Skip to content

Commit

Permalink
Merge branch 'main' into cypress_new
Browse files Browse the repository at this point in the history
  • Loading branch information
ananzh authored Dec 12, 2023
2 parents ef7a107 + f27a031 commit d81d101
Show file tree
Hide file tree
Showing 13 changed files with 161 additions and 10 deletions.
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -1 +1 @@
* @ananzh @kavilla @seanneumann @AMoo-Miki @ashwin-pc @joshuarrrr @abbyhu2000 @zengyan-amazon @kristenTian @zhongnansu @manasvinibs @ZilongX @Flyingliuhub @BSFishy @curq @bandinib-amzn
* @ananzh @kavilla @seanneumann @AMoo-Miki @ashwin-pc @joshuarrrr @abbyhu2000 @zengyan-amazon @kristenTian @zhongnansu @manasvinibs @ZilongX @Flyingliuhub @BSFishy @curq @bandinib-amzn @SuZhou-Joe
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- [BUG] Add platform "darwin-arm64" to unit test ([#5290](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5290))
- [BUG][Dev Tool] Add dev tool documentation link to dev tool's help menu [#5166](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5166)
- Fix missing border for header navigation control on right ([#5450](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5450))
- [BUG] Fix filtering issue in data source selector ([5484](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5484))
- [BUG][Data] Support for custom filters with heterogeneous data fields ([5577](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5577))

### 🚞 Infrastructure

Expand All @@ -39,6 +41,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Add an achievement badger to the PR ([#3721](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3721))
- [CI] Enable inputs for manually triggered Cypress test jobs ([#5134](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5134))
- [CI] Replace usage of deprecated `set-output` in workflows ([#5340](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5340))
- [Chore] Add `--security` for `opensearch snapshot` and `opensearch_dashboards` to configure local setup with the security plugin ([#5451](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5451))

### 📝 Documentation

Expand All @@ -54,6 +57,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Bump `js-yaml` from `3.14.0` to `4.1.0` ([#3770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3770))
- Replace `node-sass` with `sass-embedded` ([#5338](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5338))
- Bump `chromedriver` from `107.0.3` to `119.0.1` ([#5465](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5465))
- Add @SuZhou-Joe as a maintainer. ([#5594](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5594))

### 🪛 Refactoring

Expand Down
15 changes: 14 additions & 1 deletion DEVELOPER_GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -252,10 +252,11 @@ Options:
-E Additional key=value settings to pass to OpenSearch
--download-only Download the snapshot but don't actually start it
--ssl Sets up SSL on OpenSearch
--security Installs and sets up OpenSearch Security plugin on the cluster
--P OpenSearch plugin artifact URL to install it on the cluster.

```bash
$ yarn opensearch snapshot --version 2.2.0 -E cluster.name=test -E path.data=/tmp/opensearch-data --P org.opensearch.plugin:test-plugin:2.2.0.0 --P file:/home/user/opensearch-test-plugin-2.2.0.0.zip
$ yarn opensearch snapshot --version 2.2.0 -E cluster.name=test -E path.data=/tmp/opensearch-data --P org.opensearch.plugin:test-plugin:2.2.0.0 --P file:/home/user/opensearch-test-plugin-2.2.0.0.zip --security
```

#### Read Only capabilities
Expand All @@ -281,6 +282,18 @@ This method can also be used to develop against the [full distribution of OpenSe

_This step is only mandatory if you have the [`security` plugin](https://github.com/opensearch-project/security) installed on your OpenSearch cluster with https/authentication enabled._

> 1. Run `export initialAdminPassword=<initial admin password>` since it's needed by the configuration script
> 2. Run `yarn opensearch snapshot --security`
> 3. Wait a few seconds while the plugin is installed, configured, and OpenSearch starts up.
Then within another window. You can start:

> 1. Run `export OPENSEARCH_USERNAME=admin`
> 2. Run `export OPENSEARCH_PASSWORD=<initial admin password>`
> 3. Optional: Run `export OPENSEARCH_SECURITY_READONLY_ROLE=<read only role>`
> 4. Run `yarn start:security`
> 5. Navigate to OpenSearch Dashboards and login with the above username and password.
Once the bootstrap of OpenSearch Dashboards is finished, you need to apply some
changes to the default [`opensearch_dashboards.yml`](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml#L25-L72) in order to connect to OpenSearch.

