Pass in strong password to OSD integ test if version >= 2.12.0 #4334
Conversation
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
derek-ho
requested review from
dblock,
peterzhuamazon,
bbarani,
gaiksaya,
rishabh6788,
zelinh,
jordarlu,
prudhvigodithi,
Divyaasm and
tianleh
as code owners
| @@ -38,6 +38,7 @@ def __init__( | |||
| super().__init__(work_dir, version, distribution, security_enabled, additional_config, dependency_installer) | |||
| self.dist = Distributions.get_distribution("opensearch-dashboards", distribution, version, work_dir) | |||
| self.install_dir = self.dist.install_dir | |||
| self.password = 'myStrongPassword123!' if float('.'.join(self.version.split('.')[:2])) >= 2.12 else 'admin' | |||
There was a problem hiding this comment.
This PR should address this failure: https://build.ci.opensearch.org/blue/organizations/jenkins/integ-test-opensearch-dashboards/detail/integ-test-opensearch-dashboards/5025/pipeline, however I am not sure how the OS binary is pulled - is it given myStrongPassword123! as the password somehow?
There was a problem hiding this comment.
@gaiksaya done. Question still stands though, I am confused about the overall setup of: https://build.ci.opensearch.org/blue/organizations/jenkins/integ-test-opensearch-dashboards/detail/integ-test-opensearch-dashboards/5025/pipeline/, would this change be sufficient to pass the integ test? Would the backend be spun up with the strong password as expected if version >= 2.12.0?
There was a problem hiding this comment.
The integration test set up can be found here: https://github.com/opensearch-project/opensearch-build/blob/main/src/test_workflow/integ_test/ for both OS and OSD.
Maybe try to parse this directory to check for anything admin:admin?
If it feels there is a lot of if/else going on each module, maybe extract the logic into a common library (utils?) (something like get_password(version)) that can be used universally. Example being this system module.
WDYT @prudhvigodithi ?
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #4334 +/- ##
=======================================
Coverage 91.34% 91.35%
=======================================
Files 189 190 +1
Lines 6169 6175 +6
=======================================
+ Hits 5635 5641 +6
Misses 534 534 ☔ View full report in Codecov by Sentry. |
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
| @@ -33,7 +33,7 @@ def install(self, bundle_name: str) -> None: | |||
| @property | |||
| def start_cmd(self) -> str: | |||
| start_cmd_map = { | |||
| "opensearch": "export OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123! && ./opensearch-tar-install.sh", | |||
| "opensearch": "env OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123! ./opensearch-tar-install.sh", | |||
There was a problem hiding this comment.
Changed this to env from suggestion from @peterzhuamazon. Can somebody with insight explain why this might work better? From the jenkins failures it looks like either the cluster is not being spun up successfully with strong password, or the health check is not using the correct credential, even though I have made changes that I think should solve both of these. It seems like this command is run with python subprocess, might that have something to do with it?
tests/tests_test_workflow/test_integ_workflow/integ_test/test_service_opensearch.py
Outdated
Show resolved
Hide resolved
Signed-off-by: Derek Ho <[email protected]>
|
@derek-ho I see the error from OSD as |
@prudhvigodithi Yes I believe so. I see logs from that run: https://ci.opensearch.org/ci/dbc/integ-test-opensearch-dashboards/3.0.0/7076/linux/arm64/tar/test-results/5025/integ-test/reportsDashboards/with-security/local-cluster-logs/id-1/stdout.txt, indicating that the admin password was successfully set to a strong password. Then authentication fails for user. Thus I expect that the only change needed to is to change the password the user uses in integ test. |
…rd succcesfully set Signed-off-by: Derek Ho <[email protected]>
There was a problem hiding this comment.
LGTM! Needs changes in https://github.com/opensearch-project/opensearch-dashboards-functional-test/blob/main/integtest.sh
Also @derek-ho Do we need to parse all the files again to call this method or have you taken care of it already? https://github.com/search?q=repo%3Aopensearch-project%2Fopensearch-build%20myStrongPassword123&type=code
Thanks!
Looks like this is already updated right @gaiksaya ? |
|
Also @derek-ho dont want to block this, but please open a new PR for this change mentioned by Sayali.
To do this move the Thank you |
Not in 2.x branch https://github.com/opensearch-project/opensearch-dashboards-functional-test/blob/2.x/integtest.sh#L83 |
This backport PR is open: opensearch-project/opensearch-dashboards-functional-test#992, let me nudge maintainers now. |
|
True not for 2.x, but for 3.0.0 since its already on main, I just triggered a new build https://build.ci.opensearch.org/job/integ-test-opensearch-dashboards/5034/console and dont see 401 errors anymore. |
Description
OSD health check for integ test is using admin:admin, this changes it to admin:myStrongPassword123! if version >= 2.12.0
Issues Resolved
List any issues this PR will resolve, e.g. Closes [...].
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.