From 16812681e65dc66a95a736ace78f6ce4e20c8e04 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Thu, 9 Oct 2025 12:39:54 +0200 Subject: [PATCH 01/13] extend smoke test with opensearch-dashboards --- .../kuttl/smoke/10-install-opensearch.yaml.j2 | 8 ++ tests/templates/kuttl/smoke/30-assert.yaml | 12 +++ .../30-install-opensearch-dashboards.yaml.j2 | 12 +++ .../30_opensearch-dashboards-values.yaml.j2 | 17 ++++ .../kuttl/smoke/40-create-configmap.yaml.j2 | 4 + tests/templates/kuttl/smoke/41-assert.yaml | 14 +++ .../smoke/41-install-test-container.yaml.j2 | 86 ++++++++++++++++++ tests/templates/kuttl/smoke/45-assert.yaml | 10 +++ tests/templates/kuttl/smoke/test.py | 89 +++++++++++++++++++ 9 files changed, 252 insertions(+) create mode 100644 tests/templates/kuttl/smoke/30-assert.yaml create mode 100644 tests/templates/kuttl/smoke/30-install-opensearch-dashboards.yaml.j2 create mode 100644 tests/templates/kuttl/smoke/30_opensearch-dashboards-values.yaml.j2 create mode 100644 tests/templates/kuttl/smoke/40-create-configmap.yaml.j2 create mode 100644 tests/templates/kuttl/smoke/41-assert.yaml create mode 100644 tests/templates/kuttl/smoke/41-install-test-container.yaml.j2 create mode 100644 tests/templates/kuttl/smoke/45-assert.yaml create mode 100644 tests/templates/kuttl/smoke/test.py diff --git a/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 b/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 index 1ee05fc..3cc74a1 100644 --- a/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 +++ b/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 @@ -110,6 +110,14 @@ spec: --- apiVersion: v1 kind: Secret +metadata: + name: opensearch-credentials +data: + admin: QUpWRnNHSkJicFQ2bUNobg== # AJVFsGJBbpT6mChn + kibanaserver: RTRrRU51RW1rcUgzanlIQw== # E4kENuEmkqH3jyHC +--- +apiVersion: v1 +kind: Secret metadata: name: opensearch-security-config stringData: diff --git a/tests/templates/kuttl/smoke/30-assert.yaml b/tests/templates/kuttl/smoke/30-assert.yaml new file mode 100644 index 0000000..becb010 --- /dev/null +++ b/tests/templates/kuttl/smoke/30-assert.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 600 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: opensearch-dashboards +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/smoke/30-install-opensearch-dashboards.yaml.j2 b/tests/templates/kuttl/smoke/30-install-opensearch-dashboards.yaml.j2 new file mode 100644 index 0000000..2fc16e8 --- /dev/null +++ b/tests/templates/kuttl/smoke/30-install-opensearch-dashboards.yaml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: > + helm install opensearch-dashboards opensearch-dashboards + --repo https://opensearch-project.github.io/helm-charts + --version "{{ test_scenario['values']['opensearch'].split(',')[0] }}" + --values 30_opensearch-dashboards-values.yaml + --namespace $NAMESPACE + --wait + timeout: 600 diff --git a/tests/templates/kuttl/smoke/30_opensearch-dashboards-values.yaml.j2 b/tests/templates/kuttl/smoke/30_opensearch-dashboards-values.yaml.j2 new file mode 100644 index 0000000..eb594cb --- /dev/null +++ b/tests/templates/kuttl/smoke/30_opensearch-dashboards-values.yaml.j2 @@ -0,0 +1,17 @@ +opensearchHosts: https://opensearch-nodes-cluster-manager:9200 +image: + repository: oci.stackable.tech/sdp/opensearch-dashboards + tag: {{ test_scenario['values']['opensearch'].split(',')[0] }}-stackable0.0.0-dev +service: + type: NodePort +serviceAccount: + # The Helm chart appends "-dashboards", so that the actual + # ServiceAccount name is "opensearch-dashboards". + # see https://github.com/opensearch-project/helm-charts/blob/opensearch-dashboards-2.27.1/charts/opensearch-dashboards/templates/_helpers.tpl#L58 + name: opensearch +extraEnvs: + - name: OPENSEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: opensearch-credentials + key: kibanaserver diff --git a/tests/templates/kuttl/smoke/40-create-configmap.yaml.j2 b/tests/templates/kuttl/smoke/40-create-configmap.yaml.j2 new file mode 100644 index 0000000..51b0321 --- /dev/null +++ b/tests/templates/kuttl/smoke/40-create-configmap.yaml.j2 @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: kubectl create cm test-script -n $NAMESPACE --from-file=test.py diff --git a/tests/templates/kuttl/smoke/41-assert.yaml b/tests/templates/kuttl/smoke/41-assert.yaml new file mode 100644 index 0000000..5898777 --- /dev/null +++ b/tests/templates/kuttl/smoke/41-assert.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: install-test-container +timeout: 300 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: python +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/smoke/41-install-test-container.yaml.j2 b/tests/templates/kuttl/smoke/41-install-test-container.yaml.j2 new file mode 100644 index 0000000..0ca95e8 --- /dev/null +++ b/tests/templates/kuttl/smoke/41-install-test-container.yaml.j2 @@ -0,0 +1,86 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: python +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: python +{% if test_scenario['values']['openshift'] == 'true' %} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{% endif %} +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: python +subjects: + - kind: ServiceAccount + name: python +roleRef: + kind: Role + name: python + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +metadata: + name: install-test-container +timeout: 300 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: python + labels: + app: python +spec: + replicas: 1 + selector: + matchLabels: + app: python + template: + metadata: + labels: + app: python + spec: + serviceAccountName: python + containers: + - name: osd-test + image: oci.stackable.tech/sdp/testing-tools:0.2.0-stackable0.0.0-dev + stdin: true + tty: true + resources: + requests: + memory: "128Mi" + cpu: "512m" + limits: + memory: "128Mi" + cpu: "1" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPENSEARCH_USER + value: admin + - name: OPENSEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: opensearch-credentials + key: admin + volumeMounts: + - name: test-script + mountPath: /tmp/test-script + terminationGracePeriodSeconds: 1 + volumes: + - name: test-script + configMap: + name: test-script + terminationGracePeriodSeconds: 1 diff --git a/tests/templates/kuttl/smoke/45-assert.yaml b/tests/templates/kuttl/smoke/45-assert.yaml new file mode 100644 index 0000000..5c33fc5 --- /dev/null +++ b/tests/templates/kuttl/smoke/45-assert.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: test +timeout: 300 +commands: + - script: |- + sleep 60 # After the OpenSearch Dashboards container has become ready it still takes some time until the application has completely started. + kubectl exec -n $NAMESPACE python-0 -- python /tmp/test-script/test.py diff --git a/tests/templates/kuttl/smoke/test.py b/tests/templates/kuttl/smoke/test.py new file mode 100644 index 0000000..7d18a5b --- /dev/null +++ b/tests/templates/kuttl/smoke/test.py @@ -0,0 +1,89 @@ +import logging +import os +import requests +import sys +import urllib3 + +# disable tls insecure warnings +urllib3.disable_warnings() + +logging.basicConfig( + level="INFO", format="%(asctime)s %(levelname)s: %(message)s", stream=sys.stdout +) + +namespace = os.environ["NAMESPACE"] +opensearch_user = os.environ["OPENSEARCH_USER"] +opensearch_password = os.environ["OPENSEARCH_PASSWORD"] +opensearch_dashboards_service = "http://opensearch-dashboards:5601" + +session = requests.Session() +session.headers.update({"osd-xsrf": "true"}) + +login_page = session.post( + f"{opensearch_dashboards_service}/auth/login", + data={"username": opensearch_user, "password": opensearch_password}, +) +assert login_page.ok, "Failed to login to OpenSearch Dashboards" + +api_status = session.get(f"{opensearch_dashboards_service}/api/status") +assert api_status.ok, "Failed to get API status" + +opensearch_version = api_status.json()["version"]["number"] + +assert api_status.json()["status"]["overall"]["state"] == "green", ( + "Overall state of OpenSearch Dashboards is not green" +) + +# Check if all expected plugins are present and working +expected_plugins = [ + "alertingDashboards", + "anomalyDetectionDashboards", + "assistantDashboards", + "customImportMapDashboards", + "flowFrameworkDashboards", + "indexManagementDashboards", + "mlCommonsDashboards", + "notificationsDashboards", + "observabilityDashboards", + "queryInsightsDashboards", + "queryWorkbenchDashboards", + "reportsDashboards", + "searchRelevanceDashboards", + "securityAnalyticsDashboards", + "securityDashboards", +] + +states = {} +for status in api_status.json()["status"]["statuses"]: + states[ + status["id"].removeprefix("plugin:").removesuffix(f"@{opensearch_version}") + ] = status["state"] == "green" +for plugin in expected_plugins: + assert plugin in states and states[plugin], ( + f"Expected plugin {plugin} not present or working." + ) + +# Load Sample Data (web logs & flights) +sample_web_logs = session.post(f"{opensearch_dashboards_service}/api/sample_data/logs") +assert sample_web_logs.ok, "Failed to create sample data (logs)" + +sample_flights = session.post( + f"{opensearch_dashboards_service}/api/sample_data/flights" +) +assert sample_flights.ok, "Failed to create sample data (flights)" + +# Check that the indices were created +indices = session.get( + f"{opensearch_dashboards_service}/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern" +) +assert indices.ok, "Failed to get indices" + +logs_index = indices.json()["saved_objects"][0] +assert logs_index["attributes"]["title"] == "opensearch_dashboards_sample_data_logs", ( + "First index should be sample logs" +) + +flights_index = indices.json()["saved_objects"][1] +assert ( + flights_index["attributes"]["title"] == "opensearch_dashboards_sample_data_flights" +), "Second index should be sample flights" From 7ebbba8bc3e45ad69cf744a58a125ee398fd97f1 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Thu, 9 Oct 2025 15:42:55 +0200 Subject: [PATCH 02/13] move opensearch-dashboards into own test --- .../opensearch-dashboards/00-patch-ns.yaml | 15 ++ .../kuttl/opensearch-dashboards/01-rbac.yaml | 31 +++ .../opensearch-dashboards/02-limit-range.yaml | 11 + .../opensearch-dashboards/10-assert.yaml.j2 | 23 ++ .../10-install-opensearch.yaml.j2 | 213 ++++++++++++++++++ .../20-assert.yaml} | 0 .../20-install-opensearch-dashboards.yaml.j2} | 2 +- .../20_opensearch-dashboards-values.yaml.j2} | 0 .../30-create-configmap.yaml.j2} | 0 .../31-assert.yaml} | 0 .../31-install-test-container.yaml.j2} | 0 .../35-assert.yaml} | 0 .../{smoke => opensearch-dashboards}/test.py | 0 .../kuttl/smoke/10-install-opensearch.yaml.j2 | 8 - tests/test-definition.yaml | 6 + 15 files changed, 300 insertions(+), 9 deletions(-) create mode 100644 tests/templates/kuttl/opensearch-dashboards/00-patch-ns.yaml create mode 100644 tests/templates/kuttl/opensearch-dashboards/01-rbac.yaml create mode 100644 tests/templates/kuttl/opensearch-dashboards/02-limit-range.yaml create mode 100644 tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 create mode 100644 tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 rename tests/templates/kuttl/{smoke/30-assert.yaml => opensearch-dashboards/20-assert.yaml} (100%) rename tests/templates/kuttl/{smoke/30-install-opensearch-dashboards.yaml.j2 => opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2} (86%) rename tests/templates/kuttl/{smoke/30_opensearch-dashboards-values.yaml.j2 => opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2} (100%) rename tests/templates/kuttl/{smoke/40-create-configmap.yaml.j2 => opensearch-dashboards/30-create-configmap.yaml.j2} (100%) rename tests/templates/kuttl/{smoke/41-assert.yaml => opensearch-dashboards/31-assert.yaml} (100%) rename tests/templates/kuttl/{smoke/41-install-test-container.yaml.j2 => opensearch-dashboards/31-install-test-container.yaml.j2} (100%) rename tests/templates/kuttl/{smoke/45-assert.yaml => opensearch-dashboards/35-assert.yaml} (100%) rename tests/templates/kuttl/{smoke => opensearch-dashboards}/test.py (100%) diff --git a/tests/templates/kuttl/opensearch-dashboards/00-patch-ns.yaml b/tests/templates/kuttl/opensearch-dashboards/00-patch-ns.yaml new file mode 100644 index 0000000..d4f91fa --- /dev/null +++ b/tests/templates/kuttl/opensearch-dashboards/00-patch-ns.yaml @@ -0,0 +1,15 @@ +# see https://github.com/stackabletech/issues/issues/566 +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: | + kubectl patch namespace $NAMESPACE --patch=' + { + "metadata": { + "labels": { + "pod-security.kubernetes.io/enforce": "privileged" + } + } + }' + timeout: 120 diff --git a/tests/templates/kuttl/opensearch-dashboards/01-rbac.yaml b/tests/templates/kuttl/opensearch-dashboards/01-rbac.yaml new file mode 100644 index 0000000..64eced8 --- /dev/null +++ b/tests/templates/kuttl/opensearch-dashboards/01-rbac.