Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove default admin credential references in DEVELOPER_GUIDE #1415

Merged

Conversation

ryanbogan
Copy link
Member

@ryanbogan ryanbogan commented Jan 24, 2024

Description

Remove references to admin:admin default security credentials in the developer guide.

Issues Resolved

#1359

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed as per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Copy link

codecov bot commented Jan 24, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (89fc267) 84.92% compared to head (76de267) 84.82%.

Additional details and impacted files
@@             Coverage Diff              @@
##               main    #1415      +/-   ##
============================================
- Coverage     84.92%   84.82%   -0.10%     
  Complexity     1274     1274              
============================================
  Files           167      167              
  Lines          5186     5186              
  Branches        491      491              
============================================
- Hits           4404     4399       -5     
- Misses          573      578       +5     
  Partials        209      209              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Signed-off-by: Ryan Bogan <[email protected]>
@ryanbogan
Copy link
Member Author

k-NN does not use the demo install security script for integration tests, so modifying the integration test setup is not necessary, per opensearch-project/neural-search#551 (comment)

@ryanbogan ryanbogan changed the title Remove default admin credentials Remove default admin credential references in DEVELOPER_GUIDE Jan 25, 2024
@ryanbogan ryanbogan marked this pull request as ready for review January 25, 2024 00:54
Comment on lines 343 to 344
user = user == null ? "admin" : user
password = password == null ? "admin" : password
Copy link
Member

@junqiu-lei junqiu-lei Jan 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need update here? Since I saw 2.12 k-NN build is failed with:

Suite: Test class org.opensearch.knn.index.AdvancedFilteringUseCasesIT
  2> REPRODUCE WITH: ./gradlew ':integTest' --tests "org.opensearch.knn.index.AdvancedFilteringUseCasesIT.testFiltering_whenNonNestedKNNAndNestedFilterAndNonNestedFieldWithNestedAndNonNestedFilterQuery_thenSuccess" -Dtests.seed=30AE712710CE3FFB -Dtests.security.manager=false -Dtests.locale=zh-TW -Dtests.timezone=Asia/Almaty -Druntime.java=21
  2> org.opensearch.client.ResponseException: method [DELETE], host [https://localhost:9200], URI [/.plugins-ml-config], status line [HTTP/1.1 403 Forbidden]
    {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"},"status":403}

https://build.ci.opensearch.org/blue/rest/organizations/jenkins/pipelines/integ-test/runs/7131/nodes/96/steps/456/log/?start=0

https://build.ci.opensearch.org/blue/organizations/jenkins/integ-test/detail/integ-test/7131/pipeline/96

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had that change implemented but based on the comment I linked above the change isn't necessary

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From what I understand k-NN doesn't use demo configuration to setup security. Instead it manually configures the required files/settings. Hence the internal_users.yml is never modified and the old password of admin is picked when cluster is spun-up and the config is written to security index.

Signed-off-by: Ryan Bogan <[email protected]>
jmazanec15
jmazanec15 previously approved these changes Jan 25, 2024
Copy link
Member

@DarshitChanpura DarshitChanpura left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ty @ryanbogan . I have left a few comments around using place-holder instead of myStrongPassword123!

DEVELOPER_GUIDE.md Outdated Show resolved Hide resolved
DEVELOPER_GUIDE.md Outdated Show resolved Hide resolved
DEVELOPER_GUIDE.md Outdated Show resolved Hide resolved
Comment on lines 343 to 344
user = user == null ? "admin" : user
password = password == null ? "admin" : password
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From what I understand k-NN doesn't use demo configuration to setup security. Instead it manually configures the required files/settings. Hence the internal_users.yml is never modified and the old password of admin is picked when cluster is spun-up and the config is written to security index.

Copy link
Member

@DarshitChanpura DarshitChanpura left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ryanbogan ryanbogan merged commit 0c000ad into opensearch-project:main Jan 25, 2024
54 checks passed
@ryanbogan ryanbogan deleted the remove_default_admin_credentials branch January 25, 2024 21:01
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jan 25, 2024
* Remove default admin credentials

Signed-off-by: Ryan Bogan <[email protected]>

* Update developer guide

Signed-off-by: Ryan Bogan <[email protected]>

* Debug

Signed-off-by: Ryan Bogan <[email protected]>

* Revert build.gradle changes

Signed-off-by: Ryan Bogan <[email protected]>

* Update developer guide

Signed-off-by: Ryan Bogan <[email protected]>

* Remove default password in favor of <admin-password>

Signed-off-by: Ryan Bogan <[email protected]>

---------

Signed-off-by: Ryan Bogan <[email protected]>
(cherry picked from commit 0c000ad)
junqiu-lei pushed a commit that referenced this pull request Jan 26, 2024
…#1420)

* Remove default admin credentials

Signed-off-by: Ryan Bogan <[email protected]>
(cherry picked from commit 0c000ad)

Co-authored-by: Ryan Bogan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants