From 9b69b7dfce68e006a21e1ff3ffe3965908b9dc5c Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Wed, 24 Jan 2024 10:42:50 -0800 Subject: [PATCH] [Backport 2.x] Adding comment to clarify use of default admin credentials (#444) Adding comment to clarify use of default admin credentials (#435) * Changing default admin password * testing * Adding more comments * Moving secure integ test cluster configuration unter testCluster.integTest --------- (cherry picked from commit a9219ebd556a400b0564069cc5dd2ad952c23408) Signed-off-by: Joshua Palis Signed-off-by: github-actions[bot] Co-authored-by: github-actions[bot] Co-authored-by: Owais Kazi --- build.gradle | 123 ++++++++++++++++++++++++--------------------------- 1 file changed, 59 insertions(+), 64 deletions(-) diff --git a/build.gradle b/build.gradle index b4b8fa664..86af8f2ea 100644 --- a/build.gradle +++ b/build.gradle @@ -178,69 +178,6 @@ def opensearch_tmp_dir = rootProject.file('build/private/opensearch_tmp').absolu opensearch_tmp_dir.mkdirs() def _numNodes = findProperty('numNodes') as Integer ?: 1 -ext{ - - configureSecurityPlugin = { OpenSearchCluster cluster -> - - // Retrieve Security Plugin Zip from zipArchive - configurations.secureIntegTestPluginArchive.asFileTree.each { - if(it.name.contains("opensearch-security")) { - cluster.plugin(provider(new Callable(){ - @Override - RegularFile call() throws Exception { - return new RegularFile() { - @Override - File getAsFile() { - return it - } - } - } - }) - ) - } - } - - cluster.getNodes().forEach { node -> - var creds = node.getCredentials() - if (creds.isEmpty()) { - creds.add(Map.of('username', 'admin', 'password', 'admin')) - } else { - creds.get(0).putAll(Map.of('username', 'admin', 'password', 'admin')) - } - } - - // Config below including files are copied from security demo configuration - ['esnode.pem', 'esnode-key.pem', 'root-ca.pem'].forEach { file -> - File local = Paths.get(opensearch_tmp_dir.absolutePath, file).toFile() - download.run { - src "https://raw.githubusercontent.com/opensearch-project/security/main/bwc-test/src/test/resources/security/" + file - dest local - overwrite false - } - cluster.extraConfigFile(file, local) - } - - // This configuration is copied from the security plugins demo install: - // https://github.com/opensearch-project/security/blob/2.11.1.0/tools/install_demo_configuration.sh#L365-L388 - cluster.setting("plugins.security.ssl.transport.pemcert_filepath", "esnode.pem") - cluster.setting("plugins.security.ssl.transport.pemkey_filepath", "esnode-key.pem") - cluster.setting("plugins.security.ssl.transport.pemtrustedcas_filepath", "root-ca.pem") - cluster.setting("plugins.security.ssl.transport.enforce_hostname_verification", "false") - cluster.setting("plugins.security.ssl.http.enabled", "true") - cluster.setting("plugins.security.ssl.http.pemcert_filepath", "esnode.pem") - cluster.setting("plugins.security.ssl.http.pemkey_filepath", "esnode-key.pem") - cluster.setting("plugins.security.ssl.http.pemtrustedcas_filepath", "root-ca.pem") - cluster.setting("plugins.security.allow_unsafe_democertificates", "true") - cluster.setting("plugins.security.allow_default_init_securityindex", "true") - cluster.setting("plugins.security.unsupported.inject_user.enabled", "true") - - cluster.setting("plugins.security.authcz.admin_dn", "\n- CN=kirk,OU=client,O=client,L=test, C=de") - cluster.setting('plugins.security.restapi.roles_enabled', '["all_access", "security_rest_api_access"]') - cluster.setting('plugins.security.system_indices.enabled', "true") - cluster.setSecure(true) - } -} - test { include '**/*Tests.class' } @@ -272,6 +209,7 @@ integTest { var is_https = System.getProperty('https') var user = System.getProperty('user') var password = System.getProperty('password') + // Using default admin credentials since the install_plugin_configuration script is not used to configure the security plugin if (System.getProperty('security.enabled') != null) { is_https = is_https == null ? 'true' : is_https user = user == null ? 'admin' : user @@ -330,7 +268,63 @@ testClusters.integTest { // Optionally install security if (System.getProperty("security.enabled") != null && System.getProperty("security.enabled") == "true") { - configureSecurityPlugin(testClusters.integTest) + // Retrieve Security Plugin Zip from zipArchive + configurations.secureIntegTestPluginArchive.asFileTree.each { + if(it.name.contains("opensearch-security")) { + plugin(provider(new Callable(){ + @Override + RegularFile call() throws Exception { + return new RegularFile() { + @Override + File getAsFile() { + return it + } + } + } + }) + ) + } + } + + // Using default admin credentials since the install_plugin_configuration script is not used to configure the security plugin + getNodes().forEach { node -> + var creds = node.getCredentials() + if (creds.isEmpty()) { + creds.add(Map.of('username', 'admin', 'password', 'admin')) + } else { + creds.get(0).putAll(Map.of('username', 'admin', 'password', 'admin')) + } + } + + // Config below including files are copied from security demo configuration + ['esnode.pem', 'esnode-key.pem', 'root-ca.pem'].forEach { file -> + File local = Paths.get(opensearch_tmp_dir.absolutePath, file).toFile() + download.run { + src "https://raw.githubusercontent.com/opensearch-project/security/main/bwc-test/src/test/resources/security/" + file + dest local + overwrite false + } + extraConfigFile(file, local) + } + + // This configuration is copied from the security plugins demo install: + // https://github.com/opensearch-project/security/blob/2.11.1.0/tools/install_demo_configuration.sh#L365-L388 + setting("plugins.security.ssl.transport.pemcert_filepath", "esnode.pem") + setting("plugins.security.ssl.transport.pemkey_filepath", "esnode-key.pem") + setting("plugins.security.ssl.transport.pemtrustedcas_filepath", "root-ca.pem") + setting("plugins.security.ssl.transport.enforce_hostname_verification", "false") + setting("plugins.security.ssl.http.enabled", "true") + setting("plugins.security.ssl.http.pemcert_filepath", "esnode.pem") + setting("plugins.security.ssl.http.pemkey_filepath", "esnode-key.pem") + setting("plugins.security.ssl.http.pemtrustedcas_filepath", "root-ca.pem") + setting("plugins.security.allow_unsafe_democertificates", "true") + setting("plugins.security.allow_default_init_securityindex", "true") + setting("plugins.security.unsupported.inject_user.enabled", "true") + + setting("plugins.security.authcz.admin_dn", "\n- CN=kirk,OU=client,O=client,L=test, C=de") + setting('plugins.security.restapi.roles_enabled', '["all_access", "security_rest_api_access"]') + setting('plugins.security.system_indices.enabled', "true") + setSecure(true) } // Installs all registered zipArchive dependencies on integTest cluster nodes except security @@ -375,6 +369,7 @@ task integTestRemote(type: RestIntegTestTask) { var is_https = System.getProperty('https') var user = System.getProperty('user') var password = System.getProperty('password') + // Using default admin credentials since the install_plugin_configuration script is not used to configure the security plugin if (System.getProperty('security.enabled') != null) { is_https = is_https == null ? 'true' : is_https user = user == null ? 'admin' : user