Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default admin password as admin #234

Merged
merged 8 commits into from
Feb 27, 2024
Merged

Conversation

derek-ho
Copy link
Contributor

@derek-ho derek-ho commented Dec 18, 2023

Description

Fixes the CI to pass in "admin" as the admin password if the version is >= 2.12. This is necessary since 2.12 and onwards requires an initial admin password to be set in order to run the security demo configuration.

Issues Resolved

List any issues this PR will resolve, e.g. Closes [...].

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Copy link

codecov bot commented Dec 18, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 79.71%. Comparing base (360e88c) to head (4240ad3).
Report is 11 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #234      +/-   ##
==========================================
+ Coverage   74.53%   79.71%   +5.18%     
==========================================
  Files         413      418       +5     
  Lines       65509    71104    +5595     
==========================================
+ Hits        48824    56682    +7858     
+ Misses      16685    14422    -2263     
Flag Coverage Δ
integration 79.71% <ø> (+5.18%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@derek-ho
Copy link
Contributor Author

https://github.com/opensearch-project/opensearch-rs/blob/main/.github/workflows/test.yml#L36 - if this becomes 2.12.0 or onwards, then this change is necessary. For now this is unnecessary. Should the tests be run with a matrix of different opensearch versions to ensure compatibility?

@Xtansia
Copy link
Collaborator

Xtansia commented Dec 19, 2023

https://github.com/opensearch-project/opensearch-rs/blob/main/.github/workflows/test.yml#L36 - if this becomes 2.12.0 or onwards, then this change is necessary. For now this is unnecessary. Should the tests be run with a matrix of different opensearch versions to ensure compatibility?

The linked line is only used for a handful of very basic tests, the real integration tests where we use core's YAML tests is this matrix here: https://github.com/opensearch-project/opensearch-rs/blob/main/.github/workflows/test.yml#L66

@derek-ho
Copy link
Contributor Author

Got it. @Xtansia this change is starting in 2.12.0 onwards. I am seeing in the matrix this wouldn't be tested. Can you suggest how you think I can change this PR to best pickup the changes from 2.12.0 onwards?

@derek-ho
Copy link
Contributor Author

@Xtansia @dblock can you confirm what is the plan to add 2.12.0 when released into that matrix, so I can modify this PR to add support for the new admin credential changes? If there is no plan then I think we can close this PR and mark this repo as compliant with the new credential changes, thanks!

@dblock
Copy link
Member

dblock commented Dec 29, 2023

@derek-ho AFAIK when 2.12 is available we'll add it to CI. I think you can mark this as draft as other PRs?

@derek-ho derek-ho marked this pull request as draft January 2, 2024 15:19
@Xtansia Xtansia added the skip-changelog Skip changelog verification label Jan 17, 2024
@DarshitChanpura
Copy link
Member

Now that 2.12 is released this should be unblocked. Would the maintainers review and merge this?

@Xtansia
Copy link
Collaborator

Xtansia commented Feb 22, 2024

@derek-ho Could you please add 2.12.0 to the various workflow matrices so that we can confirm things are working as expected?

Signed-off-by: Derek Ho <[email protected]>
@derek-ho derek-ho marked this pull request as ready for review February 23, 2024 21:45
Signed-off-by: Derek Ho <[email protected]>
@@ -34,7 +35,7 @@ runs:

if [[ -d "$OPENSEARCH_HOME/plugins/opensearch-security" ]]; then
if [[ "$SECURED" == "true" ]]; then
bash $OPENSEARCH_HOME/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s
bash $OPENSEARCH_HOME/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s -t
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is causing all versions other than 2.12.0 to fail as the old versions of the script throw an error on the unrecognised parameter.

Could do this via something like:

SECURITY_VERSION=$(cat $OPENSEARCH_HOME/plugins/opensearch-security/plugin-descriptor.properties | grep '^version=' | cut -d'=' -f 2)
SECURITY_VERSION_COMPONENTS=(${SECURITY_VERSION//./ })
SECURITY_MAJOR="${SECURITY_VERSION_COMPONENTS[0]}"
SECURITY_MINOR="${SECURITY_VERSION_COMPONENTS[1]}"
        
if (( $SECURITY_MAJOR > 2 || ( $SECURITY_MAJOR == 2 && $SECURITY_MINOR >= 12 ) )); then
    # with -t
else
    # without -t
fi

@derek-ho
Copy link
Contributor Author

@Xtansia thanks for the suggestion. I used your logic to extract the version, but used the same logic as opensearch-build: https://github.com/opensearch-project/opensearch-build/blob/main/scripts/default/integtest.sh to determine whether it is >= 2.12, just to be consistent. It looks like tests are passing and PR is in a good state. Please merge when it looks good, thanks!

# Starting in 2.12.0, security demo configuration script requires an initial admin password
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" == "$OPENSEARCH_REQUIRED_VERSION" ]; then
bash $OPENSEARCH_HOME/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s -t
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally >=2.12.0 should use a strong password, but since this repo is using the scriptfile, it is possible to add this -t parameter and still use admin. This minimizes the surface area of this change.

@Xtansia Xtansia merged commit 41417d4 into opensearch-project:main Feb 27, 2024
33 checks passed
@Xtansia
Copy link
Collaborator

Xtansia commented Feb 27, 2024

Thanks @derek-ho!

@Xtansia Xtansia added the backport 2.x Backport to the 2.x branch label Aug 27, 2024
opensearch-trigger-bot bot pushed a commit that referenced this pull request Aug 27, 2024
* Default admin password as admin

Signed-off-by: Derek Ho <[email protected]>

* Add 2.12.0 to matrix

Signed-off-by: Derek Ho <[email protected]>

* Export var

Signed-off-by: Derek Ho <[email protected]>

* Add version logic

Signed-off-by: Derek Ho <[email protected]>

* Get the version via the properties

Signed-off-by: Derek Ho <[email protected]>

* Invert the logic

Signed-off-by: Derek Ho <[email protected]>

* Only pull the version if it exists

Signed-off-by: Derek Ho <[email protected]>

* Only extract the version if it exists

Signed-off-by: Derek Ho <[email protected]>

---------

Signed-off-by: Derek Ho <[email protected]>
(cherry picked from commit 41417d4)
Xtansia pushed a commit that referenced this pull request Aug 27, 2024
* Default admin password as admin

Signed-off-by: Derek Ho <[email protected]>

* Add 2.12.0 to matrix

Signed-off-by: Derek Ho <[email protected]>

* Export var

Signed-off-by: Derek Ho <[email protected]>

* Add version logic

Signed-off-by: Derek Ho <[email protected]>

* Get the version via the properties

Signed-off-by: Derek Ho <[email protected]>

* Invert the logic

Signed-off-by: Derek Ho <[email protected]>

* Only pull the version if it exists

Signed-off-by: Derek Ho <[email protected]>

* Only extract the version if it exists

Signed-off-by: Derek Ho <[email protected]>

---------

Signed-off-by: Derek Ho <[email protected]>
(cherry picked from commit 41417d4)

Co-authored-by: Derek Ho <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x Backport to the 2.x branch skip-changelog Skip changelog verification
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants