7 @@ def test_redirects_to_login(page): page.goto(AUTH_PROXY_URL) - assert "login" in page.url + expect(page).to_have_url(re.compile(".*login.*")) def test_login_redirects_home_without_slash(page, user_1): @@ -13,15 +15,17 @@ def test_login_redirects_home_without_slash(page, user_1): # a trailing slash (e.g. logs.example.com) causes a redirect # to an invalid endpoint. log_in(user_1, page, str.rstrip(AUTH_PROXY_URL, "/")) - assert page.url.startswith(urljoin(AUTH_PROXY_URL, "app/home")) + expect(page).to_have_url(re.compile(f"{urljoin(AUTH_PROXY_URL, 'app/home')}.*")) def test_login_redirects_home(page, user_1): # this tests the basic case - going to logs.example.com/ log_in(user_1, page) - assert page.url.startswith(urljoin(AUTH_PROXY_URL, "app/home")) + expect(page).to_have_url(re.compile(f"{urljoin(AUTH_PROXY_URL, 'app/home')}.*")) def test_login_remembers_target(page, user_1): log_in(user_1, page, urljoin(AUTH_PROXY_URL, "app/dev_tools")) - assert page.url.startswith(urljoin(AUTH_PROXY_URL, "app/dev_tools")) + expect(page).to_have_url( + re.compile(f"{urljoin(AUTH_PROXY_URL, 'app/dev_tools')}.*") + ) From d5a3835065c9f801327048aace9ea24553ba1046 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 7 Mar 2024 11:51:49 -0500 Subject: [PATCH 40/98] remove possibly unnecessary setup install of browser for playwright testing --- dev | 1 - 1 file changed, 1 deletion(-) diff --git a/dev b/dev index 3e9c7da..91590fe 100755 --- a/dev +++ b/dev @@ -85,7 +85,6 @@ set_up_ci_environment () { ${python} -m pip install -r dev-requirements.txt # do this again for syncs that might involve deletions ${python} -m piptools sync requirements.txt dev-requirements.txt - ${python} -m playwright install firefox } set_up_environment () { From 68c205fdadec5c7409cdf367dc2a0af41155a164 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 7 Mar 2024 13:27:48 -0500 Subject: [PATCH 41/98] re-enable installation of browser for playwright python --- dev | 1 + 1 file changed, 1 insertion(+) diff --git a/dev b/dev index 91590fe..3e9c7da 100755 --- a/dev +++ b/dev @@ -85,6 +85,7 @@ set_up_ci_environment () { ${python} -m pip install -r dev-requirements.txt # do this again for syncs that might involve deletions ${python} -m piptools sync requirements.txt dev-requirements.txt + ${python} -m playwright install firefox } set_up_environment () { From 1d2a35ecb540c7bbc45e971aae2ff9cca962189d Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 13 Mar 2024 17:56:33 -0400 Subject: [PATCH 42/98] fix index pattern creation script --- ci/seed-opensearch-data.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/ci/seed-opensearch-data.sh b/ci/seed-opensearch-data.sh index 6300e23..951d267 100644 --- a/ci/seed-opensearch-data.sh +++ b/ci/seed-opensearch-data.sh @@ -285,21 +285,32 @@ curl --fail-with-body --silent --show-error --cookie-jar ${cookie_jar} -b ${cook -d '{"tenant":"","username":"'"${OPENSEARCH_USER}"'"}' echo "Creating index pattern" -INDEX_PATTERN_GUID=$(curl --cookie-jar ${cookie_jar} -b ${cookie_jar} \ +OUTPUT_FILE=$(mktemp) +HTTP_CODE=$(curl --silent \ + --write-out "%{http_code}" \ + --cookie-jar "${cookie_jar}" -b "${cookie_jar}" \ + --output "$OUTPUT_FILE" \ -X POST \ -H "content-type: application/json" \ -H "x-proxy-roles: admin" \ -H "x-proxy-user: admin" \ -H 'x-forwarded-for: 127.0.0.1' \ -H "osd-xsrf: true" \ - http://localhost:5601/api/saved_objects/index-pattern \ -d ' { "attributes": { "title": "logs-app-*", "timeFieldName": "@timestamp" } - }' | jq -r '.id') + }' \ + http://localhost:5601/api/saved_objects/index-pattern) +if [[ $HTTP_CODE != 200 ]]; then + >&2 jq < "$OUTPUT_FILE" + exit 22 +fi +jq < "$OUTPUT_FILE" +INDEX_PATTERN_GUID=$(jq -r '.id' < "$OUTPUT_FILE") +rm "$OUTPUT_FILE" echo "Setting default index" curl --fail-with-body --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ From 1931c58c00f4a3bcbc5506656d95d9b4f0eb3ccd Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Wed, 13 Mar 2024 17:58:19 -0400 Subject: [PATCH 43/98] test script refactor --- ci/seed-opensearch-data.sh | 65 +++++++++++++++++++++++++++++++------- 1 file changed, 53 insertions(+), 12 deletions(-) diff --git a/ci/seed-opensearch-data.sh b/ci/seed-opensearch-data.sh index 951d267..3b7ef0c 100644 --- a/ci/seed-opensearch-data.sh +++ b/ci/seed-opensearch-data.sh @@ -27,6 +27,37 @@ for var in "${required_env_vars[@]}"; do fi done +function curl_and_handle_output() { + handle_response=$1 + shift + OUTPUT_FILE=$(mktemp) + HTTP_CODE=$(curl --silent \ + --output "$OUTPUT_FILE" \ + --write-out "%{http_code}" \ + "$@") + SUCCESS=$($handle_response "$HTTP_CODE") + echo $SUCCESS + if [ "$SUCCESS" -ne "0" ]; then + echo "success" + cat "$OUTPUT_FILE" + rm "$OUTPUT_FILE" + else + echo "fail" + >&2 jq < "$OUTPUT_FILE" + exit 22 + fi + # return $? +} + +function accept_200_404_response() { + if [[ $1 != 200 && $1 != 404 ]]; then + # >&2 jq < "$OUTPUT_FILE" + # exit 22 + return 1 + fi + return 0 +} + # we have to create index and component templates # to work around the baked-in stream templates echo "creating component template" @@ -73,20 +104,29 @@ curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARC # Delete index if it already exists echo "Deleting index (if it already exists)" -OUTPUT_FILE=$(mktemp) -HTTP_CODE=$(curl --silent \ - --output "$OUTPUT_FILE" \ - --write-out "%{http_code}" \ - -k \ +# OUTPUT_FILE=$(mktemp) +# HTTP_CODE=$(curl --silent \ +# --output "$OUTPUT_FILE" \ +# --write-out "%{http_code}" \ +# -k \ +# -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" \ +# -X DELETE \ +# https://localhost:9200/logs-app-now) +# if [[ $HTTP_CODE != 200 && $HTTP_CODE != 404 ]]; then +# >&2 jq < "$OUTPUT_FILE" +# exit 22 +# fi +# jq < "$OUTPUT_FILE" +# rm "$OUTPUT_FILE" + +curl_and_handle_output accept_200_404_response -k \ -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" \ -X DELETE \ - https://localhost:9200/logs-app-now) -if [[ $HTTP_CODE != 200 && $HTTP_CODE != 404 ]]; then - >&2 jq < "$OUTPUT_FILE" - exit 22 -fi -jq < "$OUTPUT_FILE" -rm "$OUTPUT_FILE" + https://localhost:9200/logs-app-no + +# if [ ! $? -eq 0 ]; then +# exit $? +# fi echo "Creating index" curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ @@ -284,6 +324,7 @@ curl --fail-with-body --silent --show-error --cookie-jar ${cookie_jar} -b ${cook http://localhost:5601/api/v1/multitenancy/tenant \ -d '{"tenant":"","username":"'"${OPENSEARCH_USER}"'"}' + echo "Creating index pattern" OUTPUT_FILE=$(mktemp) HTTP_CODE=$(curl --silent \ From 5803498073fb211ce8ac5fd43b77e8b5ebf10b55 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 10:56:31 -0400 Subject: [PATCH 44/98] refactor error handling for CI script --- ci/seed-opensearch-data.sh | 57 +++++++++++--------------------------- 1 file changed, 16 insertions(+), 41 deletions(-) diff --git a/ci/seed-opensearch-data.sh b/ci/seed-opensearch-data.sh index 3b7ef0c..19af190 100644 --- a/ci/seed-opensearch-data.sh +++ b/ci/seed-opensearch-data.sh @@ -35,24 +35,26 @@ function curl_and_handle_output() { --output "$OUTPUT_FILE" \ --write-out "%{http_code}" \ "$@") - SUCCESS=$($handle_response "$HTTP_CODE") - echo $SUCCESS - if [ "$SUCCESS" -ne "0" ]; then - echo "success" + if $handle_response "$HTTP_CODE"; then cat "$OUTPUT_FILE" rm "$OUTPUT_FILE" else - echo "fail" - >&2 jq < "$OUTPUT_FILE" + >&2 echo "failing HTTP code: $HTTP_CODE" + cat "$OUTPUT_FILE" + rm "$OUTPUT_FILE" exit 22 fi - # return $? } function accept_200_404_response() { - if [[ $1 != 200 && $1 != 404 ]]; then - # >&2 jq < "$OUTPUT_FILE" - # exit 22 + if [[ $1 != "200" && $1 != "404" ]]; then + return 1 + fi + return 0 +} + +function accept_200_response() { + if [[ $1 != "200" ]]; then return 1 fi return 0 @@ -104,29 +106,10 @@ curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARC # Delete index if it already exists echo "Deleting index (if it already exists)" -# OUTPUT_FILE=$(mktemp) -# HTTP_CODE=$(curl --silent \ -# --output "$OUTPUT_FILE" \ -# --write-out "%{http_code}" \ -# -k \ -# -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" \ -# -X DELETE \ -# https://localhost:9200/logs-app-now) -# if [[ $HTTP_CODE != 200 && $HTTP_CODE != 404 ]]; then -# >&2 jq < "$OUTPUT_FILE" -# exit 22 -# fi -# jq < "$OUTPUT_FILE" -# rm "$OUTPUT_FILE" - curl_and_handle_output accept_200_404_response -k \ -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" \ -X DELETE \ - https://localhost:9200/logs-app-no - -# if [ ! $? -eq 0 ]; then -# exit $? -# fi + https://localhost:9200/logs-app-now | jq echo "Creating index" curl --fail-with-body --silent --show-error -u "${OPENSEARCH_USER}":"${OPENSEARCH_PASSWORD}" -k \ @@ -326,11 +309,8 @@ curl --fail-with-body --silent --show-error --cookie-jar ${cookie_jar} -b ${cook echo "Creating index pattern" -OUTPUT_FILE=$(mktemp) -HTTP_CODE=$(curl --silent \ - --write-out "%{http_code}" \ +OUTPUT=$(curl_and_handle_output accept_200_response \ --cookie-jar "${cookie_jar}" -b "${cookie_jar}" \ - --output "$OUTPUT_FILE" \ -X POST \ -H "content-type: application/json" \ -H "x-proxy-roles: admin" \ @@ -345,13 +325,8 @@ HTTP_CODE=$(curl --silent \ } }' \ http://localhost:5601/api/saved_objects/index-pattern) -if [[ $HTTP_CODE != 200 ]]; then - >&2 jq < "$OUTPUT_FILE" - exit 22 -fi -jq < "$OUTPUT_FILE" -INDEX_PATTERN_GUID=$(jq -r '.id' < "$OUTPUT_FILE") -rm "$OUTPUT_FILE" +echo "$OUTPUT" | jq +INDEX_PATTERN_GUID=$(echo "$OUTPUT" | jq -r '.id') echo "Setting default index" curl --fail-with-body --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \ From 07be7fbb22e24f6ff6275a0cffdaab738dc1d052 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 13:36:03 -0400 Subject: [PATCH 45/98] fix