Merge branch 'main' into ism

.github/workflows/backport.yml

@@ -7,6 +7,7 @@ on:
 
 jobs:
   backport:
+    if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -15,14 +16,15 @@ jobs:
     steps:
       - name: GitHub App token
         id: github_app_token
-        uses: tibdex/github-app-token@v1.5.0
+        uses: tibdex/github-app-token@v2.1.0
         with:
           app_id: ${{ secrets.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
           installation_id: 22958780
 
       - name: Backport
-        uses: VachaShah/backport@v1.1.4
+        uses: VachaShah/backport@v2.2.0
         with:
           github_token: ${{ steps.github_app_token.outputs.token }}
-          branch_name: backport/backport-${{ github.event.number }}
+          head_template: backport/backport-<%= number %>-to-<%= base %>
+          failure_labels: backport-failed

.github/workflows/integration-test.yml

@@ -78,7 +78,7 @@ jobs:
           sudo rm -rf "$AGENT_TOOLSDIRECTORY"
 
       - id: install-dashboards
-        uses: derek-ho/setup-opensearch-dashboards@v1
+        uses: derek-ho/setup-opensearch-dashboards@v3
         with:
           plugin_name: security-dashboards-plugin
 

.github/workflows/unit-test.yml

@@ -20,7 +20,7 @@ jobs:
         uses: actions/checkout@v2
 
       - id: install-dashboards
-        uses: derek-ho/setup-opensearch-dashboards@v1
+        uses: derek-ho/setup-opensearch-dashboards@v3
         with:
            plugin_name: security-dashboards-plugin
 

DEVELOPER_GUIDE.md

@@ -92,11 +92,13 @@ Next, go to the base directory (`cd ../..`) and run `yarn osd bootstrap` to inst
 
 From the base directory, run `yarn start`. This should start dashboard UI successfully. `Cmd+click` the url in the console output (It should look something like `http://0:5601/omf`). Once the page loads, you should be able to log in with user `admin` and password `admin`.
 
-## Integration Tests
+## Testing
 
-To run selenium based integration tests, download and export the firefox web-driver to your PATH. Also, run `node scripts/build_opensearch_dashboards_platform_plugins.js` or `yarn start` before running the tests. This is essential to generate the bundles.
+The security-dashboards-plugin project uses Jest for unit and integration tests and Cypress for end to end tests. To run frontend unit tests run `yarn test:jest_ui`. To run Cypress tests that live in this repo either use `yarn cypress:run` or `yarn cypress:open`. To run the Cypress tests that live in the [OpenSearch Dashboards Functional Test]( https://github.com/opensearch-project/opensearch-dashboards-functional-test) project first make sure you have OpenSearch and OpenSearch Dashboards running with the Security Plugin and that you can log in to it using a web browser. Then clone [OpenSearch Dashboards Functional Test]( https://github.com/opensearch-project/opensearch-dashboards-functional-test)  in your local machine and follow the instructions in its DEVELOPER_GUIDE.md
 
-The integration tests take advantage of [npm "pre" scripts](https://docs.npmjs.com/cli/v9/using-npm/scripts) to run a node based SAML IdP for integration tests related to SAML authentication. This will run a background process that listens on port 7000. 
+### Integration Tests 
+
+The integration tests take advantage of [npm "pre" scripts](https://docs.npmjs.com/cli/v9/using-npm/scripts) to run a node based SAML IdP for integration tests related to SAML authentication. This will run a background process that listens on port 7000. Then run `yarn test:jest_server`. 
 