Expand Down
1 change: 1 addition & 0 deletions MAINTAINERS.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ This document contains a list of maintainers in this repo. See [opensearch-proje
| Matt Provost | [BSFishy](https://github.com/BSFishy) | Amazon |
| Sirazh Gabdullin | [curq](https://github.com/curq) | External contributor |
| Bandini Bhopi | [bandinib-amzn](https://github.com/bandinib-amzn) | Amazon |
| Su Zhou | [SuZhou-Joe](https://github.com/SuZhou-Joe) | Amazon |

## Emeritus

Expand Down
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@
"build": "scripts/use_node scripts/build --all-platforms",
"start": "scripts/use_node scripts/opensearch_dashboards --dev",
"start:docker": "scripts/use_node scripts/opensearch_dashboards --dev --opensearch.hosts=$OPENSEARCH_HOSTS --opensearch.ignoreVersionMismatch=true --server.host=$SERVER_HOST",
"start:security": "scripts/use_node scripts/opensearch_dashboards --dev --security",
"debug": "scripts/use_node --nolazy --inspect scripts/opensearch_dashboards --dev",
"debug-break": "scripts/use_node --nolazy --inspect-brk scripts/opensearch_dashboards --dev",
"lint": "yarn run lint:es && yarn run lint:style",
Expand Down
7 changes: 7 additions & 0 deletions packages/osd-opensearch/src/cli_commands/snapshot.js
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ exports.help = (defaults = {}) => {
-E Additional key=value settings to pass to OpenSearch
--download-only Download the snapshot but don't actually start it
--ssl Sets up SSL on OpenSearch
--security Installs and sets up the OpenSearch Security plugin on the cluster
--P OpenSearch plugin artifact URL to install it on the cluster. We can use the flag multiple times
to install multiple plugins on the cluster snapshot. The argument value can be url to zip file, maven coordinates of the plugin
or for local zip files, use file:<followed by the absolute or relative path to the plugin zip file>.
Expand All @@ -74,6 +75,8 @@ exports.run = async (defaults = {}) => {

boolean: ['download-only'],

boolean: ['security'],

default: defaults,
});

Expand All @@ -91,6 +94,10 @@ exports.run = async (defaults = {}) => {
await cluster.installOpenSearchPlugins(installPath, options.opensearchPlugins);
}

if (options.security) {
await cluster.setupSecurity(installPath, options.version ?? defaults.version);
}

options.bundledJDK = true;

await cluster.run(installPath, options);
Expand Down
35 changes: 33 additions & 2 deletions packages/osd-opensearch/src/cluster.js
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,27 @@ const execa = require('execa');
const chalk = require('chalk');
const path = require('path');
const { downloadSnapshot, installSnapshot, installSource, installArchive } = require('./install');
const { OPENSEARCH_BIN, OPENSEARCH_PLUGIN } = require('./paths');
const { OPENSEARCH_BIN, OPENSEARCH_PLUGIN, OPENSEARCH_SECURITY_INSTALL } = require('./paths');
const { log: defaultLog, parseOpenSearchLog, extractConfigFiles, decompress } = require('./utils');
const { createCliError } = require('./errors');
const { promisify } = require('util');
const treeKillAsync = promisify(require('tree-kill'));
const { parseSettings, SettingsFilter } = require('./settings');
const { CA_CERT_PATH, OPENSEARCH_P12_PATH, OPENSEARCH_P12_PASSWORD } = require('@osd/dev-utils');
const readFile = util.promisify(fs.readFile);
const chmodAsync = util.promisify(fs.chmod);

const LATEST_ENGINE_PLUGIN_BASE_URL =
'https://ci.opensearch.org/ci/dbc/distribution-build-opensearch';

function generateEnginePluginUrl(version, plugin) {
const legacyVersion = `${version}.0`;
const [platform, type] =
process.platform === 'win32' ? ['windows', 'zip'] : [process.platform, 'tar'];
const arch = process.arch === 'arm64' ? 'arm64' : 'x64';

return `${LATEST_ENGINE_PLUGIN_BASE_URL}/${version}/latest/${platform}/${arch}/${type}/builds/opensearch/plugins/${plugin}-${legacyVersion}.zip`;
}

// listen to data on stream until map returns anything but undefined
const first = (stream, map) =>
Expand All @@ -57,9 +70,10 @@ const first = (stream, map) =>
});

exports.Cluster = class Cluster {
constructor({ log = defaultLog, ssl = false } = {}) {
constructor({ log = defaultLog, ssl = false, security = false } = {}) {
this._log = log;
this._ssl = ssl;
this._security = security;
this._caCertPromise = ssl ? readFile(CA_CERT_PATH) : undefined;
}

Expand Down Expand Up @@ -193,6 +207,23 @@ exports.Cluster = class Cluster {
}
}

/**
* Setups cluster with security demo configuration
*
* @param {string} installPath
* @property {String} version - version of OpenSearch
*/
async setupSecurity(installPath, version) {
const pluginUrl = generateEnginePluginUrl(version, 'opensearch-security');
await this.installOpenSearchPlugins(installPath, pluginUrl);
this._log.info('Setting up security');
const pluginPath = path.resolve(installPath, OPENSEARCH_SECURITY_INSTALL);
if (pluginPath) {
await chmodAsync(pluginPath, '755');
await execa(OPENSEARCH_SECURITY_INSTALL, ['-y', '-i', '-s'], { cwd: installPath });
}
}

/**
* Starts OpenSearch and returns resolved promise once started
*
Expand Down
7 changes: 7 additions & 0 deletions packages/osd-opensearch/src/paths.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ function maybeUseBat(bin) {
return os.platform().startsWith('win') ? `${bin}.bat` : bin;
}

function maybeUseBatOrShell(bin) {
return os.platform().startsWith('win') ? `${bin}.bat` : `${bin}.sh`;
}

const tempDir = os.tmpdir();

exports.BASE_PATH = path.resolve(tempDir, 'osd-opensearch');
Expand All @@ -45,3 +49,6 @@ exports.OPENSEARCH_CONFIG = 'config/opensearch.yml';

exports.OPENSEARCH_KEYSTORE_BIN = maybeUseBat('./bin/opensearch-keystore');
exports.OPENSEARCH_PLUGIN = maybeUseBat('./bin/opensearch-plugin');
exports.OPENSEARCH_SECURITY_INSTALL = maybeUseBatOrShell(
'./plugins/opensearch-security/tools/install_demo_configuration'
);
19 changes: 19 additions & 0 deletions release-notes/opensearch-dashboards.release-notes-1.3.14.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Version 1.3.14 Release Notes

### 🛡 Security

- [CVE-2023-46234] Bump `eslint-import-resolver-webpack` from `0.11.1` to `0.13.8` and `browserify-sign` from `4.2.1` to `4.2.2` ([#5414](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5414/))
- [CVE-2023-45133] Add package resolution for `@babel/traverse` to `7.23.2` to fix vulnerability ([#5309](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5309))
- [CVE-2017-16137] Bump `debug` versions via yarn updates and resolutions ([#5573](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5573))

