-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v2.12.0] Ensure CI/documentation reflect changes to default admin credentials #310
Comments
I just searched the code and we do not rely on admin credentials. The only equivalent we have is in our IT's where we set a (non-working) default here: flow-framework/src/test/java/org/opensearch/flowframework/FlowFrameworkRestTestCase.java Lines 153 to 164 in 8fa9b3f
And then require it to be provided by the build script: flow-framework/src/test/java/org/opensearch/flowframework/FlowFrameworkRestTestCase.java Lines 249 to 253 in 8fa9b3f
And our tests do pass. Leaving this open for a second opinion... |
Seems like the admin credentials were added here: https://github.com/opensearch-project/flow-framework/pull/403/files#diff-49a96e7eea8a94af862798a45174e6ac43eb4f8b4bd40759b5da63ba31ec3ef7R205 @owaiskazi19 @dbwiddis this should be re-opened and addressed. Please let @derek-ho and I know if you need any support. |
@joshpalis please address |
Coming from #415 (comment), this modification is not necessary for our plugin since we do not directly use the security demo configuration script when running integration tests. Instead we pull the necessary configuration files from the security plugin directly and manually set the cluster settings during security enabled integration tests. Due to this, closing this issue out |
@joshpalis I'm confused. What is the purpose of the "admin" password in build.gradle if it is not used? If it is used, why is it not broken? Can we put any other placeholder in there and it will work? Or is it a backup if the config files aren't accessible (which should probably be a failure)? Can we at least add comments in the build.gradle explaining why the "admin" pw is OK? |
+1 to @dbwiddis's suggestion about adding comments |
@joshpalis @owaiskazi19 Has this been addressed via: #424? |
#424 addresses #410. I will let @joshpalis confirm about this issue. |
The added lines are fallbacks to a Lines 205 to 210 in f039d7f
Those fetch user/password from Neither of these appears to look at Looking across the org I don't see very many examples elsewhere, but there is one such example here: |
@joshpalis can we resolve the confusion on this issue today? From what I understand:
So I think we are in compliance with this issue request but it is still confusing and the best solution is to add comments where the admin credentials are (un)used explaining why they are there. Or better yet, replace the "admin" word with self-documenting text like "notused" or an empty string, etc. |
@dbwiddis From what I understand, plugins that use the docker image to run security enabled integration tests (such as AD) will need to make modifications to their workflow to set the In our case, we do not rely on the docker image and instead manually pull all the necessary configuration files from the security plugin itself and install and configure the security plugin within our own build.gradle.
I think we're in compliance as well, I can change the admin password to some other default value |
+1 to @dbwiddis's comment. If at any point during the flow, |
I think I understand why the admin:admin credentials work here. Let me try to explain and see if it makes sense. Flow-framework doesn't use Since the demo install script modifies the static config |
@DarshitChanpura Thanks for the insight, I do see that the
|
Background
Previously, when installing the security plugin demo configuration, the cluster was spun up with the default admin credentials,
admin:admin
. A change was made inmain
and backported to2.x
for the2.12.0
release, which now requires an initial admin password to be passed in via the environment variableOPENSEARCH_INITIAL_ADMIN_PASSWORD
. This will break some CI/testing that relies on OpenSearch to come up without setting this environment variable. This tracking issue is to ensure compliance with the new changes.Coming from: opensearch-project/security#3624
Acceptance Criteria
admin:admin
are removedmain
and2.x
branchesThe text was updated successfully, but these errors were encountered: