Undo security test workflow changes.

Signed-off-by: AWSHurneyt <[email protected]>
AWSHurneyt · Feb 25, 2025 · e6bcfe4 · e6bcfe4
1 parent 8ccdadc
commit e6bcfe4
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 32 deletions.
diff --git a/.github/workflows/security-notifications-test-workflow.yml b/.github/workflows/security-notifications-test-workflow.yml
@@ -7,53 +7,94 @@ name: Security Test and Build Notifications
 
 on: [push, pull_request]
 
+env:
+  ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+
 jobs:
-  Get-CI-Image-Tag:
-    uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
-    with:
-      product: opensearch
-
-  security-test:
-    needs: Get-CI-Image-Tag
-    # This job runs on Linux
+  build:
     strategy:
       # This setting says that all jobs should finish, even if one fails
       fail-fast: false
       matrix:
-        java: [ 21, 23 ]
+        java: [21, 23]
         os:
           - ubuntu-24.04-arm  # arm64-preview
           - ubuntu-24.04  # x64
+
     runs-on: ${{ matrix.os }}
-    container:
-      # using the same image which is used by opensearch-build team to build the OpenSearch Distribution
-      # this image tag is subject to change as more dependencies and updates will arrive over time
-      image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
-      options: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-options }}
 
     steps:
-      - name: Run start commands
-        run: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-command }}
-
-      # This step uses the setup-java Github action: https://github.com/actions/setup-java
       - name: Set up JDK ${{ matrix.java }}
         uses: actions/setup-java@v4
         with:
           distribution: temurin # Temurin is a distribution of adoptium
           java-version: ${{ matrix.java }}
 
+      # notifications
       - name: Checkout Notifications
         uses: actions/checkout@v4
 
-      - name: Security-enabled Notification Tests for OS ${{ matrix.os }} & JDK ${{ matrix.java }}
+      # Temporarily exclude tests which causing CI to fail. Tracking in #251
+      - name: Build with Gradle
+        # Only assembling since the full build is governed by other workflows
         run: |
-          pwd
-          chown -R 1000:1000 `pwd`
-          su `id -un 1000` -c "./gradlew integTest -Dsecurity=true -Dhttps=true --tests '*IT'"
-      - name: Upload failed logs
-        uses: actions/upload-artifact@v4
-        if: failure()
-        with:
-          name: logs
-          overwrite: 'true'
-          path: build/testclusters/integTest-*/logs/*
+          cd notifications
+          ./gradlew assemble
+
+      - name: Pull and Run Docker
+        run: |
+          plugin_core=`basename $(ls notifications/core/build/distributions/*.zip)`
+          plugin=`basename $(ls notifications/notifications/build/distributions/*.zip)`
+          list_of_files=`ls`
+          list_of_all_files=`ls notifications/core/build/distributions/`
+          version=`echo $plugin|awk -F- '{print $3}'| cut -d. -f 1-3`
+          plugin_version=`echo $plugin|awk -F- '{print $3}'| cut -d. -f 1-4`
+          qualifier=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-1`
+          candidate_version=`echo $plugin|awk -F- '{print $5}'| cut -d. -f 1-1`
+          docker_version=$version
+
+          [[ -z $candidate_version ]] && candidate_version=$qualifier && qualifier=""
+
+          echo plugin version plugin_version qualifier candidate_version docker_version
+          echo "($plugin) ($version) ($plugin_version) ($qualifier) ($candidate_version) ($docker_version)"
+          echo $ls $list_of_all_files
+
+          if docker pull opensearchstaging/opensearch:$docker_version
+          then
+            echo "FROM opensearchstaging/opensearch:$docker_version" >> Dockerfile
+            # Making the removal of the existing plugins in the docker image conditional in case this workflow is running before the new version of the plugins are published to the Docker image
+            echo "RUN if /usr/share/opensearch/bin/opensearch-plugin list | grep -q 'opensearch-notifications$'; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-notifications; fi" >> Dockerfile
+            echo "RUN if /usr/share/opensearch/bin/opensearch-plugin list | grep -q 'opensearch-notifications-core$'; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-notifications-core; fi" >> Dockerfile
+            echo "ADD notifications/core/build/distributions/$plugin_core /tmp/" >> Dockerfile
+            echo "RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/$plugin_core" >> Dockerfile
+            echo "ADD notifications/notifications/build/distributions/$plugin /tmp/" >> Dockerfile
+            echo "RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/$plugin" >> Dockerfile
+            docker build -t opensearch-notifications:test .
+            echo "imagePresent=true" >> $GITHUB_ENV
+          else
+            echo "imagePresent=false" >> $GITHUB_ENV
+          fi
+
+      - name: Run Docker Image
+        if: env.imagePresent == 'true'
+        run: |
+          cd ..
+          container_id=`docker run -p 9200:9200 -d -p 9600:9600 -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" -e "discovery.type=single-node" opensearch-notifications:test`
+          sleep 120
+          echo `docker logs $container_id`
+      - name: Run Notification Test for security enabled test cases
+        if: env.imagePresent == 'true'
+        run: |
+          container_id=`docker ps -q`
+          plugins=`docker exec $container_id /usr/share/opensearch/bin/opensearch-plugin list`
+          echo "plugins: $plugins" 
+          security=`echo $plugins | grep opensearch-security | wc -l`
+          if [ $security -gt 0 ]
+          then
+            echo "Security plugin is available"
+            cd notifications
+            ./gradlew integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dhttps=true -Duser=admin -Dpassword=myStrongPassword123!
+          else
+            echo "Security plugin is NOT available skipping this run as tests without security have already been run"
+            exit 1
+          fi
diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/PluginRestTestCase.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/PluginRestTestCase.kt
@@ -39,7 +39,7 @@ import javax.management.remote.JMXServiceURL
 abstract class PluginRestTestCase : OpenSearchRestTestCase() {
 
     protected fun isHttps(): Boolean {
-        return System.getProperty("https")?.equals("true", ignoreCase = true) ?: false
+        return System.getProperty("https", "false")!!.toBoolean()
     }
 
     protected fun isLocalHost(): Boolean {
@@ -111,9 +111,9 @@ abstract class PluginRestTestCase : OpenSearchRestTestCase() {
             return when (keystore != null) {
                 true -> {
                     // create adminDN (super-admin) client
-                    val uri = javaClass.classLoader.getResource("sample.pem").toURI()
+                    val uri = javaClass.classLoader.getResource("security/sample.pem").toURI()
                     val configPath = PathUtils.get(uri).parent.toAbsolutePath()
-                    SecureRestClientBuilder(settings, configPath, hosts)
+                    SecureRestClientBuilder(settings, configPath)
                         .setSocketTimeout(60000)
                         .setConnectionRequestTimeout(180000)
                         .build()