### 📈 Features/Enhancements

### 🐛 Bug Fixes

### 🚞 Infrastructure

### 📝 Documentation

### 🛠 Maintenance

- [Version] Increment version to 1.3.14 ([#5531](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5531))
55 changes: 55 additions & 0 deletions src/cli/serve/serve.js
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,60 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
set('opensearch.hosts', opensearchHosts);
set('opensearch.ssl.certificateAuthorities', CA_CERT_PATH);
}

if (opts.security) {
const customOpenSearchHosts = opts.opensearch
? opts.opensearch.split(',')
: [].concat(get('opensearch.hosts') || []);

const opensearchHosts = (
(customOpenSearchHosts.length > 0 && customOpenSearchHosts) || ['https://localhost:9200']
).map((hostUrl) => {
const parsedUrl = new URL('', hostUrl);
return `https://localhost:${parsedUrl.port}`;
});

if (!get('opensearch.hosts')) {
set('opensearch.hosts', opensearchHosts);
}

if (!get('opensearch.ssl.verificationMode')) {
set('opensearch.ssl.verificationMode', 'none');
}

if (get('opensearch.username') === 'opensearch_dashboards_system') {
set('opensearch.username', process.env.OPENSEARCH_USERNAME);
}

if (get('opensearch.password') === 'changeme') {
set('opensearch.password', process.env.OPENSEARCH_PASSWORD);
}

if (!get('opensearch.requestHeadersWhitelist')) {
set('opensearch.requestHeadersWhitelist', ['authorization', 'securitytenant']);
}

if (!get('opensearch_security.multitenancy.enabled')) {
set('opensearch_security.multitenancy.enabled', true);
}

if (!get('opensearch_security.multitenancy.tenants.preferred')) {
set('opensearch_security.multitenancy.tenants.preferred', ['Private', 'Global']);
}

if (
!get('opensearch_security.readonly_mode.roles') &&
process.env.OPENSEARCH_SECURITY_READONLY_ROLE
) {
set('opensearch_security.readonly_mode.roles', [
process.env.OPENSEARCH_SECURITY_READONLY_ROLE,
]);
}

if (!get('opensearch_security.cookie.secure')) {
set('opensearch_security.cookie.secure', false);
}
}
}

if (opts.opensearch) set('opensearch.hosts', opts.opensearch.split(','));
Expand Down Expand Up @@ -195,6 +249,7 @@ export default function (program) {
command
.option('--dev', 'Run the server with development mode defaults')
.option('--ssl', 'Run the dev server using HTTPS')
.option('--security', 'Run the dev server using security defaults')
.option('--dist', 'Use production assets from osd/optimizer')
.option(
'--no-base-path',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,4 +66,18 @@ describe('filterMatchesIndex', () => {

expect(filterMatchesIndex(filter, indexPattern)).toBe(true);
});

it('should return false if the custom filter is a different index id', () => {
const filter = { meta: { index: 'foo', key: 'bar', type: 'custom' } } as Filter;
const indexPattern = { id: 'bar', fields: [{ name: 'foo' }] } as IIndexPattern;

expect(filterMatchesIndex(filter, indexPattern)).toBe(false);
});

it('should return true if the custom filter is the same index id', () => {
const filter = { meta: { index: 'foo', key: 'bar', type: 'custom' } } as Filter;
const indexPattern = { id: 'foo', fields: [{ name: 'barf' }] } as IIndexPattern;

expect(filterMatchesIndex(filter, indexPattern)).toBe(true);
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@
import { IIndexPattern, IFieldType } from '../../index_patterns';
import { Filter } from '../filters';

/*
* TODO: We should base this on something better than `filter.meta.key`. We should probably modify
* this to check if `filter.meta.index` matches `indexPattern.id` instead, but that's a breaking
* change.
*/
export function filterMatchesIndex(filter: Filter, indexPattern?: IIndexPattern | null) {
if (!filter.meta?.key || !indexPattern) {
return true;
}

if (filter.meta?.type === 'custom') {
return filter.meta.index === indexPattern.id;
}

return indexPattern.fields.some((field: IFieldType) => field.name === filter.meta.key);
}
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,6 @@ export const DataSourceSelectable = ({
onChange={handleSourceChange}
singleSelection={singleSelection}
isClearable={false}
async
/>
);
};

0 comments on commit d81d101

Please sign in to comment.