Skip to content

Latest commit

 

History

History
133 lines (93 loc) · 7.94 KB

DEVELOPER_GUIDE.md

File metadata and controls

133 lines (93 loc) · 7.94 KB

Developer Guide

So you want to contribute code to this project? Excellent! We're glad you're here. Here's what you need to do.

Prerequisites

This project is a plugin of OpenSearch-Dashboards. It requires an OpenSearch server running with the Security plugin installed. At the time of this writing there is a strict version check between these components, so we recommend running all of them from their respective branches with matching versions (this will also ensure they work well together before we cut a new release.)

As a prerequisite, please follow the developer guide of the Security Plugin. This will get a OpenSearch server running with security plugin enabled.

NOTE: If you are following this guide by the dot, please make sure that source code that you compile for OpenSearch project using ./gradlew localDistro is done from 1.x branch.

At present there are following branches available to choose from for the setup:

Back-end

OpenSearch
branch
Security Plugin
branch
OpenSearch
version
1.x main v1.3.0
main (under development) v2.0.0

Front-end

OpenSearch Dashboards
branch
Security Dashboards Plugin
branch
OpenSearch Dashboards
version
1.x main v1.3.0
main (under development) v2.0.0


For the sake of this guide, let's assume that the latest versions (1.3.0-SNAPSHOT for OpenSearch and OpenSearch Dashboards, and 1.3.0.0-SNAPSHOT for the backend and the frontend of this Security plugin).

Next, ensure that the config file (config/opensearch.yml) in the OpenSearch home directory where you copied the source code using the dev-guide (basically cd $OPENSEARCH_HOME) contains this:

######## Start OpenSearch Security Demo Configuration ########

#WARNING: revise all the lines below before you go into production

plugins.security.ssl.transport.pemcert_filepath: esnode.pem
plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: esnode.pem
plugins.security.ssl.http.pemkey_filepath: esnode-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem
plugins.security.allow_unsafe_democertificates: true
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- CN=kirk,OU=client,O=client,L=test, C=de

plugins.security.unsupported.restapi.allow_securityconfig_modification: true
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
node.max_local_storage_nodes: 3

######## End OpenSearch Security Demo Configuration ########

Please Note : This project runs on node 10.24.1 at the time of writing this guide (refer to the .nvmrc or .node-version file in the base directory for correct version) and so when installing node please ensure that you install this version. You can do so by running

nvm use --install

Next, checkout the 1.x branch from OpenSearch-Dashboards repo. Follow the developer guide and replace the version of opensearch-dashboards.yml there with this:

server.host: "0"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]

# Use this setting if you are running opensearch-dashboards without https
opensearch_security.cookie.secure: false


Note that at this point yarn start will fail, as we still don't have the security plugin installed in the Dashboards. We are ready to install it now.

Building

Change to the plugins directory of the locally cloned Opensearch Dashboards directory.

cd <your-path-to>/OpenSearch-Dashboards
cd plugins

Create a fork of this repo and clone it locally under the plugins directory, and build the plugin:

cd plugins
git clone git@github.com:<your-git-username>/security-dashboards-plugin.git
cd security-dashboards-plugin
yarn build

Next, go to the base directory and run yarn osd bootstrap to install any additional packages introduced by the security plugin. (If you do not run this, yarn start might fail with an error like Cannot find module xxxxx)

Now, from the base directory and run yarn start. This should start dashboard UI successfully. Cmd+click the url in the console output (It should look something like http://0:5601/omf). Once the page loads, you should be able to log in with user admin and password admin.

To run selenium based integration tests, download and export the firefox web-driver to your PATH. Also, run node scripts/build_opensearch_dashboards_platform_plugins.js or yarn start before running the tests. This is essential to generate the bundles.

Submitting Changes

See CONTRIBUTING.

Backports

The Github workflow in backport.yml creates backport PRs automatically when the original PR with an appropriate label backport <backport-branch-name> is merged to main with the backport workflow run successfully on the PR. For example, if a PR on main needs to be backported to 1.x branch, add a label backport 1.x to the PR and make sure the backport workflow runs on the PR along with other checks. Once this PR is merged to main, the workflow will create a backport PR to the 1.x branch.