OPENSEARCH_JAVA_OPTS for deployed opensearch test app --- cf/opensearch-manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/opensearch-manifest.yml b/cf/opensearch-manifest.yml index 34a6c3b..71d67c9 100644 --- a/cf/opensearch-manifest.yml +++ b/cf/opensearch-manifest.yml @@ -18,5 +18,5 @@ applications: env: "discovery.type": single-node "node.name": opensearch-node1 - "OPENSEARCH_JAVA_OPTS": "-Xms2048m -Xmx2048m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) From df1a93ccceffd1e50d47fe5683620239eea32550 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 13:36:32 -0400 Subject: [PATCH 46/98] bump memory for test dashboards app from 2G to 4G --- cf/opensearch-dashboards-manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/opensearch-dashboards-manifest.yml b/cf/opensearch-dashboards-manifest.yml index ddac244..d84d534 100644 --- a/cf/opensearch-dashboards-manifest.yml +++ b/cf/opensearch-dashboards-manifest.yml @@ -8,7 +8,7 @@ version: 1 applications: - name: ((dashboards_app_name)) - memory: 2G + memory: 4G instances: 1 disk_quota: 2G docker: From 4a31fdef57ae2e09f023b480ee1c194a08ddfa52 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 13:42:58 -0400 Subject: [PATCH 47/98] bump memory for opensearch test node from 4G to 5G --- cf/opensearch-manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/opensearch-manifest.yml b/cf/opensearch-manifest.yml index 71d67c9..038eb65 100644 --- a/cf/opensearch-manifest.yml +++ b/cf/opensearch-manifest.yml @@ -8,7 +8,7 @@ version: 1 applications: - name: ((opensearch_app_name)) - memory: 4G + memory: 5G instances: 1 disk_quota: 2G routes: From ec0b662c85d37a57f489f94c1c72bca6bba1b3bd Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 14:15:56 -0400 Subject: [PATCH 48/98] refactor pipeline to only rebuild docker images when docker source files are changed --- ci/pipeline.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 729a3f4..a80fc30 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -28,10 +28,9 @@ jobs: - name: build-test-images plan: - - get: src + - get: src-docker params: {depth: 1} trigger: true - passed: [test] - put: dev-opensearch-image params: @@ -53,7 +52,7 @@ jobs: - get: src params: {depth: 1} trigger: true - passed: [build-test-images] + passed: [test, build-test-images] - get: general-task - put: cf-dev @@ -214,6 +213,16 @@ resources: branch: fix-e2e-tests commit_verification_keys: ((cloud-gov-pgp-keys)) +- name: src-docker + type: git + icon: github-circle + check_every: 10s + source: + uri: https://github.com/cloud-gov/opensearch-dashboards-cf-auth-proxy + branch: fix-e2e-tests + commit_verification_keys: ((cloud-gov-pgp-keys)) + paths: docker + - name: dev-opensearch-image type: docker-image icon: docker From cd24c341eaed58367477e52f805b4da6ae6fa034 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 14:20:31 -0400 Subject: [PATCH 49/98] fix pipeline configuration --- ci/pipeline.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index a80fc30..8ba1d7d 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -28,9 +28,12 @@ jobs: - name: build-test-images plan: - - get: src-docker - params: {depth: 1} - trigger: true + - in_parallel: + - get: src-docker + params: {depth: 1} + trigger: true + - get: src + passed: [reconfigure] - put: dev-opensearch-image params: @@ -221,7 +224,8 @@ resources: uri: https://github.com/cloud-gov/opensearch-dashboards-cf-auth-proxy branch: fix-e2e-tests commit_verification_keys: ((cloud-gov-pgp-keys)) - paths: docker + paths: + - docker - name: dev-opensearch-image type: docker-image From ed916149626e642d80dc6c1b5db5a3a2c518a1c1 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 14:34:31 -0400 Subject: [PATCH 50/98] add separate manifests and apps for opensearch manager and test nodes --- cf/opensearch-dashboards-manifest.yml | 3 +-- cf/opensearch-manager-manifest.yml | 23 +++++++++++++++++++ ...ifest.yml => opensearch-node-manifest.yml} | 8 +++---- ci/init-config.sh | 2 +- ci/pipeline.yml | 3 ++- ci/update-networking.sh | 2 +- dev | 23 +++++++++++++------ 7 files changed, 48 insertions(+), 16 deletions(-) create mode 100644 cf/opensearch-manager-manifest.yml rename cf/{opensearch-manifest.yml => opensearch-node-manifest.yml} (69%) diff --git a/cf/opensearch-dashboards-manifest.yml b/cf/opensearch-dashboards-manifest.yml index d84d534..120cb8b 100644 --- a/cf/opensearch-dashboards-manifest.yml +++ b/cf/opensearch-dashboards-manifest.yml @@ -14,8 +14,7 @@ applications: docker: image: cloudgovoperations/test-opensearch-dashboards:latest env: - "ELASTICSEARCH_URL": https://opensearch-test.apps.internal:9200 - "OPENSEARCH_HOSTS": https://0.opensearch-test.apps.internal:9200 + "OPENSEARCH_HOSTS": [https://0.test-opensearch-manager.apps.internal:9200, https://1.test-opensearch-node.apps.internal:9200] "opensearch.requestHeadersAllowlist": "securitytenant,Authorization,x-forwarded-for,x-proxy-user,x-proxy-roles" "opensearch_security.auth_type": "proxy" "opensearch_security.proxycache.user_header": "x-proxy-user" diff --git a/cf/opensearch-manager-manifest.yml b/cf/opensearch-manager-manifest.yml new file mode 100644 index 0000000..b597b28 --- /dev/null +++ b/cf/opensearch-manager-manifest.yml @@ -0,0 +1,23 @@ +--- +########################################################### +# NOTE: this cluster is totally insecure and non-durable. # +# It should only be used for testing the proxy and should # +# NEVER have any sensitive or important data. # +########################################################### + +version: 1 +applications: +- name: ((opensearch_manager_app_name)) + memory: 5G + instances: 1 + disk_quota: 2G + routes: + - route: test-opensearch-node.apps.internal + docker: + image: cloudgovoperations/test-opensearch:latest + env: + discovery.seed_hosts: ["https://0.test-opensearch-manager.apps.internal:9200", "https://0.test-opensearch-node.apps.internal:9200"] + cluster.initial_cluster_manager_nodes: "opensearch-manager" + "node.name": opensearch-manager + "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) diff --git a/cf/opensearch-manifest.yml b/cf/opensearch-node-manifest.yml similarity index 69% rename from cf/opensearch-manifest.yml rename to cf/opensearch-node-manifest.yml index 038eb65..9b968e1 100644 --- a/cf/opensearch-manifest.yml +++ b/cf/opensearch-node-manifest.yml @@ -7,16 +7,16 @@ version: 1 applications: -- name: ((opensearch_app_name)) +- name: ((opensearch_node_app_name)) memory: 5G instances: 1 disk_quota: 2G routes: - - route: opensearch-test.apps.internal + - route: test-opensearch-node.apps.internal docker: image: cloudgovoperations/test-opensearch:latest env: - "discovery.type": single-node - "node.name": opensearch-node1 + discovery.seed_hosts: ["https://0.test-opensearch-manager.apps.internal:9200", "https://0.test-opensearch-node.apps.internal:9200"] + cluster.initial_cluster_manager_nodes: "opensearch-manager" "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) diff --git a/ci/init-config.sh b/ci/init-config.sh index fcb3459..2c6a877 100755 --- a/ci/init-config.sh +++ b/ci/init-config.sh @@ -13,7 +13,7 @@ cf auth cf t -o "${CF_ORGANIZATION}" -s "${CF_SPACE}" echo "Creating SSH tunnel" -cf ssh -L 9200:opensearch-test.apps.internal:9200 -L 5601:dashboard-test.apps.internal:5601 "${DASHBOARDS_APP_NAME}" -N & +cf ssh -L 9200:test-opensearch-manager.apps.internal:9200 -L 5601:dashboard-test.apps.internal:5601 "${DASHBOARDS_APP_NAME}" -N & ssh_pid=$! echo "Waiting for tunnel to come up ..." diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 8ba1d7d..33b8fa7 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -103,7 +103,8 @@ jobs: CF_PASSWORD: ((dev-cf-password)) CF_ORGANIZATION: ((dev-cf-organization)) CF_SPACE: ((dev-cf-space)) - OPENSEARCH_APP_NAME: ((dev-test-opensearch-app-name)) + OPENSEARCH_MANAGER_APP_NAME: ((dev-test-opensearch-manager-app-name)) + OPENSEARCH_NODE_APP_NAME: ((dev-test-opensearch-node-app-name)) DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) PROXY_APP_NAME: ((dev-test-auth-proxy-app-name)) diff --git a/ci/update-networking.sh b/ci/update-networking.sh index 73d4981..32e3695 100755 --- a/ci/update-networking.sh +++ b/ci/update-networking.sh @@ -14,4 +14,4 @@ cf t -o ${CF_ORGANIZATION} -s ${CF_SPACE} sleep 10 -../dev cf-network "$OPENSEARCH_APP_NAME" "$DASHBOARDS_APP_NAME" "$PROXY_APP_NAME" +../dev cf-network "$OPENSEARCH_MANAGER_APP_NAME" "$OPENSEARCH_NODE_APP_NAME" "$DASHBOARDS_APP_NAME" "$PROXY_APP_NAME" diff --git a/dev b/dev index 3e9c7da..a53408f 100755 --- a/dev +++ b/dev @@ -125,14 +125,16 @@ cf_push() { } cf_network() { - if [[ $# -lt 3 ]]; then - echo "Three arguments required: opensearch app name, dashboards app name, and proxy app name" + if [[ $# -lt 4 ]]; then + echo "Four arguments required: opensearch manager app name, opensearch node app name, dashboards app name, and proxy app name" exit 1 fi - OPENSEARCH_APP_NAME="$1" - DASHBOARDS_APP_NAME="$2" - PROXY_APP_NAME="$3" - cf add-network-policy "$DASHBOARDS_APP_NAME" "$OPENSEARCH_APP_NAME" --protocol tcp --port 9200 + OPENSEARCH_MANAGER_APP_NAME="$1" + OPENSEARCH_NODE_APP_NAME="$2" + DASHBOARDS_APP_NAME="$3" + PROXY_APP_NAME="$4" + cf add-network-policy "$DASHBOARDS_APP_NAME" "$OPENSEARCH_MANAGER_APP_NAME" --protocol tcp --port 9200 + cf add-network-policy "$DASHBOARDS_APP_NAME" "$OPENSEARCH_NODE_APP_NAME" --protocol tcp --port 9200 cf add-network-policy "$PROXY_APP_NAME" "$DASHBOARDS_APP_NAME" --protocol tcp --port 5601 } @@ -242,7 +244,14 @@ main() { serve) source_env_vars export FLASK_APP="cf_auth_proxy.app:create_app()" - ${python} -m flask run -p "${PORT}" + ${python} -m gunicorn \ + --access-logfile - \ + --error-logfile - \ + --log-level info \ + --timeout 300 \ + --workers 4 \ + -b "0.0.0.0:$PORT" \ + --worker-class eventlet "$FLASK_APP" ;; start-cluster) source_env_vars From 035dff8325c796f62c2bbaf1a40941f57753a4f8 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 14:36:22 -0400 Subject: [PATCH 51/98] update pipeline to deploy manager and node apps --- ci/pipeline.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 33b8fa7..a9b045b 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -62,7 +62,14 @@ jobs: params: manifest: src/cf/opensearch-manifest.yml vars: - opensearch_app_name: ((dev-test-opensearch-app-name)) + opensearch_manager_app_name: ((dev-test-opensearch-manager-app-name)) + opensearch_password: ((opensearch-admin-password)) + + - put: cf-dev + params: + manifest: src/cf/opensearch-manifest.yml + vars: + opensearch_node_app_name: ((dev-test-opensearch-node-app-name)) opensearch_password: ((opensearch-admin-password)) - put: cf-dev From 3a6cadb2f71c0370e236e9c5816fa2d58964a18f Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 14:41:35 -0400 Subject: [PATCH 52/98] fix manifest paths --- ci/pipeline.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index a9b045b..1be75c4 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -55,19 +55,19 @@ jobs: - get: src params: {depth: 1} trigger: true - passed: [test, build-test-images] + passed: [test] - get: general-task - put: cf-dev params: - manifest: src/cf/opensearch-manifest.yml + manifest: src/cf/opensearch-manager-manifest.yml vars: opensearch_manager_app_name: ((dev-test-opensearch-manager-app-name)) opensearch_password: ((opensearch-admin-password)) - put: cf-dev params: - manifest: src/cf/opensearch-manifest.yml + manifest: src/cf/opensearch-node-manifest.yml vars: opensearch_node_app_name: ((dev-test-opensearch-node-app-name)) opensearch_password: ((opensearch-admin-password)) From 8d6e30cb0921de54cfb18b0631a2b5663e236826 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 14:48:17 -0400 Subject: [PATCH 53/98] fix manifests --- cf/opensearch-dashboards-manifest.yml | 4 +++- cf/opensearch-manager-manifest.yml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cf/opensearch-dashboards-manifest.yml b/cf/opensearch-dashboards-manifest.yml index 120cb8b..db6cab4 100644 --- a/cf/opensearch-dashboards-manifest.yml +++ b/cf/opensearch-dashboards-manifest.yml @@ -14,7 +14,9 @@ applications: docker: image: cloudgovoperations/test-opensearch-dashboards:latest env: - "OPENSEARCH_HOSTS": [https://0.test-opensearch-manager.apps.internal:9200, https://1.test-opensearch-node.apps.internal:9200] + "OPENSEARCH_HOSTS": + - "https://0.test-opensearch-manager.apps.internal:9200" + - "https://1.test-opensearch-node.apps.internal:9200" "opensearch.requestHeadersAllowlist": "securitytenant,Authorization,x-forwarded-for,x-proxy-user,x-proxy-roles" "opensearch_security.auth_type": "proxy" "opensearch_security.proxycache.user_header": "x-proxy-user" diff --git a/cf/opensearch-manager-manifest.yml b/cf/opensearch-manager-manifest.yml index b597b28..0d7c81e 100644 --- a/cf/opensearch-manager-manifest.yml +++ b/cf/opensearch-manager-manifest.yml @@ -16,7 +16,9 @@ applications: docker: image: cloudgovoperations/test-opensearch:latest env: - discovery.seed_hosts: ["https://0.test-opensearch-manager.apps.internal:9200", "https://0.test-opensearch-node.apps.internal:9200"] + discovery.seed_hosts: + - "https://0.test-opensearch-manager.apps.internal:9200" + - "https://0.test-opensearch-node.apps.internal:9200" cluster.initial_cluster_manager_nodes: "opensearch-manager" "node.name": opensearch-manager "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM From 9295132d0ae16e6d2649a4f57bcaa32d4984d7a1 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 16:47:09 -0400 Subject: [PATCH 54/98] fix app manifests --- cf/opensearch-manager-manifest.yml | 4 +--- cf/opensearch-node-manifest.yml | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/cf/opensearch-manager-manifest.yml b/cf/opensearch-manager-manifest.yml index 0d7c81e..7012101 100644 --- a/cf/opensearch-manager-manifest.yml +++ b/cf/opensearch-manager-manifest.yml @@ -16,9 +16,7 @@ applications: docker: image: cloudgovoperations/test-opensearch:latest env: - discovery.seed_hosts: - - "https://0.test-opensearch-manager.apps.internal:9200" - - "https://0.test-opensearch-node.apps.internal:9200" + discovery.seed_hosts: '["https://0.test-opensearch-manager.apps.internal:9200","https://0.test-opensearch-node.apps.internal:9200"]' cluster.initial_cluster_manager_nodes: "opensearch-manager" "node.name": opensearch-manager "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM diff --git a/cf/opensearch-node-manifest.yml b/cf/opensearch-node-manifest.yml index 9b968e1..d7fee7b 100644 --- a/cf/opensearch-node-manifest.yml +++ b/cf/opensearch-node-manifest.yml @@ -16,7 +16,7 @@ applications: docker: image: cloudgovoperations/test-opensearch:latest env: - discovery.seed_hosts: ["https://0.test-opensearch-manager.apps.internal:9200", "https://0.test-opensearch-node.apps.internal:9200"] + discovery.seed_hosts: '["https://0.test-opensearch-manager.apps.internal:9200","https://0.test-opensearch-node.apps.internal:9200"]' cluster.initial_cluster_manager_nodes: "opensearch-manager" "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) From 81928fe8ca814a562901855a729242d7a0793b35 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 16:54:32 -0400 Subject: [PATCH 55/98] try setting java opt on opensearch manager node for max FD limit --- cf/opensearch-manager-manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/opensearch-manager-manifest.yml b/cf/opensearch-manager-manifest.yml index 7012101..c217720 100644 --- a/cf/opensearch-manager-manifest.yml +++ b/cf/opensearch-manager-manifest.yml @@ -19,5 +19,5 @@ applications: discovery.seed_hosts: '["https://0.test-opensearch-manager.apps.internal:9200","https://0.test-opensearch-node.apps.internal:9200"]' cluster.initial_cluster_manager_nodes: "opensearch-manager" "node.name": opensearch-manager - "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m -XX:+MaxFDLimit" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) From 27071f402b2dd6e64fed477eec94b37b563d9d9f Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 16:58:08 -0400 Subject: [PATCH 56/98] set bootstrap option for manager node --- cf/opensearch-manager-manifest.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cf/opensearch-manager-manifest.yml b/cf/opensearch-manager-manifest.yml index c217720..d45e8be 100644 --- a/cf/opensearch-manager-manifest.yml +++ b/cf/opensearch-manager-manifest.yml @@ -18,6 +18,7 @@ applications: env: discovery.seed_hosts: '["https://0.test-opensearch-manager.apps.internal:9200","https://0.test-opensearch-node.apps.internal:9200"]' cluster.initial_cluster_manager_nodes: "opensearch-manager" + bootstrap.memory_lock: true "node.name": opensearch-manager - "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m -XX:+MaxFDLimit" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) From 8a6c2e4f3f4216f570643c8b427f82e01a87eb7a Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 17:10:06 -0400 Subject: [PATCH 57/98] move back to a single node opensearch cluster & increase memory for node to 14 GB --- cf/opensearch-dashboards-manifest.yml | 4 +--- cf/opensearch-node-manifest.yml | 10 ++++++---- ci/pipeline.yml | 12 ++++++------ dev | 12 ++++++------ 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/cf/opensearch-dashboards-manifest.yml b/cf/opensearch-dashboards-manifest.yml index db6cab4..7aef069 100644 --- a/cf/opensearch-dashboards-manifest.yml +++ b/cf/opensearch-dashboards-manifest.yml @@ -14,9 +14,7 @@ applications: docker: image: cloudgovoperations/test-opensearch-dashboards:latest env: - "OPENSEARCH_HOSTS": - - "https://0.test-opensearch-manager.apps.internal:9200" - - "https://1.test-opensearch-node.apps.internal:9200" + "OPENSEARCH_HOSTS": https://0.test-opensearch-node.apps.internal:9200 "opensearch.requestHeadersAllowlist": "securitytenant,Authorization,x-forwarded-for,x-proxy-user,x-proxy-roles" "opensearch_security.auth_type": "proxy" "opensearch_security.proxycache.user_header": "x-proxy-user" diff --git a/cf/opensearch-node-manifest.yml b/cf/opensearch-node-manifest.yml index d7fee7b..e39d616 100644 --- a/cf/opensearch-node-manifest.yml +++ b/cf/opensearch-node-manifest.yml @@ -8,7 +8,7 @@ version: 1 applications: - name: ((opensearch_node_app_name)) - memory: 5G + memory: 16G instances: 1 disk_quota: 2G routes: @@ -16,7 +16,9 @@ applications: docker: image: cloudgovoperations/test-opensearch:latest env: - discovery.seed_hosts: '["https://0.test-opensearch-manager.apps.internal:9200","https://0.test-opensearch-node.apps.internal:9200"]' - cluster.initial_cluster_manager_nodes: "opensearch-manager" - "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + # discovery.seed_hosts: '["https://0.test-opensearch-manager.apps.internal:9200","https://0.test-opensearch-node.apps.internal:9200"]' + # cluster.initial_cluster_manager_nodes: "opensearch-manager" + "discovery.type": single-node + "node.name": opensearch-node1 + "OPENSEARCH_JAVA_OPTS": "-Xms14336m -Xmx14336m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 1be75c4..e5472ac 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -58,12 +58,12 @@ jobs: passed: [test] - get: general-task - - put: cf-dev - params: - manifest: src/cf/opensearch-manager-manifest.yml - vars: - opensearch_manager_app_name: ((dev-test-opensearch-manager-app-name)) - opensearch_password: ((opensearch-admin-password)) + # - put: cf-dev + # params: + # manifest: src/cf/opensearch-manager-manifest.yml + # vars: + # opensearch_manager_app_name: ((dev-test-opensearch-manager-app-name)) + # opensearch_password: ((opensearch-admin-password)) - put: cf-dev params: diff --git a/dev b/dev index a53408f..c867b4a 100755 --- a/dev +++ b/dev @@ -125,15 +125,15 @@ cf_push() { } cf_network() { - if [[ $# -lt 4 ]]; then + if [[ $# -lt 3 ]]; then echo "Four arguments required: opensearch manager app name, opensearch node app name, dashboards app name, and proxy app name" exit 1 fi - OPENSEARCH_MANAGER_APP_NAME="$1" - OPENSEARCH_NODE_APP_NAME="$2" - DASHBOARDS_APP_NAME="$3" - PROXY_APP_NAME="$4" - cf add-network-policy "$DASHBOARDS_APP_NAME" "$OPENSEARCH_MANAGER_APP_NAME" --protocol tcp --port 9200 + # OPENSEARCH_MANAGER_APP_NAME="$1" + OPENSEARCH_NODE_APP_NAME="$1" + DASHBOARDS_APP_NAME="$2" + PROXY_APP_NAME="$3" + # cf add-network-policy "$DASHBOARDS_APP_NAME" "$OPENSEARCH_MANAGER_APP_NAME" --protocol tcp --port 9200 cf add-network-policy "$DASHBOARDS_APP_NAME" "$OPENSEARCH_NODE_APP_NAME" --protocol tcp --port 9200 cf add-network-policy "$PROXY_APP_NAME" "$DASHBOARDS_APP_NAME" --protocol tcp --port 5601 } From 02505a9a2e7d850d46a724972d03745f1b2aa295 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 17:14:10 -0400 Subject: [PATCH 58/98] change memory for opensearch java process to 7GB --- cf/opensearch-node-manifest.