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-service-account +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: test-role +rules: + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - privileged + verbs: + - use +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: test-role-binding +subjects: + - kind: ServiceAccount + name: test-service-account +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: test-role diff --git a/tests/templates/kuttl/opensearch-dashboards/02-limit-range.yaml b/tests/templates/kuttl/opensearch-dashboards/02-limit-range.yaml new file mode 100644 index 0000000..b1789b2 --- /dev/null +++ b/tests/templates/kuttl/opensearch-dashboards/02-limit-range.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-request-ratio +spec: + limits: + - type: Container + maxLimitRequestRatio: + cpu: 5 + memory: 1 diff --git a/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 new file mode 100644 index 0000000..96e9254 --- /dev/null +++ b/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 @@ -0,0 +1,23 @@ +# All fields are checked that are set by the operator. +# This helps to detect unintentional changes. It is also a good reference for the output of the +# operator. The maintenance effort should be okay as long as it is only done in the smoke test. +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 600 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: opensearch-nodes-cluster-manager +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: opensearch-nodes-data +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 new file mode 100644 index 0000000..8851a8f --- /dev/null +++ b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 @@ -0,0 +1,213 @@ +--- +apiVersion: opensearch.stackable.tech/v1alpha1 +kind: OpenSearchCluster +metadata: + name: opensearch +spec: + image: +{% if test_scenario['values']['opensearch'].find(",") > 0 %} + custom: "{{ test_scenario['values']['opensearch'].split(',')[1] }}" + productVersion: "{{ test_scenario['values']['opensearch'].split(',')[0] }}" +{% else %} + productVersion: "{{ test_scenario['values']['opensearch'] }}" +{% endif %} + pullPolicy: IfNotPresent + nodes: + roleGroups: + cluster-manager: + config: + nodeRoles: + - cluster_manager + resources: + storage: + data: + capacity: 100Mi + listenerClass: external-stable + replicas: 1 + podOverrides: + spec: + volumes: + - name: tls + ephemeral: + volumeClaimTemplate: + metadata: + annotations: + secrets.stackable.tech/scope: node,pod,service=opensearch,service=opensearch-nodes-cluster-manager-headless + data: + config: + nodeRoles: + - ingest + - data + - remote_cluster_client + resources: + storage: + data: + capacity: 2Gi + listenerClass: cluster-internal + replicas: 1 + podOverrides: + spec: + volumes: + - name: tls + ephemeral: + volumeClaimTemplate: + metadata: + annotations: + secrets.stackable.tech/scope: node,pod,service=opensearch-nodes-data-headless + envOverrides: + # Only required for the official image + # The official image (built with https://github.com/opensearch-project/opensearch-build) + # installs a demo configuration if not disabled explicitly. + DISABLE_INSTALL_DEMO_CONFIG: "true" + OPENSEARCH_HOME: {{ test_scenario['values']['opensearch_home'] }} + configOverrides: + opensearch.yml: + # Disable memory mapping in this test; If memory mapping were activated, the kernel setting + # vm.max_map_count would have to be increased to 262144 on the node. + node.store.allow_mmap: "false" + # Disable the disk allocation decider in this test; Otherwise the test depends on the disk + # usage of the node and if the relative watermark set in + # `cluster.routing.allocation.disk.watermark.high` is reached then the security index could + # not be created even if enough disk space would be available. + cluster.routing.allocation.disk.threshold_enabled: "false" + plugins.security.allow_default_init_securityindex: "true" + plugins.security.ssl.transport.enabled: "true" + plugins.security.ssl.transport.pemcert_filepath: {{ test_scenario['values']['opensearch_home'] }}/config/tls/tls.crt + plugins.security.ssl.transport.pemkey_filepath: {{ test_scenario['values']['opensearch_home'] }}/config/tls/tls.key + plugins.security.ssl.transport.pemtrustedcas_filepath: {{ test_scenario['values']['opensearch_home'] }}/config/tls/ca.crt + plugins.security.ssl.http.enabled: "true" + plugins.security.ssl.http.pemcert_filepath: {{ test_scenario['values']['opensearch_home'] }}/config/tls/tls.crt + plugins.security.ssl.http.pemkey_filepath: {{ test_scenario['values']['opensearch_home'] }}/config/tls/tls.key + plugins.security.ssl.http.pemtrustedcas_filepath: {{ test_scenario['values']['opensearch_home'] }}/config/tls/ca.crt + podOverrides: + spec: + containers: + - name: opensearch + volumeMounts: + - name: security-config + mountPath: {{ test_scenario['values']['opensearch_home'] }}/config/opensearch-security + readOnly: true + - name: tls + mountPath: {{ test_scenario['values']['opensearch_home'] }}/config/tls + readOnly: true + volumes: + - name: security-config + secret: + secretName: opensearch-security-config + - name: tls + ephemeral: + volumeClaimTemplate: + metadata: + annotations: + secrets.stackable.tech/class: tls + spec: + storageClassName: secrets.stackable.tech + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "1" +--- +apiVersion: v1 +kind: Secret +metadata: + name: opensearch-credentials +data: + admin: QUpWRnNHSkJicFQ2bUNobg== # AJVFsGJBbpT6mChn + kibanaserver: RTRrRU51RW1rcUgzanlIQw== # E4kENuEmkqH3jyHC +--- +apiVersion: v1 +kind: Secret +metadata: + name: opensearch-security-config +stringData: + action_groups.yml: | + --- + _meta: + type: actiongroups + config_version: 2 + allowlist.yml: | + --- + _meta: + type: allowlist + config_version: 2 + + config: + enabled: false + audit.yml: | + --- + _meta: + type: audit + config_version: 2 + + config: + enabled: false + config.yml: | + --- + _meta: + type: config + config_version: 2 + + config: + dynamic: + authc: + basic_internal_auth_domain: + description: Authenticate via HTTP Basic against internal users database + http_enabled: true + transport_enabled: true + order: 1 + http_authenticator: + type: basic + challenge: true + authentication_backend: + type: intern + authz: {} + internal_users.yml: | + --- + # The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh + + _meta: + type: internalusers + config_version: 2 + + admin: + hash: $2y$10$xRtHZFJ9QhG9GcYhRpAGpufCZYsk//nxsuel5URh0GWEBgmiI4Q/e + reserved: true + backend_roles: + - admin + description: OpenSearch admin user + + kibanaserver: + hash: $2y$10$vPgQ/6ilKDM5utawBqxoR.7euhVQ0qeGl8mPTeKhmFT475WUDrfQS + reserved: true + description: OpenSearch Dashboards user + nodes_dn.yml: | + --- + _meta: + type: nodesdn + config_version: 2 + roles.yml: | + --- + _meta: + type: roles + config_version: 2 + roles_mapping.yml: | + --- + _meta: + type: rolesmapping + config_version: 2 + + all_access: + reserved: false + backend_roles: + - admin + + kibana_server: + reserved: true + users: + - kibanaserver + tenants.yml: | + --- + _meta: + type: tenants + config_version: 2 diff --git a/tests/templates/kuttl/smoke/30-assert.yaml b/tests/templates/kuttl/opensearch-dashboards/20-assert.yaml similarity index 100% rename from tests/templates/kuttl/smoke/30-assert.yaml rename to tests/templates/kuttl/opensearch-dashboards/20-assert.yaml diff --git a/tests/templates/kuttl/smoke/30-install-opensearch-dashboards.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 similarity index 86% rename from tests/templates/kuttl/smoke/30-install-opensearch-dashboards.yaml.j2 rename to tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 index 2fc16e8..3a9f221 100644 --- a/tests/templates/kuttl/smoke/30-install-opensearch-dashboards.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 @@ -6,7 +6,7 @@ commands: helm install opensearch-dashboards opensearch-dashboards --repo https://opensearch-project.github.io/helm-charts --version "{{ test_scenario['values']['opensearch'].split(',')[0] }}" - --values 30_opensearch-dashboards-values.yaml + --values 20_opensearch-dashboards-values.yaml --namespace $NAMESPACE --wait timeout: 600 diff --git a/tests/templates/kuttl/smoke/30_opensearch-dashboards-values.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 similarity index 100% rename from tests/templates/kuttl/smoke/30_opensearch-dashboards-values.yaml.j2 rename to tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 diff --git a/tests/templates/kuttl/smoke/40-create-configmap.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/30-create-configmap.yaml.j2 similarity index 100% rename from tests/templates/kuttl/smoke/40-create-configmap.yaml.j2 rename to tests/templates/kuttl/opensearch-dashboards/30-create-configmap.yaml.j2 diff --git a/tests/templates/kuttl/smoke/41-assert.yaml b/tests/templates/kuttl/opensearch-dashboards/31-assert.yaml similarity index 100% rename from tests/templates/kuttl/smoke/41-assert.yaml rename to tests/templates/kuttl/opensearch-dashboards/31-assert.yaml diff --git a/tests/templates/kuttl/smoke/41-install-test-container.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/31-install-test-container.yaml.j2 similarity index 100% rename from tests/templates/kuttl/smoke/41-install-test-container.yaml.j2 rename to tests/templates/kuttl/opensearch-dashboards/31-install-test-container.yaml.j2 diff --git a/tests/templates/kuttl/smoke/45-assert.yaml b/tests/templates/kuttl/opensearch-dashboards/35-assert.yaml similarity index 100% rename from tests/templates/kuttl/smoke/45-assert.yaml rename to tests/templates/kuttl/opensearch-dashboards/35-assert.yaml diff --git a/tests/templates/kuttl/smoke/test.py b/tests/templates/kuttl/opensearch-dashboards/test.py similarity index 100% rename from tests/templates/kuttl/smoke/test.py rename to tests/templates/kuttl/opensearch-dashboards/test.py diff --git a/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 b/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 index 3cc74a1..1ee05fc 100644 --- a/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 +++ b/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 @@ -110,14 +110,6 @@ spec: --- apiVersion: v1 kind: Secret -metadata: - name: opensearch-credentials -data: - admin: QUpWRnNHSkJicFQ2bUNobg== # AJVFsGJBbpT6mChn - kibanaserver: RTRrRU51RW1rcUgzanlIQw== # E4kENuEmkqH3jyHC ---- -apiVersion: v1 -kind: Secret metadata: name: opensearch-security-config stringData: diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index efad126..66560af 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -35,6 +35,11 @@ tests: - opensearch - openshift - opensearch_home + - name: opensearch-dashboards + dimensions: + - opensearch + - openshift + - opensearch_home suites: - name: nightly patch: @@ -44,6 +49,7 @@ suites: - name: smoke-latest select: - smoke + - opensearch-dashboards patch: - dimensions: - expr: last From b6d774e7b4c1637521dfbb81b5dd09505e4cca2b Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Mon, 13 Oct 2025 13:26:37 +0200 Subject: [PATCH 03/13] Update tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 Co-authored-by: Siegfried Weber --- .../20_opensearch-dashboards-values.yaml.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 index eb594cb..8483a48 100644 --- a/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 @@ -5,10 +5,10 @@ image: service: type: NodePort serviceAccount: - # The Helm chart appends "-dashboards", so that the actual - # ServiceAccount name is "opensearch-dashboards". - # see https://github.com/opensearch-project/helm-charts/blob/opensearch-dashboards-2.27.1/charts/opensearch-dashboards/templates/_helpers.tpl#L58 - name: opensearch + create: false + # Use the ServiceAccount of OpenSearch because its permissions are already configured to work on + # OpenShift. + name: opensearch-serviceaccount extraEnvs: - name: OPENSEARCH_PASSWORD valueFrom: From a22c9c68e336f0cd3bc6151498af566e330edf22 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Mon, 13 Oct 2025 13:48:19 +0200 Subject: [PATCH 04/13] add vector aggregator to test --- .../kuttl/opensearch-dashboards/02-assert.yaml.j2 | 10 ++++++++++ ...tall-vector-aggregator-discovery-config-map.yaml.j2 | 9 +++++++++ .../10-install-opensearch.yaml.j2 | 7 +++++++ 3 files changed, 26 insertions(+) create mode 100644 tests/templates/kuttl/opensearch-dashboards/02-assert.yaml.j2 create mode 100644 tests/templates/kuttl/opensearch-dashboards/02-install-vector-aggregator-discovery-config-map.yaml.j2 diff --git a/tests/templates/kuttl/opensearch-dashboards/02-assert.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/02-assert.yaml.j2 new file mode 100644 index 0000000..50b1d4c --- /dev/null +++ b/tests/templates/kuttl/opensearch-dashboards/02-assert.yaml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +{% endif %} diff --git a/tests/templates/kuttl/opensearch-dashboards/02-install-vector-aggregator-discovery-config-map.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/02-install-vector-aggregator-discovery-config-map.yaml.j2 new file mode 100644 index 0000000..2d6a0df --- /dev/null +++ b/tests/templates/kuttl/opensearch-dashboards/02-install-vector-aggregator-discovery-config-map.yaml.j2 @@ -0,0 +1,9 @@ +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +data: + ADDRESS: {{ lookup('env', 'VECTOR_AGGREGATOR') }} +{% endif %} diff --git a/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 index 8851a8f..3a4eb3e 100644 --- a/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 @@ -12,7 +12,14 @@ spec: productVersion: "{{ test_scenario['values']['opensearch'] }}" {% endif %} pullPolicy: IfNotPresent +{% if lookup('env', 'VECTOR_AGGREGATOR') %} + clusterConfig: + vectorAggregatorConfigMapName: vector-aggregator-discovery +{% endif %} nodes: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} roleGroups: cluster-manager: config: From 05d696a01d5b09d67e6cc4ae891e15ca0f8f1925 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Mon, 13 Oct 2025 16:41:15 +0200 Subject: [PATCH 05/13] verify the opensearch tls cert in the opensearch-dashboards test --- .../20-install-opensearch-dashboards.yaml.j2 | 1 + .../20_opensearch-dashboards-values.yaml.j2 | 39 ++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 index 3a9f221..8d04d3e 100644 --- a/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 @@ -7,6 +7,7 @@ commands: --repo https://opensearch-project.github.io/helm-charts --version "{{ test_scenario['values']['opensearch'].split(',')[0] }}" --values 20_opensearch-dashboards-values.yaml + --set opensearchHosts=https://opensearch.$NAMESPACE.svc.cluster.local:9200 --namespace $NAMESPACE --wait timeout: 600 diff --git a/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 index 8483a48..64ebf4f 100644 --- a/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 @@ -1,4 +1,3 @@ -opensearchHosts: https://opensearch-nodes-cluster-manager:9200 image: repository: oci.stackable.tech/sdp/opensearch-dashboards tag: {{ test_scenario['values']['opensearch'].split(',')[0] }}-stackable0.0.0-dev @@ -15,3 +14,41 @@ extraEnvs: secretKeyRef: name: opensearch-credentials key: kibanaserver +config: + opensearch_dashboards.yml: + opensearch: + username: kibanaserver + password: kibanaserver + requestHeadersWhitelist: [authorization, securitytenant] + ssl: + verificationMode: full + certificateAuthorities: [/stackable/opensearch-dashboards/config/tls/ca.crt] + opensearch_security: + multitenancy: + enabled: true + tenants.preferred: [Private, Global] + readonly_mode.roles: [kibana_read_only] + cookie.secure: false +extraVolumes: + - name: tls + ephemeral: + volumeClaimTemplate: + metadata: + annotations: + secrets.stackable.tech/class: tls + spec: + storageClassName: secrets.stackable.tech + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "1" +extraVolumeMounts: + - name: tls + mountPath: /stackable/opensearch-dashboards/config/tls + # The Helm chart only adds a volume mount at /usr/share/opensearch-dashboards + - mountPath: /stackable/opensearch-dashboards/config/opensearch_dashboards.yml + name: config + subPath: opensearch_dashboards.yml +podSecurityContext: + fsGroup: 1000 From 9de7edb3b3475373c29851cb89e26b9622bc4431 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Mon, 13 Oct 2025 17:48:42 +0200 Subject: [PATCH 06/13] address feedback on PR --- .../opensearch-dashboards/10-assert.yaml.j2 | 10 +-- .../10-install-opensearch.yaml.j2 | 31 +------ .../20-install-opensearch-dashboards.yaml.j2 | 2 +- .../opensearch-dashboards/30-assert.yaml | 11 +++ .../30-create-configmap.yaml.j2 | 4 - .../30-test-opensearch-dashboards.yaml.j2 | 60 +++++++++++++ .../opensearch-dashboards/31-assert.yaml | 14 --- .../31-install-test-container.yaml.j2 | 86 ------------------- .../opensearch-dashboards/35-assert.yaml | 10 --- .../kuttl/opensearch-dashboards/test.py | 6 +- 10 files changed, 76 insertions(+), 158 deletions(-) create mode 100644 tests/templates/kuttl/opensearch-dashboards/30-assert.yaml delete mode 100644 tests/templates/kuttl/opensearch-dashboards/30-create-configmap.yaml.j2 create mode 100644 tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 delete mode 100644 tests/templates/kuttl/opensearch-dashboards/31-assert.yaml delete mode 100644 tests/templates/kuttl/opensearch-dashboards/31-install-test-container.yaml.j2 delete mode 100644 tests/templates/kuttl/opensearch-dashboards/35-assert.yaml diff --git a/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 index 96e9254..14ee959 100644 --- a/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 @@ -9,15 +9,7 @@ timeout: 600 apiVersion: apps/v1 kind: StatefulSet metadata: - name: opensearch-nodes-cluster-manager -status: - readyReplicas: 1 - replicas: 1 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: opensearch-nodes-data + name: opensearch-nodes-default status: readyReplicas: 1 replicas: 1 diff --git a/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 index 3a4eb3e..dc115b4 100644 --- a/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 @@ -21,35 +21,8 @@ spec: logging: enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} roleGroups: - cluster-manager: + default: config: - nodeRoles: - - cluster_manager - resources: - storage: - data: - capacity: 100Mi - listenerClass: external-stable - replicas: 1 - podOverrides: - spec: - volumes: - - name: tls - ephemeral: - volumeClaimTemplate: - metadata: - annotations: - secrets.stackable.tech/scope: node,pod,service=opensearch,service=opensearch-nodes-cluster-manager-headless - data: - config: - nodeRoles: - - ingest - - data - - remote_cluster_client - resources: - storage: - data: - capacity: 2Gi listenerClass: cluster-internal replicas: 1 podOverrides: @@ -60,7 +33,7 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.stackable.tech/scope: node,pod,service=opensearch-nodes-data-headless + secrets.stackable.tech/scope: node,pod,service=opensearch,service=opensearch-nodes-cluster-manager-headless envOverrides: # Only required for the official image # The official image (built with https://github.com/opensearch-project/opensearch-build) diff --git a/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 index 8d04d3e..14dc539 100644 --- a/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/20-install-opensearch-dashboards.yaml.j2 @@ -8,6 +8,6 @@ commands: --version "{{ test_scenario['values']['opensearch'].split(',')[0] }}" --values 20_opensearch-dashboards-values.yaml --set opensearchHosts=https://opensearch.$NAMESPACE.svc.cluster.local:9200 - --namespace $NAMESPACE + --namespace $NAMESPACE --wait timeout: 600 diff --git a/tests/templates/kuttl/opensearch-dashboards/30-assert.yaml b/tests/templates/kuttl/opensearch-dashboards/30-assert.yaml new file mode 100644 index 0000000..0b78e78 --- /dev/null +++ b/tests/templates/kuttl/opensearch-dashboards/30-assert.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 600 +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: test-opensearch-dashboards +status: + succeeded: 1 diff --git a/tests/templates/kuttl/opensearch-dashboards/30-create-configmap.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/30-create-configmap.yaml.j2 deleted file mode 100644 index 51b0321..0000000 --- a/tests/templates/kuttl/opensearch-dashboards/30-create-configmap.yaml.j2 +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: kubectl create cm test-script -n $NAMESPACE --from-file=test.py diff --git a/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 new file mode 100644 index 0000000..c0f5744 --- /dev/null +++ b/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 @@ -0,0 +1,60 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: kubectl create cm test-opensearch-dashboards -n $NAMESPACE --from-file=test.py +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: test-opensearch-dashboards +spec: + template: + spec: + containers: + - name: test-opensearch-dashboards + image: oci.stackable.tech/sdp/testing-tools:0.2.0-stackable0.0.0-dev + command: + - /bin/bash + - -euxo + - pipefail + - -c + args: + - | + sleep 60 + python scripts/test.py + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPENSEARCH_USER + value: admin + - name: OPENSEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: opensearch-credentials + key: admin + volumeMounts: + - name: script + mountPath: /stackable/scripts + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + resources: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 128Mi + cpu: 400m + volumes: + - name: script + configMap: + name: test-opensearch-dashboards + serviceAccountName: test-service-account + securityContext: + fsGroup: 1000 + restartPolicy: OnFailure diff --git a/tests/templates/kuttl/opensearch-dashboards/31-assert.yaml b/tests/templates/kuttl/opensearch-dashboards/31-assert.yaml deleted file mode 100644 index 5898777..0000000 --- a/tests/templates/kuttl/opensearch-dashboards/31-assert.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestAssert -metadata: - name: install-test-container -timeout: 300 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: python -status: - readyReplicas: 1 - replicas: 1 diff --git a/tests/templates/kuttl/opensearch-dashboards/31-install-test-container.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/31-install-test-container.yaml.j2 deleted file mode 100644 index 0ca95e8..0000000 --- a/tests/templates/kuttl/opensearch-dashboards/31-install-test-container.yaml.j2 +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: python ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: python -{% if test_scenario['values']['openshift'] == 'true' %} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{% endif %} ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: python -subjects: - - kind: ServiceAccount - name: python -roleRef: - kind: Role - name: python - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -metadata: - name: install-test-container -timeout: 300 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: python - labels: - app: python -spec: - replicas: 1 - selector: - matchLabels: - app: python - template: - metadata: - labels: - app: python - spec: - serviceAccountName: python - containers: - - name: osd-test - image: oci.stackable.tech/sdp/testing-tools:0.2.0-stackable0.0.0-dev - stdin: true - tty: true - resources: - requests: - memory: "128Mi" - cpu: "512m" - limits: - memory: "128Mi" - cpu: "1" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPENSEARCH_USER - value: admin - - name: OPENSEARCH_PASSWORD - valueFrom: - secretKeyRef: - name: opensearch-credentials - key: admin - volumeMounts: - - name: test-script - mountPath: /tmp/test-script - terminationGracePeriodSeconds: 1 - volumes: - - name: test-script - configMap: - name: test-script - terminationGracePeriodSeconds: 1 diff --git a/tests/templates/kuttl/opensearch-dashboards/35-assert.yaml b/tests/templates/kuttl/opensearch-dashboards/35-assert.yaml deleted file mode 100644 index 5c33fc5..0000000 --- a/tests/templates/kuttl/opensearch-dashboards/35-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestAssert -metadata: - name: test -timeout: 300 -commands: - - script: |- - sleep 60 # After the OpenSearch Dashboards container has become ready it still takes some time until the application has completely started. - kubectl exec -n $NAMESPACE python-0 -- python /tmp/test-script/test.py diff --git a/tests/templates/kuttl/opensearch-dashboards/test.py b/tests/templates/kuttl/opensearch-dashboards/test.py index 7d18a5b..bdacf88 100644 --- a/tests/templates/kuttl/opensearch-dashboards/test.py +++ b/tests/templates/kuttl/opensearch-dashboards/test.py @@ -2,13 +2,9 @@ import os import requests import sys -import urllib3 - -# disable tls insecure warnings -urllib3.disable_warnings() logging.basicConfig( - level="INFO", format="%(asctime)s %(levelname)s: %(message)s", stream=sys.stdout + level="DEBUG", format="%(asctime)s %(levelname)s: %(message)s", stream=sys.stdout ) namespace = os.environ["NAMESPACE"] From ed57fd00302a5b173650ebc66a2a5f5e8ba2ac01 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Mon, 13 Oct 2025 17:49:31 +0200 Subject: [PATCH 07/13] remove limit range --- .../kuttl/opensearch-dashboards/02-limit-range.yaml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 tests/templates/kuttl/opensearch-dashboards/02-limit-range.yaml diff --git a/tests/templates/kuttl/opensearch-dashboards/02-limit-range.yaml b/tests/templates/kuttl/opensearch-dashboards/02-limit-range.yaml deleted file mode 100644 index b1789b2..0000000 --- a/tests/templates/kuttl/opensearch-dashboards/02-limit-range.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: v1 -kind: LimitRange -metadata: - name: limit-request-ratio -spec: - limits: - - type: Container - maxLimitRequestRatio: - cpu: 5 - memory: 1 From 2d0ac53d9653d67362188a09b07b4cb241bc5820 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Mon, 13 Oct 2025 17:53:09 +0200 Subject: [PATCH 08/13] remove unnecessary comment --- tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 index 14ee959..06c64a1 100644 --- a/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/10-assert.yaml.j2 @@ -1,6 +1,3 @@ -# All fields are checked that are set by the operator. -# This helps to detect unintentional changes. It is also a good reference for the output of the -# operator. The maintenance effort should be okay as long as it is only done in the smoke test. --- apiVersion: kuttl.dev/v1beta1 kind: TestAssert From 37cb8411d89ecbd2fba500852303238adf3df9a1 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Tue, 14 Oct 2025 14:17:33 +0200 Subject: [PATCH 09/13] Apply suggestions from code review Co-authored-by: Siegfried Weber --- .../opensearch-dashboards/10-install-opensearch.yaml.j2 | 2 +- .../20_opensearch-dashboards-values.yaml.j2 | 7 ++++--- .../30-test-opensearch-dashboards.yaml.j2 | 9 ++------- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 index dc115b4..d6c3308 100644 --- a/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 @@ -33,7 +33,7 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.stackable.tech/scope: node,pod,service=opensearch,service=opensearch-nodes-cluster-manager-headless + secrets.stackable.tech/scope: node,pod,service=opensearch,service=opensearch-nodes-default-headless envOverrides: # Only required for the official image # The official image (built with https://github.com/opensearch-project/opensearch-build) diff --git a/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 index 64ebf4f..d1caea0 100644 --- a/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/20_opensearch-dashboards-values.yaml.j2 @@ -18,8 +18,9 @@ config: opensearch_dashboards.yml: opensearch: username: kibanaserver - password: kibanaserver - requestHeadersWhitelist: [authorization, securitytenant] + requestHeadersWhitelist: + - authorization + - securitytenant ssl: verificationMode: full certificateAuthorities: [/stackable/opensearch-dashboards/config/tls/ca.crt] @@ -46,7 +47,7 @@ extraVolumes: extraVolumeMounts: - name: tls mountPath: /stackable/opensearch-dashboards/config/tls - # The Helm chart only adds a volume mount at /usr/share/opensearch-dashboards + # The Helm chart only adds a volume mount at /usr/share/opensearch-dashboards - mountPath: /stackable/opensearch-dashboards/config/opensearch_dashboards.yml name: config subPath: opensearch_dashboards.yml diff --git a/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 index c0f5744..9c6b512 100644 --- a/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 @@ -14,14 +14,9 @@ spec: - name: test-opensearch-dashboards image: oci.stackable.tech/sdp/testing-tools:0.2.0-stackable0.0.0-dev command: - - /bin/bash - - -euxo - - pipefail - - -c + - python args: - - | - sleep 60 - python scripts/test.py + - scripts/test.py env: - name: NAMESPACE valueFrom: From c77ed2fdf7644bac1d2e3c21809ebfbec65001c9 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Tue, 14 Oct 2025 14:18:45 +0200 Subject: [PATCH 10/13] set listener class in test to external-stable --- .../kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 index d6c3308..5d0871a 100644 --- a/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/10-install-opensearch.yaml.j2 @@ -23,7 +23,7 @@ spec: roleGroups: default: config: - listenerClass: cluster-internal + listenerClass: external-stable replicas: 1 podOverrides: spec: From 5aa1595c7d865a8f23e0614feb93788423c1280f Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Tue, 14 Oct 2025 14:21:28 +0200 Subject: [PATCH 11/13] directly create cm with test script --- .../30-test-opensearch-dashboards.yaml.j2 | 97 ++++++++++++++++++- .../kuttl/opensearch-dashboards/test.py | 85 ---------------- 2 files changed, 92 insertions(+), 90 deletions(-) delete mode 100644 tests/templates/kuttl/opensearch-dashboards/test.py diff --git a/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 b/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 index 9c6b512..0ced664 100644 --- a/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 +++ b/tests/templates/kuttl/opensearch-dashboards/30-test-opensearch-dashboards.yaml.j2 @@ -1,8 +1,3 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: kubectl create cm test-opensearch-dashboards -n $NAMESPACE --from-file=test.py ---- apiVersion: batch/v1 kind: Job metadata: @@ -53,3 +48,95 @@ spec: securityContext: fsGroup: 1000 restartPolicy: OnFailure +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-opensearch-dashboards +data: + test.py: | + import logging + import os + import requests + import sys + + logging.basicConfig( + level="DEBUG", format="%(asctime)s %(levelname)s: %(message)s", stream=sys.stdout + ) + + namespace = os.environ["NAMESPACE"] + opensearch_user = os.environ["OPENSEARCH_USER"] + opensearch_password = os.environ["OPENSEARCH_PASSWORD"] + opensearch_dashboards_service = "http://opensearch-dashboards:5601" + + session = requests.Session() + session.headers.update({"osd-xsrf": "true"}) + + login_page = session.post( + f"{opensearch_dashboards_service}/auth/login", + data={"username": opensearch_user, "password": opensearch_password}, + ) + assert login_page.ok, "Failed to login to OpenSearch Dashboards" + + api_status = session.get(f"{opensearch_dashboards_service}/api/status") + assert api_status.ok, "Failed to get API status" + + opensearch_version = api_status.json()["version"]["number"] + + assert api_status.json()["status"]["overall"]["state"] == "green", ( + "Overall state of OpenSearch Dashboards is not green" + ) + + # Check if all expected plugins are present and working + expected_plugins = [ + "alertingDashboards", + "anomalyDetectionDashboards", + "assistantDashboards", + "customImportMapDashboards", + "flowFrameworkDashboards", + "indexManagementDashboards", + "mlCommonsDashboards", + "notificationsDashboards", + "observabilityDashboards", + "queryInsightsDashboards", + "queryWorkbenchDashboards", + "reportsDashboards", + "searchRelevanceDashboards", + "securityAnalyticsDashboards", + "securityDashboards", + ] + + states = {} + for status in api_status.json()["status"]["statuses"]: + states[ + status["id"].removeprefix("plugin:").removesuffix(f"@{opensearch_version}") + ] = status["state"] == "green" + for plugin in expected_plugins: + assert plugin in states and states[plugin], ( + f"Expected plugin {plugin} not present or working." + ) + + # Load Sample Data (web logs & flights) + sample_web_logs = session.post(f"{opensearch_dashboards_service}/api/sample_data/logs") + assert sample_web_logs.ok, "Failed to create sample data (logs)" + + sample_flights = session.post( + f"{opensearch_dashboards_service}/api/sample_data/flights" + ) + assert sample_flights.ok, "Failed to create sample data (flights)" + + # Check that the indices were created + indices = session.get( + f"{opensearch_dashboards_service}/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern" + ) + assert indices.ok, "Failed to get indices" + + logs_index = indices.json()["saved_objects"][0] + assert logs_index["attributes"]["title"] == "opensearch_dashboards_sample_data_logs", ( + "First index should be sample logs" + ) + + flights_index = indices.json()["saved_objects"][1] + assert ( + flights_index["attributes"]["title"] == "opensearch_dashboards_sample_data_flights" + ), "Second index should be sample flights" diff --git a/tests/templates/kuttl/opensearch-dashboards/test.py b/tests/templates/kuttl/opensearch-dashboards/test.py deleted file mode 100644 index bdacf88..0000000 --- a/tests/templates/kuttl/opensearch-dashboards/test.py +++ /dev/null @@ -1,85 +0,0 @@ -import logging -import os -import requests -import sys - -logging.basicConfig( - level="DEBUG", format="%(asctime)s %(levelname)s: %(message)s", stream=sys.stdout -) - -namespace = os.environ["NAMESPACE"] -opensearch_user = os.environ["OPENSEARCH_USER"] -opensearch_password = os.environ["OPENSEARCH_PASSWORD"] -opensearch_dashboards_service = "http://opensearch-dashboards:5601" - -session = requests.Session() -session.headers.update({"osd-xsrf": "true"}) - -login_page = session.post( - f"{opensearch_dashboards_service}/auth/login", - data={"username": opensearch_user, "password": opensearch_password}, -) -assert login_page.ok, "Failed to login to OpenSearch Dashboards" - -api_status = session.get(f"{opensearch_dashboards_service}/api/status") -assert api_status.ok, "Failed to get API status" - -opensearch_version = api_status.json()["version"]["number"] - -assert api_status.json()["status"]["overall"]["state"] == "green", ( - "Overall state of OpenSearch Dashboards is not green" -) - -# Check if all expected plugins are present and working -expected_plugins = [ - "alertingDashboards", - "anomalyDetectionDashboards", - "assistantDashboards", - "customImportMapDashboards", - "flowFrameworkDashboards", - "indexManagementDashboards", - "mlCommonsDashboards", - "notificationsDashboards", - "observabilityDashboards", - "queryInsightsDashboards", - "queryWorkbenchDashboards", - "reportsDashboards", - "searchRelevanceDashboards", - "securityAnalyticsDashboards", - "securityDashboards", -] - -states = {} -for status in api_status.json()["status"]["statuses"]: - states[ - status["id"].removeprefix("plugin:").removesuffix(f"@{opensearch_version}") - ] = status["state"] == "green" -for plugin in expected_plugins: - assert plugin in states and states[plugin], ( - f"Expected plugin {plugin} not present or working." - ) - -# Load Sample Data (web logs & flights) -sample_web_logs = session.post(f"{opensearch_dashboards_service}/api/sample_data/logs") -assert sample_web_logs.ok, "Failed to create sample data (logs)" - -sample_flights = session.post( - f"{opensearch_dashboards_service}/api/sample_data/flights" -) -assert sample_flights.ok, "Failed to create sample data (flights)" - -# Check that the indices were created -indices = session.get( - f"{opensearch_dashboards_service}/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern" -) -assert indices.ok, "Failed to get indices" - -logs_index = indices.json()["saved_objects"][0] -assert logs_index["attributes"]["title"] == "opensearch_dashboards_sample_data_logs", ( - "First index should be sample logs" -) - -flights_index = indices.json()["saved_objects"][1] -assert ( - flights_index["attributes"]["title"] == "opensearch_dashboards_sample_data_flights" -), "Second index should be sample flights" From 88f92dd7afa314aaaa22c67b1975e002176f0644 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Tue, 14 Oct 2025 14:58:18 +0200 Subject: [PATCH 12/13] run opensearch-dashboards test with original image --- tests/test-definition.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index a3e09ef..3a401e8 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -60,6 +60,7 @@ suites: - smoke - external-access - ldap + - opensearch-dashboards patch: - dimensions: - name: opensearch From 4d7958d550447f988dd22561cc18499a18886380 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Tue, 14 Oct 2025 16:22:19 +0200 Subject: [PATCH 13/13] removed openshift dimension --- tests/test-definition.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index 3a401e8..de7d2b3 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -33,7 +33,6 @@ tests: - name: opensearch-dashboards dimensions: - opensearch - - openshift - opensearch_home suites: - name: nightly