Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove references to default admin creds #3869

Merged
merged 1 commit into from
Jan 17, 2024
Merged

Remove references to default admin creds #3869

merged 1 commit into from
Jan 17, 2024

Conversation

derek-ho
Copy link
Contributor

Description

Starting in 2.12.0, security plugin is mandating an initial admin password to be provided, via env variable. This PR updates the documentation and CI to run with that change.

Issues Resolved

Resolves #[Issue number to be closed when this PR is merged]

Check List

  • New functionality includes testing.
  • New functionality has a documentation issue. Please link to it in this PR.
    • New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@derek-ho
Copy link
Contributor Author

opensearch-project/security#3624

@derek-ho
Copy link
Contributor Author

@dlvenable @kkondaka I might need some help in understanding how the CI is run in this repo. Basically docker images/release binaries < 2.12.0 would spin up with "admin:admin", and >= 2.12.0 you have to provide a password - I am using myStrongPassword123! as placeholder. I would expect CI to fail on this PR until the images are released - are you ok with just leaving this open until that point after which we merge it to fix the CI? Any other cases I am missing? I do see that this repo is running against older versions to so where would be the best place to put logic to differentiate credentials in case of different versions? I also see admin:admin references in some java test code, not sure what to do about those.

@DarshitChanpura DarshitChanpura mentioned this pull request Jan 2, 2024
Closed
2 tasks
@dlvenable
Copy link
Member

@derek-ho , Our main CI is configured in the .github directory and I don't see any PR changes to that.

Here is where we set the admin credentials.

data-prepper/.github/workflows/opensearch-sink-opensearch-integration-tests.yml

Line 43 in f19de03

./gradlew :data-prepper-plugins:opensearch:integrationTest -Dtests.opensearch.host=localhost:9200 -Dtests.opensearch.user=admin -Dtests.opensearch.password=admin -Dtests.opensearch.bundle=true -Dtests.opensearch.version=opensearch:${{ matrix.opensearch }}

You can see all the versions we test against here:

data-prepper/.github/workflows/opensearch-sink-opensearch-integration-tests.yml

Line 23 in f19de03

opensearch: [1.0.1, 1.1.0, 1.2.4, 1.3.14, 2.0.1, 2.1.0, 2.3.0, 2.5.0, 2.7.0, 2.9.0, 2.11.1]

And then we'd need to set the password here:

data-prepper/.github/workflows/opensearch-sink-opensearch-integration-tests.yml

Line 38 in f19de03

docker run -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" -d opensearchproject/opensearch:${{ matrix.opensearch }}

Might it be better to just set the password to admin so that, for testing, all passwords are the same?

dlvenable
dlvenable approved these changes Jan 2, 2024
View reviewed changes
Copy link
Member

@dlvenable dlvenable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the current set of changes are all workable. As noted in the other comment, we may need to make other changes. But, that need not hold this up.

@DarshitChanpura
Copy link
Member

@dlvenable Agreed. The change need to be made once 2.12 is added to the list of versions. But that doesn't block this PR, so can we get reviews/merge it?

@dlvenable dlvenable merged commit a64f409 into opensearch-project:main Jan 17, 2024
68 checks passed
@dlvenable
Copy link
Member

Thanks @derek-ho for this contribution!

@DarshitChanpura DarshitChanpura mentioned this pull request Jan 18, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenqi0805 chenqi0805 chenqi0805 approved these changes

@dlvenable dlvenable dlvenable approved these changes

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@graytaylor0 graytaylor0 Awaiting requested review from graytaylor0 graytaylor0 is a code owner

@dinujoh dinujoh Awaiting requested review from dinujoh dinujoh is a code owner

@kkondaka kkondaka Awaiting requested review from kkondaka kkondaka is a code owner

@asifsmohammed asifsmohammed Awaiting requested review from asifsmohammed

@oeyh oeyh Awaiting requested review from oeyh oeyh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@derek-ho @dlvenable @DarshitChanpura @chenqi0805