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cf/opensearch-node-manifest.yml b/cf/opensearch-node-manifest.yml index e39d616..6e66f81 100644 --- a/cf/opensearch-node-manifest.yml +++ b/cf/opensearch-node-manifest.yml @@ -8,7 +8,7 @@ version: 1 applications: - name: ((opensearch_node_app_name)) - memory: 16G + memory: 8G instances: 1 disk_quota: 2G routes: @@ -20,5 +20,5 @@ applications: # cluster.initial_cluster_manager_nodes: "opensearch-manager" "discovery.type": single-node "node.name": opensearch-node1 - "OPENSEARCH_JAVA_OPTS": "-Xms14336m -Xmx14336m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + "OPENSEARCH_JAVA_OPTS": "-Xms7168m -Xmx7168m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) From f3cd5c73dd7be9b98d3e2a440430ec7834ac0163 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 17:19:23 -0400 Subject: [PATCH 59/98] remove CI code for manager node --- ci/pipeline.yml | 8 -------- ci/update-networking.sh | 2 +- dev | 4 +--- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index e5472ac..898237c 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -57,13 +57,6 @@ jobs: trigger: true passed: [test] - get: general-task - - # - put: cf-dev - # params: - # manifest: src/cf/opensearch-manager-manifest.yml - # vars: - # opensearch_manager_app_name: ((dev-test-opensearch-manager-app-name)) - # opensearch_password: ((opensearch-admin-password)) - put: cf-dev params: @@ -110,7 +103,6 @@ jobs: CF_PASSWORD: ((dev-cf-password)) CF_ORGANIZATION: ((dev-cf-organization)) CF_SPACE: ((dev-cf-space)) - OPENSEARCH_MANAGER_APP_NAME: ((dev-test-opensearch-manager-app-name)) OPENSEARCH_NODE_APP_NAME: ((dev-test-opensearch-node-app-name)) DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) PROXY_APP_NAME: ((dev-test-auth-proxy-app-name)) diff --git a/ci/update-networking.sh b/ci/update-networking.sh index 32e3695..d36c3d6 100755 --- a/ci/update-networking.sh +++ b/ci/update-networking.sh @@ -14,4 +14,4 @@ cf t -o ${CF_ORGANIZATION} -s ${CF_SPACE} sleep 10 -../dev cf-network "$OPENSEARCH_MANAGER_APP_NAME" "$OPENSEARCH_NODE_APP_NAME" "$DASHBOARDS_APP_NAME" "$PROXY_APP_NAME" +../dev cf-network "$OPENSEARCH_NODE_APP_NAME" "$DASHBOARDS_APP_NAME" "$PROXY_APP_NAME" diff --git a/dev b/dev index c867b4a..9906253 100755 --- a/dev +++ b/dev @@ -126,14 +126,12 @@ cf_push() { cf_network() { if [[ $# -lt 3 ]]; then - echo "Four arguments required: opensearch manager app name, opensearch node app name, dashboards app name, and proxy app name" + echo "Three arguments required: opensearch manager app name, opensearch node app name, dashboards app name, and proxy app name" exit 1 fi - # OPENSEARCH_MANAGER_APP_NAME="$1" OPENSEARCH_NODE_APP_NAME="$1" DASHBOARDS_APP_NAME="$2" PROXY_APP_NAME="$3" - # cf add-network-policy "$DASHBOARDS_APP_NAME" "$OPENSEARCH_MANAGER_APP_NAME" --protocol tcp --port 9200 cf add-network-policy "$DASHBOARDS_APP_NAME" "$OPENSEARCH_NODE_APP_NAME" --protocol tcp --port 9200 cf add-network-policy "$PROXY_APP_NAME" "$DASHBOARDS_APP_NAME" --protocol tcp --port 5601 } From 158ea666fa063f2fd87de92e12cf2b86f41e207e Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 17:26:11 -0400 Subject: [PATCH 60/98] refactor pipeline so new images trigger deploy of apps --- ci/pipeline.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 898237c..4488c1e 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -57,6 +57,10 @@ jobs: trigger: true passed: [test] - get: general-task + - get: dev-opensearch-image + trigger: true + - get: dev-opensearch-dashboards-image + trigger: true - put: cf-dev params: From 9520f9960356159679c8b82c2c45f368b7964a64 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 17:26:33 -0400 Subject: [PATCH 61/98] fix pipeline --- ci/pipeline.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 4488c1e..77a1627 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -59,8 +59,10 @@ jobs: - get: general-task - get: dev-opensearch-image trigger: true + passed: [test] - get: dev-opensearch-dashboards-image trigger: true + passed: [test] - put: cf-dev params: From a47cbdad7b7e15421cc6bdf1a6b63d2138b098e1 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 17:26:53 -0400 Subject: [PATCH 62/98] fix script for setting config --- ci/init-config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/init-config.sh b/ci/init-config.sh index 2c6a877..5a952f4 100755 --- a/ci/init-config.sh +++ b/ci/init-config.sh @@ -13,7 +13,7 @@ cf auth cf t -o "${CF_ORGANIZATION}" -s "${CF_SPACE}" echo "Creating SSH tunnel" -cf ssh -L 9200:test-opensearch-manager.apps.internal:9200 -L 5601:dashboard-test.apps.internal:5601 "${DASHBOARDS_APP_NAME}" -N & +cf ssh -L 9200:test-opensearch-node.apps.internal:9200 -L 5601:dashboard-test.apps.internal:5601 "${DASHBOARDS_APP_NAME}" -N & ssh_pid=$! echo "Waiting for tunnel to come up ..." From da0be47c3e6f14cbcb9e5417fa30b1ea2132174c Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 14 Mar 2024 17:29:14 -0400 Subject: [PATCH 63/98] refactor pipeline --- ci/pipeline.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 77a1627..7ca6f15 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -33,7 +33,7 @@ jobs: params: {depth: 1} trigger: true - get: src - passed: [reconfigure] + passed: [test] - put: dev-opensearch-image params: @@ -59,10 +59,8 @@ jobs: - get: general-task - get: dev-opensearch-image trigger: true - passed: [test] - get: dev-opensearch-dashboards-image trigger: true - passed: [test] - put: cf-dev params: From 358bf5c51ee71fc115c63062da932d883d65aa3d Mon Sep 17 00:00:00 2001 From: = Date: Thu, 14 Mar 2024 15:08:57 -0700 Subject: [PATCH 64/98] try a longer timeout --- e2e/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/utils.py b/e2e/utils.py index d7d2b20..4531049 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -5,7 +5,7 @@ def log_in(user, page, start_at=None): - page.set_default_timeout(60000) + page.set_default_timeout(240000) if start_at is None: start_at = AUTH_PROXY_URL From 329cf988fcec2f87aa10f3a5b02e4b3dda164f8c Mon Sep 17 00:00:00 2001 From: = Date: Thu, 14 Mar 2024 16:04:21 -0700 Subject: [PATCH 65/98] revert timeout, add debug, allow setting ci target --- cf/proxy-manifest.yml | 1 + e2e/utils.py | 2 +- scripts/download-e2e-ci-results.sh | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cf/proxy-manifest.yml b/cf/proxy-manifest.yml index 6962b9f..ea708d0 100644 --- a/cf/proxy-manifest.yml +++ b/cf/proxy-manifest.yml @@ -25,4 +25,5 @@ applications: UAA_CLIENT_SECRET: ((uaa_client_secret)) SECRET_KEY: ((secret_key)) SESSION_LIFETIME: ((session_lifetime)) + DEBUG: true memory: 1G diff --git a/e2e/utils.py b/e2e/utils.py index 4531049..d7d2b20 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -5,7 +5,7 @@ def log_in(user, page, start_at=None): - page.set_default_timeout(240000) + page.set_default_timeout(60000) if start_at is None: start_at = AUTH_PROXY_URL diff --git a/scripts/download-e2e-ci-results.sh b/scripts/download-e2e-ci-results.sh index 80d85b1..71f923b 100755 --- a/scripts/download-e2e-ci-results.sh +++ b/scripts/download-e2e-ci-results.sh @@ -7,7 +7,7 @@ if [[ -z "$BUILD_NUMBER" ]]; then exit 1 fi -CI_TASK_TARGET="fly -t ci intercept -j opensearch-dashboards-cf-auth-proxy/e2e -s e2e-tests -b $BUILD_NUMBER" +CI_TASK_TARGET="fly -t ${FLY_TARGET:=ci} intercept -j opensearch-dashboards-cf-auth-proxy/e2e -s e2e-tests -b $BUILD_NUMBER" TEST_RESULTS_DIR="src/test-results" LOCAL_TARGET_DIR="ci-test-results" From 4f0771bde3c906c79a070bf3daaa8e2071c994aa Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 11:03:24 -0400 Subject: [PATCH 66/98] add debug logging for proxy --- cf/proxy-manifest.yml | 1 + cf_auth_proxy/app.py | 7 ++++++- e2e/utils.py | 1 - 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/cf/proxy-manifest.yml b/cf/proxy-manifest.yml index ea708d0..c6bcbd4 100644 --- a/cf/proxy-manifest.yml +++ b/cf/proxy-manifest.yml @@ -26,4 +26,5 @@ applications: SECRET_KEY: ((secret_key)) SESSION_LIFETIME: ((session_lifetime)) DEBUG: true + LOG_LEVEL: debug memory: 1G diff --git a/cf_auth_proxy/app.py b/cf_auth_proxy/app.py index 9326997..e867ec4 100644 --- a/cf_auth_proxy/app.py +++ b/cf_auth_proxy/app.py @@ -1,7 +1,8 @@ -from base64 import b64encode, b64decode, urlsafe_b64encode, urlsafe_b64decode +from base64 import urlsafe_b64encode import urllib.parse import os import datetime +import logging from flask import Flask, request, session, url_for, redirect import jwt @@ -18,6 +19,9 @@ def create_app(): app = Flask(__name__) app.config.from_object(config) + logger = logging.getLogger() + logger.setLevel(level=os.getenv("LOG_LEVEL", "INFO").upper()) + @app.before_request def refresh_session(): access_token_expiration = session.get("access_token_expiration") @@ -66,6 +70,7 @@ def callback(): sess_csrf = session.pop("state") if sess_csrf != req_csrf: + logger.debug("expected CSRF: %s, got: %s", sess_csrf, req_csrf) # TODO: make a view for this return "bad request", 403 diff --git a/e2e/utils.py b/e2e/utils.py index d7d2b20..eeaa295 100644 --- a/e2e/utils.py +++ b/e2e/utils.py @@ -1,5 +1,4 @@ import re -import time from . import AUTH_PROXY_URL, UAA_AUTH_URL From d6df38909b75fcb8441be35763ef5794b97c4abb Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 11:39:38 -0400 Subject: [PATCH 67/98] add more debug logging --- cf_auth_proxy/app.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cf_auth_proxy/app.py b/cf_auth_proxy/app.py index e867ec4..f3885e8 100644 --- a/cf_auth_proxy/app.py +++ b/cf_auth_proxy/app.py @@ -131,6 +131,7 @@ def callback(): def handle_request(path): def redirect_to_auth(): session["state"] = urlsafe_b64encode(os.urandom(24)).decode("utf-8") + logger.debug("set session state: %s", session["state"]) if len(path): session["original-request"] = f"/{path}" else: From 97d31e144ce49fd8e3aa0791fef6e74529b5d593 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 11:39:52 -0400 Subject: [PATCH 68/98] revert the number of workers to 1 per auth proxy instance --- Procfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Procfile b/Procfile index c70fd97..55abd7c 100644 --- a/Procfile +++ b/Procfile @@ -1 +1 @@ -web: gunicorn --access-logfile - --error-logfile - --log-level info --timeout 300 --workers 4 --worker-class eventlet "cf_auth_proxy.app:create_app()" +web: gunicorn --access-logfile - --error-logfile - --log-level info --timeout 300 --worker-class eventlet "cf_auth_proxy.app:create_app()" From fa12c0770e28a6b6f249db3a4aedbfd7971efe9a Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 11:57:38 -0400 Subject: [PATCH 69/98] remove unused manifest --- cf/opensearch-manager-manifest.yml | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 cf/opensearch-manager-manifest.yml diff --git a/cf/opensearch-manager-manifest.yml b/cf/opensearch-manager-manifest.yml deleted file mode 100644 index d45e8be..0000000 --- a/cf/opensearch-manager-manifest.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -########################################################### -# NOTE: this cluster is totally insecure and non-durable. # -# It should only be used for testing the proxy and should # -# NEVER have any sensitive or important data. # -########################################################### - -version: 1 -applications: -- name: ((opensearch_manager_app_name)) - memory: 5G - instances: 1 - disk_quota: 2G - routes: - - route: test-opensearch-node.apps.internal - docker: - image: cloudgovoperations/test-opensearch:latest - env: - discovery.seed_hosts: '["https://0.test-opensearch-manager.apps.internal:9200","https://0.test-opensearch-node.apps.internal:9200"]' - cluster.initial_cluster_manager_nodes: "opensearch-manager" - bootstrap.memory_lock: true - "node.name": opensearch-manager - "OPENSEARCH_JAVA_OPTS": "-Xms4096m -Xmx4096m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - OPENSEARCH_INITIAL_ADMIN_PASSWORD: ((opensearch_password)) From 882588e98ae718eed118066bc8586d4fd5a832e9 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 13:56:54 -0400 Subject: [PATCH 70/98] re-enable four workers for proxy app --- Procfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Procfile b/Procfile index 55abd7c..c70fd97 100644 --- a/Procfile +++ b/Procfile @@ -1 +1 @@ -web: gunicorn --access-logfile - --error-logfile - --log-level info --timeout 300 --worker-class eventlet "cf_auth_proxy.app:create_app()" +web: gunicorn --access-logfile - --error-logfile - --log-level info --timeout 300 --workers 4 --worker-class eventlet "cf_auth_proxy.app:create_app()" From 5f54ddfaf6a8b06564fe49c1d3a34227b8cb90d6 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 14:35:32 -0400 Subject: [PATCH 71/98] refactor source code info into config file for pipeline --- ci/config.yml | 2 ++ ci/pipeline.yml | 10 ++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) create mode 100644 ci/config.yml diff --git a/ci/config.yml b/ci/config.yml new file mode 100644 index 0000000..d744c19 --- /dev/null +++ b/ci/config.yml @@ -0,0 +1,2 @@ +proxy-src-code-uri: https://github.com/cloud-gov/opensearch-dashboards-cf-auth-proxy +proxy-src-code-branch: fix-e2e-tests diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 7ca6f15..f75ec33 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -8,6 +8,8 @@ jobs: trigger: true - set_pipeline: self file: src/ci/pipeline.yml + var_files: + - src/ci/config.yml - name: test plan: @@ -216,8 +218,8 @@ resources: icon: github-circle check_every: 10s source: - uri: https://github.com/cloud-gov/opensearch-dashboards-cf-auth-proxy - branch: fix-e2e-tests + uri: ((proxy-src-code-uri)) + branch: ((proxy-src-code-branch)) commit_verification_keys: ((cloud-gov-pgp-keys)) - name: src-docker @@ -225,8 +227,8 @@ resources: icon: github-circle check_every: 10s source: - uri: https://github.com/cloud-gov/opensearch-dashboards-cf-auth-proxy - branch: fix-e2e-tests + uri: ((proxy-src-code-uri)) + branch: ((proxy-src-code-branch)) commit_verification_keys: ((cloud-gov-pgp-keys)) paths: - docker From f38031290d90b5b8f67d7530bc54feb8d0a363dd Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 14:38:53 -0400 Subject: [PATCH 72/98] remove log level settings for proxy --- cf/proxy-manifest.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/cf/proxy-manifest.yml b/cf/proxy-manifest.yml index c6bcbd4..6962b9f 100644 --- a/cf/proxy-manifest.yml +++ b/cf/proxy-manifest.yml @@ -25,6 +25,4 @@ applications: UAA_CLIENT_SECRET: ((uaa_client_secret)) SECRET_KEY: ((secret_key)) SESSION_LIFETIME: ((session_lifetime)) - DEBUG: true - LOG_LEVEL: debug memory: 1G From 9852ca2a46793f0b3b300ad6462f38f1d7858768 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 14:57:47 -0400 Subject: [PATCH 73/98] update pipeline to use general-task image for e2e tests --- ci/pipeline.yml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index f75ec33..1739544 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -121,7 +121,6 @@ jobs: trigger: true passed: [deploy-test-apps] - get: general-task - - get: harden-playwright - task: provision-cf-access image: general-task config: @@ -183,7 +182,7 @@ jobs: DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) - task: e2e-tests - image: harden-playwright + image: general-task config: inputs: - name: src @@ -270,15 +269,6 @@ resources: aws_region: us-gov-west-1 tag: latest -- name: harden-playwright - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-playwright - aws_region: us-gov-west-1 - tag: latest - ############################ # RESOURCE TYPES From 83718e65524dc5d9096869409d986339baae77a7 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 15:17:21 -0400 Subject: [PATCH 74/98] re-add hardened playwright image --- ci/pipeline.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 1739544..f75ec33 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -121,6 +121,7 @@ jobs: trigger: true passed: [deploy-test-apps] - get: general-task + - get: harden-playwright - task: provision-cf-access image: general-task config: @@ -182,7 +183,7 @@ jobs: DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) - task: e2e-tests - image: general-task + image: harden-playwright config: inputs: - name: src @@ -269,6 +270,15 @@ resources: aws_region: us-gov-west-1 tag: latest +- name: harden-playwright + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: harden-playwright + aws_region: us-gov-west-1 + tag: latest + ############################ # RESOURCE TYPES From c4e8a3dae12a925b5d55c0c05799933521fc84f7 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 15:54:48 -0400 Subject: [PATCH 75/98] update code for running e2e tests and update documents --- README.md | 30 +++++++++++++++++++++++------- dev | 22 +++++++++++++--------- 2 files changed, 36 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 83468cc..7506c68 100644 --- a/README.md +++ b/README.md @@ -47,36 +47,52 @@ The following are optional: After starting up the auth-proxy using the above steps, run: ```shell -./dev e2e-local +./dev e2e ``` To debug the e2e tests (see ): ```shell -PWDEBUG=1 ./dev e2e-local +PWDEBUG=1 ./dev e2e ``` -You can specify [any `pytest` flags](https://docs.pytest.org/en/7.1.x/reference/reference.html#command-line-flags) or [Playwright CLI flags](https://playwright.dev/python/docs/test-runners#cli-arguments) for `e2e-local`. +You can specify [any `pytest` flags](https://docs.pytest.org/en/7.1.x/reference/reference.html#command-line-flags) or [Playwright CLI flags](https://playwright.dev/python/docs/test-runners#cli-arguments) for `e2e`. To target specific e2e test(s): ```shell # run the test_see_correct_logs_in_discover_user_1 test -./dev e2e-local -k 'test_see_correct_logs_in_discover_user_1' +./dev e2e -k 'test_see_correct_logs_in_discover_user_1' # run all the test_see_correct_logs_in_discover_user* tests -./dev e2e-local -k 'test_see_correct_logs_in_discover_user' +./dev e2e -k 'test_see_correct_logs_in_discover_user' ``` To retain video records of failed tests: ```shell -./dev e2e-local --video retain-on-failure +./dev e2e --video retain-on-failure ``` To retain a [trace](https://playwright.dev/python/docs/trace-viewer-intro) of failed tests: ```shell -./dev e2e-local --tracing retain-on-failure +./dev e2e --tracing retain-on-failure +``` + +### Running the e2e tests against other proxy instances + +Create an `.env` file for the environment you want to test. For example, to test the `dev` environment, create a `dev.env` file. + +Copy the contents of `.env` to your environment specific file (e.g. `dev.env`) and update these values as necessary: + +- `AUTH_PROXY_URL` +- `UAA_AUTH_URL` +- All the variables starting with `TEST_USER` with correct values for the given environment + +Then, run the tests while specifying the environment you want to test as `ENVIRONMENT`: + +```shell +ENVIRONMENT=dev ./dev e2e ``` ### Adding client diff --git a/dev b/dev index 9906253..c8a78fc 100755 --- a/dev +++ b/dev @@ -5,6 +5,9 @@ shopt -s inherit_errexit 2>/dev/null || true dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" python=${dir}/venv/bin/python + +ENVIRONMENT=${ENVIRONMENT:-local} + usage() { local me me=$(basename "$0") @@ -138,15 +141,17 @@ cf_network() { source_env_vars() { set -o allexport - - ENVIRONMENT=${ENVIRONMENT:-} pushd "${dir}" case $ENVIRONMENT in prod|production) source "prod.env" ;; - + + dev) + source "dev.env" + ;; + *) source ".env" ;; @@ -273,13 +278,12 @@ main() { watch_tests "$@" ;; e2e) - ${python} -m pytest e2e --browser firefox "$@" - ;; - e2e-local) source_env_vars - set_cf_default_vars - set_cf_env_vars - seed_opensearch_data + if [[ "$ENVIRONMENT" == "local" ]]; then + set_cf_default_vars + set_cf_env_vars + seed_opensearch_data + fi ${python} -m pytest e2e --browser firefox "$@" ;; format) From f749f7dab6b9656fe8decc295e0526f488599d5f Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 15 Mar 2024 16:03:57 -0400 Subject: [PATCH 76/98] refactor e2e test --- README.md | 12 ++++++------ dev | 25 +++++++++++++++++-------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 7506c68..255e28a 100644 --- a/README.md +++ b/README.md @@ -47,13 +47,13 @@ The following are optional: After starting up the auth-proxy using the above steps, run: ```shell -./dev e2e +./dev e2e-local ``` To debug the e2e tests (see ): ```shell -PWDEBUG=1 ./dev e2e +PWDEBUG=1 ./dev e2e-local ``` You can specify [any `pytest` flags](https://docs.pytest.org/en/7.1.x/reference/reference.html#command-line-flags) or [Playwright CLI flags](https://playwright.dev/python/docs/test-runners#cli-arguments) for `e2e`. @@ -62,21 +62,21 @@ To target specific e2e test(s): ```shell # run the test_see_correct_logs_in_discover_user_1 test -./dev e2e -k 'test_see_correct_logs_in_discover_user_1' +./dev e2e-local -k 'test_see_correct_logs_in_discover_user_1' # run all the test_see_correct_logs_in_discover_user* tests -./dev e2e -k 'test_see_correct_logs_in_discover_user' +./dev e2e-local -k 'test_see_correct_logs_in_discover_user' ``` To retain video records of failed tests: ```shell -./dev e2e --video retain-on-failure +./dev e2e-local --video retain-on-failure ``` To retain a [trace](https://playwright.dev/python/docs/trace-viewer-intro) of failed tests: ```shell -./dev e2e --tracing retain-on-failure +./dev e2e-local --tracing retain-on-failure ``` ### Running the e2e tests against other proxy instances diff --git a/dev b/dev index c8a78fc..16b9139 100755 --- a/dev +++ b/dev @@ -6,7 +6,7 @@ shopt -s inherit_errexit 2>/dev/null || true dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" python=${dir}/venv/bin/python -ENVIRONMENT=${ENVIRONMENT:-local} +ENVIRONMENT=${ENVIRONMENT:-} usage() { local me @@ -152,7 +152,7 @@ source_env_vars() { source "dev.env" ;; - *) + local) source ".env" ;; esac @@ -207,6 +207,10 @@ provision_cf_access() { bash ./ci/provision-cf-access.sh } +run_e2e_tests() { + ${python} -m pytest e2e --browser firefox "$@" +} + main() { pushd "${dir}" trap popd exit @@ -277,14 +281,19 @@ main() { watch-test|watch-tests) watch_tests "$@" ;; - e2e) + e2e-local) + export ENVIRONMENT=local source_env_vars - if [[ "$ENVIRONMENT" == "local" ]]; then - set_cf_default_vars - set_cf_env_vars - seed_opensearch_data + set_cf_default_vars + set_cf_env_vars + seed_opensearch_data + run_e2e_tests "$@" + ;; + e2e) + if [[ -n "$ENVIRONMENT" ]]; then + source_env_vars fi - ${python} -m pytest e2e --browser firefox "$@" + run_e2e_tests "$@" ;; format) ${python} -m black . From 71995f40af842dbdbf0ad9eeac65efea8b38c69c Mon Sep 17 00:00:00 2001 From: = Date: Mon, 18 Mar 2024 10:15:51 -0700 Subject: [PATCH 77/98] use production config type for tests --- cf/proxy-manifest.yml | 2 +- cf_auth_proxy/config.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cf/proxy-manifest.yml b/cf/proxy-manifest.yml index 6962b9f..4b57f6f 100644 --- a/cf/proxy-manifest.yml +++ b/cf/proxy-manifest.yml @@ -15,7 +15,7 @@ applications: routes: - route: ((public_route)) env: - FLASK_ENV: local + FLASK_ENV: production DASHBOARD_URL: ((dashboard_url)) CF_ADMIN_GROUP_NAME: "cloud_controller.admin" CF_API_URL: ((cf_url)) diff --git a/cf_auth_proxy/config.py b/cf_auth_proxy/config.py index e22c2eb..31bab03 100644 --- a/cf_auth_proxy/config.py +++ b/cf_auth_proxy/config.py @@ -100,8 +100,8 @@ def __init__(self): self.SECRET_KEY = self.env_parser.str("SECRET_KEY") self.PERMANENT_SESSION_LIFETIME = self.env_parser.int("SESSION_LIFETIME") self.CF_ADMIN_GROUP_NAME = self.env_parser.str("CF_ADMIN_GROUP_NAME") - self.DASHBOARD_CERTIFICATE = self.env_parser.str("DASHBOARD_CERTIFICATE") + self.DASHBOARD_CERTIFICATE = self.env_parser.str("DASHBOARD_CERTIFICATE", None) self.DASHBOARD_CERTIFICATE_KEY = self.env_parser.str( - "DASHBOARD_CERTIFICATE_KEY" + "DASHBOARD_CERTIFICATE_KEY", None ) - self.DASHBOARD_CERTIFICATE_CA = self.env_parser.str("DASHBOARD_CERTIFICATE_CA") + self.DASHBOARD_CERTIFICATE_CA = self.env_parser.str("DASHBOARD_CERTIFICATE_CA", None) From 67eb5978aa17084a657328de9934375aaab5fbf1 Mon Sep 17 00:00:00 2001 From: = Date: Mon, 18 Mar 2024 10:32:32 -0700 Subject: [PATCH 78/98] blacken --- cf_auth_proxy/config.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cf_auth_proxy/config.py b/cf_auth_proxy/config.py index 31bab03..2c487a1 100644 --- a/cf_auth_proxy/config.py +++ b/cf_auth_proxy/config.py @@ -104,4 +104,6 @@ def __init__(self): self.DASHBOARD_CERTIFICATE_KEY = self.env_parser.str( "DASHBOARD_CERTIFICATE_KEY", None ) - self.DASHBOARD_CERTIFICATE_CA = self.env_parser.str("DASHBOARD_CERTIFICATE_CA", None) + self.DASHBOARD_CERTIFICATE_CA = self.env_parser.str( + "DASHBOARD_CERTIFICATE_CA", None + ) From 7693952602f8cf940b1608b985191320e45cfedc Mon Sep 17 00:00:00 2001 From: = Date: Mon, 18 Mar 2024 12:47:35 -0700 Subject: [PATCH 79/98] revert to local tests --- cf/proxy-manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/proxy-manifest.yml b/cf/proxy-manifest.yml index 4b57f6f..6962b9f 100644 --- a/cf/proxy-manifest.yml +++ b/cf/proxy-manifest.yml @@ -15,7 +15,7 @@ applications: routes: - route: ((public_route)) env: - FLASK_ENV: production + FLASK_ENV: local DASHBOARD_URL: ((dashboard_url)) CF_ADMIN_GROUP_NAME: "cloud_controller.admin" CF_API_URL: ((cf_url)) From 1867d465acf3c0600d767fa63064c9786dbe6d3b Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 16:35:53 -0400 Subject: [PATCH 80/98] update pipeline to use pipline-playwright hardened image --- ci/pipeline.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index f75ec33..ea21bc5 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -121,7 +121,7 @@ jobs: trigger: true passed: [deploy-test-apps] - get: general-task - - get: harden-playwright + - get: playwright-python - task: provision-cf-access image: general-task config: @@ -183,7 +183,7 @@ jobs: DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) - task: e2e-tests - image: harden-playwright + image: playwright-python config: inputs: - name: src @@ -270,12 +270,12 @@ resources: aws_region: us-gov-west-1 tag: latest -- name: harden-playwright +- name: playwright-python type: registry-image source: aws_access_key_id: ((ecr_aws_key)) aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-playwright + repository: playwright-python aws_region: us-gov-west-1 tag: latest From a4a31eb607028496058f3467dbdb99665c550619 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 16:36:16 -0400 Subject: [PATCH 81/98] remove python browser install setup that is now handled in hardened image --- dev | 1 - 1 file changed, 1 deletion(-) diff --git a/dev b/dev index 16b9139..592b176 100755 --- a/dev +++ b/dev @@ -88,7 +88,6 @@ set_up_ci_environment () { ${python} -m pip install -r dev-requirements.txt # do this again for syncs that might involve deletions ${python} -m piptools sync requirements.txt dev-requirements.txt - ${python} -m playwright install firefox } set_up_environment () { From 22d26e28dcbcb8da1b05b9efc546be58ff40dfcc Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 16:39:55 -0400 Subject: [PATCH 82/98] add missing env var to e2e step --- ci/pipeline.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index ea21bc5..7f22e73 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -192,6 +192,8 @@ jobs: path: src/ci/e2e.sh params: AUTH_PROXY_URL: ((auth-proxy-url)) + UAA_AUTH_URL: ((dev-uaa-auth-url)) + TEST_USER_1_USERNAME: ((dev-test-user-1-username)) TEST_USER_1_PASSWORD: ((dev-test-user-1-password)) TEST_USER_1_TOTP_SEED: ((dev-test-user-1-totp-seed)) From a89b12cfe87e0a8bd0410b0de781c5a9f547fa68 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 16:46:58 -0400 Subject: [PATCH 83/98] add basic env var validation for e2e tests --- e2e/__init__.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/e2e/__init__.py b/e2e/__init__.py index 40fdd51..bb6c8dd 100644 --- a/e2e/__init__.py +++ b/e2e/__init__.py @@ -1,4 +1,12 @@ from os import getenv +import sys AUTH_PROXY_URL = getenv("AUTH_PROXY_URL") +if AUTH_PROXY_URL is None: + print("AUTH_PROXY_URL is a required environment variable, exiting") + sys.exit(1) + UAA_AUTH_URL = getenv("UAA_AUTH_URL") +if UAA_AUTH_URL is None: + print("UAA_AUTH_URL is a required environment variable, exiting") + sys.exit(1) From 6eab3148113dd9d04535f99e8fb97225f3e09006 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 16:56:02 -0400 Subject: [PATCH 84/98] remove hardened playwright python image --- ci/pipeline.yml | 12 +----------- dev | 1 + 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 7f22e73..05f3d22 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -121,7 +121,6 @@ jobs: trigger: true passed: [deploy-test-apps] - get: general-task - - get: playwright-python - task: provision-cf-access image: general-task config: @@ -183,7 +182,7 @@ jobs: DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) - task: e2e-tests - image: playwright-python + image: general-task config: inputs: - name: src @@ -272,15 +271,6 @@ resources: aws_region: us-gov-west-1 tag: latest -- name: playwright-python - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: playwright-python - aws_region: us-gov-west-1 - tag: latest - ############################ # RESOURCE TYPES diff --git a/dev b/dev index 592b176..16b9139 100755 --- a/dev +++ b/dev @@ -88,6 +88,7 @@ set_up_ci_environment () { ${python} -m pip install -r dev-requirements.txt # do this again for syncs that might involve deletions ${python} -m piptools sync requirements.txt dev-requirements.txt + ${python} -m playwright install firefox } set_up_environment () { From c46b7308b6b75043344c799b50eb463171b8f5a5 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:02:49 -0400 Subject: [PATCH 85/98] add step to install playwright deps --- dev | 1 + 1 file changed, 1 insertion(+) diff --git a/dev b/dev index 16b9139..44cff3a 100755 --- a/dev +++ b/dev @@ -88,6 +88,7 @@ set_up_ci_environment () { ${python} -m pip install -r dev-requirements.txt # do this again for syncs that might involve deletions ${python} -m piptools sync requirements.txt dev-requirements.txt + ${python} -m playwright install-deps ${python} -m playwright install firefox } From 0b48ef8e64a13a94e0df758b69bc486043b1ada4 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:13:54 -0400 Subject: [PATCH 86/98] update CI --- dev | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dev b/dev index 44cff3a..7920535 100755 --- a/dev +++ b/dev @@ -88,8 +88,7 @@ set_up_ci_environment () { ${python} -m pip install -r dev-requirements.txt # do this again for syncs that might involve deletions ${python} -m piptools sync requirements.txt dev-requirements.txt - ${python} -m playwright install-deps - ${python} -m playwright install firefox + ${python} -m playwright install --with-deps firefox } set_up_environment () { From f200216099ba0d07f5021efcd37e8947fab8c940 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:14:41 -0400 Subject: [PATCH 87/98] temporarily skip deploying apps --- ci/pipeline.yml | 122 ++++++++++++++++++++++++------------------------ 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 05f3d22..993fad0 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -51,67 +51,67 @@ jobs: tag_as_latest: true cache: true -- name: deploy-test-apps - plan: - - in_parallel: - - get: src - params: {depth: 1} - trigger: true - passed: [test] - - get: general-task - - get: dev-opensearch-image - trigger: true - - get: dev-opensearch-dashboards-image - trigger: true - - - put: cf-dev - params: - manifest: src/cf/opensearch-node-manifest.yml - vars: - opensearch_node_app_name: ((dev-test-opensearch-node-app-name)) - opensearch_password: ((opensearch-admin-password)) - - - put: cf-dev - params: - manifest: src/cf/opensearch-dashboards-manifest.yml - vars: - dashboards_app_name: ((dev-test-opensearch-dashboards-app-name)) - opensearch_password: ((opensearch-admin-password)) +# - name: deploy-test-apps +# plan: +# - in_parallel: +# - get: src +# params: {depth: 1} +# trigger: true +# passed: [test] +# - get: general-task +# - get: dev-opensearch-image +# trigger: true +# - get: dev-opensearch-dashboards-image +# trigger: true + +# - put: cf-dev +# params: +# manifest: src/cf/opensearch-node-manifest.yml +# vars: +# opensearch_node_app_name: ((dev-test-opensearch-node-app-name)) +# opensearch_password: ((opensearch-admin-password)) + +# - put: cf-dev +# params: +# manifest: src/cf/opensearch-dashboards-manifest.yml +# vars: +# dashboards_app_name: ((dev-test-opensearch-dashboards-app-name)) +# opensearch_password: ((opensearch-admin-password)) - - put: cf-dev - params: - path: src - manifest: src/cf/proxy-manifest.yml - vars: - cf_url: ((dev-cf-api-url)) - uaa_auth_url: ((dev-uaa-auth-url)) - uaa_base_url: ((dev-uaa-base-url)) - uaa_client_id: ((dev-uaa-test-client-id)) - uaa_client_secret: ((dev-uaa-test-client-secret)) - secret_key: ((dev-secret-key)) - session_lifetime: "3600" - public_route: ((dev-test-public-url)) - dashboard_url: ((dev-test-dashboard-url)) - auth_proxy_app_name: ((dev-test-auth-proxy-app-name)) - auth_proxy_num_instances: ((dev-test-auth-proxy-num-instances)) - - - task: update-networking - image: general-task - config: - platform: linux - inputs: - - name: src - run: - path: src/ci/update-networking.sh - params: &dev-cf-auth-params - CF_API_URL: ((dev-cf-api-url)) - CF_USERNAME: ((dev-cf-username)) - CF_PASSWORD: ((dev-cf-password)) - CF_ORGANIZATION: ((dev-cf-organization)) - CF_SPACE: ((dev-cf-space)) - OPENSEARCH_NODE_APP_NAME: ((dev-test-opensearch-node-app-name)) - DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) - PROXY_APP_NAME: ((dev-test-auth-proxy-app-name)) +# - put: cf-dev +# params: +# path: src +# manifest: src/cf/proxy-manifest.yml +# vars: +# cf_url: ((dev-cf-api-url)) +# uaa_auth_url: ((dev-uaa-auth-url)) +# uaa_base_url: ((dev-uaa-base-url)) +# uaa_client_id: ((dev-uaa-test-client-id)) +# uaa_client_secret: ((dev-uaa-test-client-secret)) +# secret_key: ((dev-secret-key)) +# session_lifetime: "3600" +# public_route: ((dev-test-public-url)) +# dashboard_url: ((dev-test-dashboard-url)) +# auth_proxy_app_name: ((dev-test-auth-proxy-app-name)) +# auth_proxy_num_instances: ((dev-test-auth-proxy-num-instances)) + +# - task: update-networking +# image: general-task +# config: +# platform: linux +# inputs: +# - name: src +# run: +# path: src/ci/update-networking.sh +# params: &dev-cf-auth-params +# CF_API_URL: ((dev-cf-api-url)) +# CF_USERNAME: ((dev-cf-username)) +# CF_PASSWORD: ((dev-cf-password)) +# CF_ORGANIZATION: ((dev-cf-organization)) +# CF_SPACE: ((dev-cf-space)) +# OPENSEARCH_NODE_APP_NAME: ((dev-test-opensearch-node-app-name)) +# DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) +# PROXY_APP_NAME: ((dev-test-auth-proxy-app-name)) - name: e2e plan: @@ -119,7 +119,7 @@ jobs: - get: src params: {depth: 1} trigger: true - passed: [deploy-test-apps] + passed: [test] - get: general-task - task: provision-cf-access image: general-task From 2b43dfcf5ea9608bbb20bb92c3c840094f04771b Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:15:55 -0400 Subject: [PATCH 88/98] temporarily skip deploying apps --- ci/pipeline.yml | 120 ++++++++++++++++++++++++------------------------ 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 993fad0..c2a06d6 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -51,67 +51,67 @@ jobs: tag_as_latest: true cache: true -# - name: deploy-test-apps -# plan: -# - in_parallel: -# - get: src -# params: {depth: 1} -# trigger: true -# passed: [test] -# - get: general-task -# - get: dev-opensearch-image -# trigger: true -# - get: dev-opensearch-dashboards-image -# trigger: true - -# - put: cf-dev -# params: -# manifest: src/cf/opensearch-node-manifest.yml -# vars: -# opensearch_node_app_name: ((dev-test-opensearch-node-app-name)) -# opensearch_password: ((opensearch-admin-password)) - -# - put: cf-dev -# params: -# manifest: src/cf/opensearch-dashboards-manifest.yml -# vars: -# dashboards_app_name: ((dev-test-opensearch-dashboards-app-name)) -# opensearch_password: ((opensearch-admin-password)) +- name: deploy-test-apps + plan: + - in_parallel: + - get: src + params: {depth: 1} + trigger: true + passed: [test] + - get: general-task + - get: dev-opensearch-image + trigger: true + - get: dev-opensearch-dashboards-image + trigger: true + + - put: cf-dev + params: + manifest: src/cf/opensearch-node-manifest.yml + vars: + opensearch_node_app_name: ((dev-test-opensearch-node-app-name)) + opensearch_password: ((opensearch-admin-password)) + + - put: cf-dev + params: + manifest: src/cf/opensearch-dashboards-manifest.yml + vars: + dashboards_app_name: ((dev-test-opensearch-dashboards-app-name)) + opensearch_password: ((opensearch-admin-password)) -# - put: cf-dev -# params: -# path: src -# manifest: src/cf/proxy-manifest.yml -# vars: -# cf_url: ((dev-cf-api-url)) -# uaa_auth_url: ((dev-uaa-auth-url)) -# uaa_base_url: ((dev-uaa-base-url)) -# uaa_client_id: ((dev-uaa-test-client-id)) -# uaa_client_secret: ((dev-uaa-test-client-secret)) -# secret_key: ((dev-secret-key)) -# session_lifetime: "3600" -# public_route: ((dev-test-public-url)) -# dashboard_url: ((dev-test-dashboard-url)) -# auth_proxy_app_name: ((dev-test-auth-proxy-app-name)) -# auth_proxy_num_instances: ((dev-test-auth-proxy-num-instances)) - -# - task: update-networking -# image: general-task -# config: -# platform: linux -# inputs: -# - name: src -# run: -# path: src/ci/update-networking.sh -# params: &dev-cf-auth-params -# CF_API_URL: ((dev-cf-api-url)) -# CF_USERNAME: ((dev-cf-username)) -# CF_PASSWORD: ((dev-cf-password)) -# CF_ORGANIZATION: ((dev-cf-organization)) -# CF_SPACE: ((dev-cf-space)) -# OPENSEARCH_NODE_APP_NAME: ((dev-test-opensearch-node-app-name)) -# DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) -# PROXY_APP_NAME: ((dev-test-auth-proxy-app-name)) + - put: cf-dev + params: + path: src + manifest: src/cf/proxy-manifest.yml + vars: + cf_url: ((dev-cf-api-url)) + uaa_auth_url: ((dev-uaa-auth-url)) + uaa_base_url: ((dev-uaa-base-url)) + uaa_client_id: ((dev-uaa-test-client-id)) + uaa_client_secret: ((dev-uaa-test-client-secret)) + secret_key: ((dev-secret-key)) + session_lifetime: "3600" + public_route: ((dev-test-public-url)) + dashboard_url: ((dev-test-dashboard-url)) + auth_proxy_app_name: ((dev-test-auth-proxy-app-name)) + auth_proxy_num_instances: ((dev-test-auth-proxy-num-instances)) + + - task: update-networking + image: general-task + config: + platform: linux + inputs: + - name: src + run: + path: src/ci/update-networking.sh + params: &dev-cf-auth-params + CF_API_URL: ((dev-cf-api-url)) + CF_USERNAME: ((dev-cf-username)) + CF_PASSWORD: ((dev-cf-password)) + CF_ORGANIZATION: ((dev-cf-organization)) + CF_SPACE: ((dev-cf-space)) + OPENSEARCH_NODE_APP_NAME: ((dev-test-opensearch-node-app-name)) + DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) + PROXY_APP_NAME: ((dev-test-auth-proxy-app-name)) - name: e2e plan: From 30f991744e818709f4f981f3ce330cbf1f54b726 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:21:37 -0400 Subject: [PATCH 89/98] go back to using hardened image --- ci/pipeline.yml | 12 +++++++++++- dev | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index c2a06d6..6a0afd2 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -121,6 +121,7 @@ jobs: trigger: true passed: [test] - get: general-task + - get: playwright-python - task: provision-cf-access image: general-task config: @@ -182,7 +183,7 @@ jobs: DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) - task: e2e-tests - image: general-task + image: playwright-python config: inputs: - name: src @@ -271,6 +272,15 @@ resources: aws_region: us-gov-west-1 tag: latest +- name: playwright-python + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: playwright-python + aws_region: us-gov-west-1 + tag: latest + ############################ # RESOURCE TYPES diff --git a/dev b/dev index 7920535..16b9139 100755 --- a/dev +++ b/dev @@ -88,7 +88,7 @@ set_up_ci_environment () { ${python} -m pip install -r dev-requirements.txt # do this again for syncs that might involve deletions ${python} -m piptools sync requirements.txt dev-requirements.txt - ${python} -m playwright install --with-deps firefox + ${python} -m playwright install firefox } set_up_environment () { From 4ccd1a41f27b9118fe9400eefb287f2a2235e810 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:30:39 -0400 Subject: [PATCH 90/98] refactor pipeline steps --- ci/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 6a0afd2..7f22e73 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -119,7 +119,7 @@ jobs: - get: src params: {depth: 1} trigger: true - passed: [test] + passed: [deploy-test-apps] - get: general-task - get: playwright-python - task: provision-cf-access From 542f27990318fd43df6afc062e222588c4d74483 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:35:39 -0400 Subject: [PATCH 91/98] add notifications to pipeline --- ci/pipeline.yml | 60 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 7f22e73..d1983cf 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -10,6 +10,15 @@ jobs: file: src/ci/pipeline.yml var_files: - src/ci/config.yml + on_failure: + put: slack + params: &slack-failure-params + text: | + :x: Failed to reconfigure pipeline + <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> + channel: ((slack-channel-failure)) + username: ((slack-username)) + icon_url: ((slack-icon-url)) - name: test plan: @@ -27,6 +36,21 @@ jobs: platform: linux run: path: src/ci/test.sh + on_failure: + put: slack + params: + <<: *&slack-failure-params + text: | + :x: Tests FAILED on opensearch-dashboards-cf-auth-proxy + <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> + on_success: + put: slack + params: &slack-success-params + <<: *slack-failure-params + channel: ((slack-channel-success)) + text: | + :white_check_mark: Tests PASSED onopensearch-dashboards-cf-auth-proxy + <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> - name: build-test-images plan: @@ -50,6 +74,13 @@ jobs: dockerfile: src/docker/opensearch_dashboards/dockerfile tag_as_latest: true cache: true + on_failure: + put: slack + params: + <<: *&slack-failure-params + text: | + :x: FAILED to build test images + <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> - name: deploy-test-apps plan: @@ -112,6 +143,20 @@ jobs: OPENSEARCH_NODE_APP_NAME: ((dev-test-opensearch-node-app-name)) DASHBOARDS_APP_NAME: ((dev-test-opensearch-dashboards-app-name)) PROXY_APP_NAME: ((dev-test-auth-proxy-app-name)) + on_failure: + put: slack + params: + <<: *slack-failure-params + text: | + :x: FAILED to deploy apps + <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> + on_success: + put: slack + params: + <<: *slack-success-params + text: | + :white_check_mark: Successfully deployed apps + <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> - name: e2e plan: @@ -209,6 +254,21 @@ jobs: TEST_USER_4_USERNAME: ((dev-test-user-4-username)) TEST_USER_4_PASSWORD: ((dev-test-user-4-password)) TEST_USER_4_TOTP_SEED: ((dev-test-user-4-totp-seed)) + on_failure: + put: slack + params: + <<: *slack-failure-params + text: | + :x: e2e tests FAILED + <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> + on_success: + put: slack + params: + <<: *slack-success-params + text: | + :white_check_mark: e2e tests SUCCEEDED + <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> + ########################## # RESOURCES From 5c95b97616c26545facdfc6c52828cdab6ceeeea Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:36:38 -0400 Subject: [PATCH 92/98] fix pipeline --- ci/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index d1983cf..c14855e 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -39,7 +39,7 @@ jobs: on_failure: put: slack params: - <<: *&slack-failure-params + <<: *slack-failure-params text: | :x: Tests FAILED on opensearch-dashboards-cf-auth-proxy <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> From 12103aceb2bf0b82ba9279c2128e687f4d648769 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:38:31 -0400 Subject: [PATCH 93/98] fix pipeline --- ci/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index c14855e..410948e 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -77,7 +77,7 @@ jobs: on_failure: put: slack params: - <<: *&slack-failure-params + <<: *slack-failure-params text: | :x: FAILED to build test images <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details> From c79ffa42c4b61219b9b9cf7d206652ef22cdca57 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:41:35 -0400 Subject: [PATCH 94/98] add slack resource --- ci/pipeline.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 410948e..2d1a540 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -341,6 +341,11 @@ resources: aws_region: us-gov-west-1 tag: latest +- name: slack + type: slack-notification + source: + url: ((slack-webhook-url)) + ############################ # RESOURCE TYPES From bac036ae65022f8e51baa0e4e081a0ff627f1756 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 22 Mar 2024 17:42:55 -0400 Subject: [PATCH 95/98] add slack notification resource type --- ci/pipeline.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 2d1a540..7fe1ee6 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -385,3 +385,12 @@ resource_types: repository: cf-resource aws_region: us-gov-west-1 tag: latest + +- name: slack-notification + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: slack-notification-resource + aws_region: us-gov-west-1 + tag: latest From 7fc18fbdd2c8e4335cefe34056bdfa07695e54dd Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Mon, 25 Mar 2024 10:55:29 -0400 Subject: [PATCH 96/98] update memory for test-auth-proxy app to 2G --- cf/proxy-manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/proxy-manifest.yml b/cf/proxy-manifest.yml index 6962b9f..6ff9452 100644 --- a/cf/proxy-manifest.yml +++ b/cf/proxy-manifest.yml @@ -25,4 +25,4 @@ applications: UAA_CLIENT_SECRET: ((uaa_client_secret)) SECRET_KEY: ((secret_key)) SESSION_LIFETIME: ((session_lifetime)) - memory: 1G + memory: 2G From f19d43e5014f45a559bfd21bb2f6ba8ee0fb2428 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Mon, 25 Mar 2024 11:11:28 -0400 Subject: [PATCH 97/98] update FLASK_ENV to production --- cf/proxy-manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/proxy-manifest.yml b/cf/proxy-manifest.yml index 6ff9452..6036f94 100644 --- a/cf/proxy-manifest.yml +++ b/cf/proxy-manifest.yml @@ -15,7 +15,7 @@ applications: routes: - route: ((public_route)) env: - FLASK_ENV: local + FLASK_ENV: production DASHBOARD_URL: ((dashboard_url)) CF_ADMIN_GROUP_NAME: "cloud_controller.admin" CF_API_URL: ((cf_url)) From 1e70be7f1bb4f877a55f10c26df2d0f9e3924006 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Mon, 25 Mar 2024 11:41:44 -0400 Subject: [PATCH 98/98] update branch for source code back to main --- ci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/config.yml b/ci/config.yml index d744c19..285f18a 100644 --- a/ci/config.yml +++ b/ci/config.yml @@ -1,2 +1,2 @@ proxy-src-code-uri: https://github.com/cloud-gov/opensearch-dashboards-cf-auth-proxy -proxy-src-code-branch: fix-e2e-tests +proxy-src-code-branch: main