 ## Submitting Changes
 

common/index.ts

@@ -15,6 +15,13 @@
 
 export const PLUGIN_ID = 'opensearchDashboardsSecurity';
 export const PLUGIN_NAME = 'security-dashboards-plugin';
+export const PLUGIN_GET_STARTED_APP_ID = `${PLUGIN_NAME}_getstarted`;
+export const PLUGIN_AUTH_APP_ID = `${PLUGIN_NAME}_auth`;
+export const PLUGIN_ROLES_APP_ID = `${PLUGIN_NAME}_roles`;
+export const PLUGIN_USERS_APP_ID = `${PLUGIN_NAME}_users`;
+export const PLUGIN_PERMISSIONS_APP_ID = `${PLUGIN_NAME}_permissions`;
+export const PLUGIN_TENANTS_APP_ID = `${PLUGIN_NAME}_tenants`;
+export const PLUGIN_AUDITLOG_APP_ID = `${PLUGIN_NAME}_auditlog`;
 
 export const APP_ID_LOGIN = 'login';
 export const APP_ID_CUSTOMERROR = 'customerror';
@@ -70,7 +77,6 @@ export enum AuthType {
 export enum ResourceType {
   roles = 'roles',
   users = 'users',
-  serviceAccounts = 'serviceAccounts',
   permissions = 'permissions',
   tenants = 'tenants',
   tenantsManageTab = 'tenantsManageTab',

opensearch_dashboards.json

@@ -15,5 +15,9 @@
     "dataSourceManagement"
   ],
   "server": true,
-  "ui": true
+  "ui": true,
+  "supportedOSDataSourceVersions": ">=1.0.0",
+  "requiredOSDataSourcePlugins": [
+    "opensearch-security"
+  ]
 }

package.json

@@ -44,7 +44,9 @@
     "@hapi/cryptiles": "5.0.0",
     "@hapi/wreck": "^17.1.0",
     "html-entities": "1.3.1",
-    "zxcvbn": "^4.4.2"
+    "proxy-agent": "^6.4.0",
+    "zxcvbn": "^4.4.2",
+    "semver": "^7.5.3"
   },
   "resolutions": {
     "selenium-webdriver": "4.10.0",

public/apps/configuration/app-router.tsx

@@ -36,16 +36,15 @@ import { RoleEditMappedUser } from './panels/role-mapping/role-edit-mapped-user'
 import { RoleView } from './panels/role-view/role-view';
 import { TenantList } from './panels/tenant-list/tenant-list';
 import { UserList } from './panels/user-list';
-import { ServiceAccountList } from './panels/service-account-list';
 import { Action, RouteItem, SubAction } from './types';
 import { ResourceType } from '../../../common';
 import { buildHashUrl, buildUrl } from './utils/url-builder';
 import { CrossPageToast } from './cross-page-toast';
-import { getDataSourceFromUrl } from '../../utils/datasource-utils';
+import { getDataSourceFromUrl, LocalCluster } from '../../utils/datasource-utils';
 
 const LANDING_PAGE_URL = '/getstarted';
 
-const ROUTE_MAP: { [key: string]: RouteItem } = {
+export const ROUTE_MAP: { [key: string]: RouteItem } = {
   getStarted: {
     name: 'Get Started',
     href: LANDING_PAGE_URL,
@@ -58,10 +57,6 @@ const ROUTE_MAP: { [key: string]: RouteItem } = {
     name: 'Internal users',
     href: buildUrl(ResourceType.users),
   },
-  [ResourceType.serviceAccounts]: {
-    name: 'Service Accounts',
-    href: buildUrl(ResourceType.serviceAccounts),
-  },
   [ResourceType.permissions]: {
     name: 'Permissions',
     href: buildUrl(ResourceType.permissions),
@@ -90,7 +85,6 @@ const getRouteList = (multitenancyEnabled: boolean) => {
     ROUTE_MAP[ResourceType.auth],
     ROUTE_MAP[ResourceType.roles],
     ROUTE_MAP[ResourceType.users],
-    ROUTE_MAP[ResourceType.serviceAccounts],
     ROUTE_MAP[ResourceType.permissions],
     ...(multitenancyEnabled ? [ROUTE_MAP[ResourceType.tenants]] : []),
     ROUTE_MAP[ResourceType.auditLogging],
@@ -151,8 +145,6 @@ export interface DataSourceContextType {
   setDataSource: React.Dispatch<React.SetStateAction<DataSourceOption>>;
 }
 
-export const LocalCluster = { label: 'Local cluster', id: '' };
-
 export const DataSourceContext = createContext<DataSourceContextType | null>(null);
 
 export function AppRouter(props: AppDependencies) {
@@ -167,14 +159,15 @@ export function AppRouter(props: AppDependencies) {
     <DataSourceContext.Provider value={{ dataSource, setDataSource }}>
       <Router>
         <EuiPage>
-          {allNavPanelUrls(multitenancyEnabled).map((route) => (
-            // Create different routes to update the 'selected' nav item .
-            <Route key={route} path={route} exact>
-              <EuiPageSideBar>
-                <NavPanel items={getRouteList(multitenancyEnabled)} />
-              </EuiPageSideBar>
-            </Route>
-          ))}
+          {!props.coreStart.chrome.navGroup.getNavGroupEnabled() &&
+            allNavPanelUrls(multitenancyEnabled).map((route) => (
+              // Create different routes to update the 'selected' nav item .
+              <Route key={route} path={route} exact>
+                <EuiPageSideBar>
+                  <NavPanel items={getRouteList(multitenancyEnabled)} />
+                </EuiPageSideBar>
+              </Route>
+            ))}
           <EuiPageBody>
             <Switch>
               <Route
@@ -234,13 +227,6 @@ export function AppRouter(props: AppDependencies) {
                   return <UserList {...props} />;
                 }}
               />
-              <Route
-                path={ROUTE_MAP.serviceAccounts.href}
-                render={() => {
-                  setGlobalBreadcrumbs(ResourceType.serviceAccounts);
-                  return <ServiceAccountList {...props} />;
-                }}
-              />
               <Route
                 path={buildUrl(ResourceType.auditLogging) + SUB_URL_FOR_GENERAL_SETTINGS_EDIT}
                 render={() => {
@@ -294,7 +280,7 @@ export function AppRouter(props: AppDependencies) {
                   }}
                 />
               )}
-              <Redirect exact from="/" to={LANDING_PAGE_URL} />
+              <Redirect exact from="/" to={props.redirect} />
             </Switch>
           </EuiPageBody>
           <CrossPageToast />

public/apps/configuration/configuration-app.tsx

@@ -28,6 +28,7 @@ export function renderApp(
   depsStart: SecurityPluginStartDependencies,
   params: AppMountParameters,
   config: ClientConfigType,
+  redirect: string,
   dataSourceManagement?: DataSourceManagementPluginSetup
 ) {
   const deps = {
@@ -36,6 +37,7 @@ export function renderApp(
     params,
     config,
     dataSourceManagement,
+    redirect,
   };
   ReactDOM.render(
     <I18nProvider>

public/apps/configuration/constants.tsx

@@ -25,8 +25,6 @@ export const API_ENDPOINT_MULTITENANCY = API_PREFIX + '/multitenancy/tenant';
 export const API_ENDPOINT_TENANCY_CONFIGS = API_ENDPOINT + '/tenancy/config';
 export const API_ENDPOINT_SECURITYCONFIG = API_ENDPOINT + '/securityconfig';
 export const API_ENDPOINT_INTERNALUSERS = API_ENDPOINT + '/internalusers';
-export const API_ENDPOINT_INTERNALACCOUNTS = API_ENDPOINT + '/internalaccounts';
-export const API_ENDPOINT_SERVICEACCOUNTS = API_ENDPOINT + '/serviceaccounts';
 export const API_ENDPOINT_AUDITLOGGING = API_ENDPOINT + '/audit';
 export const API_ENDPOINT_AUDITLOGGING_UPDATE = API_ENDPOINT_AUDITLOGGING + '/config';
 export const API_ENDPOINT_PERMISSIONS_INFO = API_PREFIX + '/restapiinfo';

public/apps/configuration/panels/role-mapping/role-edit-mapped-user.tsx

@@ -91,9 +91,7 @@ export function RoleEditMappedUser(props: RoleEditMappedUserProps) {
   React.useEffect(() => {
     const fetchInternalUserNames = async () => {
       try {
-        setUserNames(
-          await fetchUserNameList(props.coreStart.http, ResourceType.users, dataSource.id)
-        );
+        setUserNames(await fetchUserNameList(props.coreStart.http, dataSource.id));
       } catch (e) {
         addToast(createUnknownErrorToast('fetchInternalUserNames', 'load data'));
         console.error(e);