Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug Fix] Fix the demo configuration script and remove the admin credential from internal_user.yml #3449

Closed
wants to merge 24 commits into from
Closed

[Bug Fix] Fix the demo configuration script and remove the admin credential from internal_user.yml #3449

wants to merge 24 commits into from

Conversation

RyanL1997
Copy link
Collaborator

@RyanL1997 RyanL1997 commented Oct 4, 2023
edited
Loading

Description

By working with @DarshitChanpura for addressing the following issue:

opensearch-project/opensearch-build#4094 (comment)

We need the initiation of the cluster to be failed once we encountered a failure of our demo configuration script. This PR introduces the method that if we failed to set up a admin credential during the set up of demo configuration script, it will lead to an absent of admin credential section in internal_users.yml, so that the initiation of the cluster will be failed.

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)
    Bug fix
  • What is the old behavior before changes and new behavior after changes?
    The cluster initiation will be succeed and keep using the admin:admin credential even if the there is an hard exit on the set up on demo configuration script.

Issues Resolved

Testing

CI

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@codecov
Copy link

codecov bot commented Oct 4, 2023
edited
Loading

Codecov Report

Merging #3449 (a3fdf3c) into main (7924da1) will decrease coverage by 0.02%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff              @@
##               main    #3449      +/-   ##
============================================
- Coverage     64.56%   64.54%   -0.02%     
+ Complexity     3545     3544       -1     
============================================
  Files           269      269              
  Lines         20363    20363              
  Branches       3376     3376              
============================================
- Hits          13147    13143       -4     
- Misses         5525     5529       +4     
  Partials       1691     1691

see 2 files with indirect coverage changes

@RyanL1997 RyanL1997 added the backport 2.x backport to 2.x branch label Oct 4, 2023
@RyanL1997
Copy link
Collaborator Author

Note: the BWC failure is expected due to the release related version changes.

@RyanL1997 RyanL1997 marked this pull request as ready for review October 4, 2023 00:36
RyanL1997 added 14 commits October 3, 2023 18:12
@RyanL1997
Try to add admin credential into internal_users.yml c0
423b483 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Add ls
23731b9 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Try to add admin credential into internal_users.yml c1
33a9d86 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Fix DC's comment
61dfac4 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Set up gha step for windows ci runner
25c6dff 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
add Get-Location to see where am i
65fca5e 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Where am i for windows
459a6d2 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Correct the windows runner path
3a42cc0 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Enable long path for windows runner
5a90c32 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Correct the path again for windows runner
a2b5dfd 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Simplify the windows script
14f8110 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Simplify the windows script 1
9bc47e0 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Relocate the logic under the step of integration-tests
de2d7eb 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997
Add the logic into integration-tests.yml
2d2b7bf 
Signed-off-by: Ryan Liang <[email protected]>
@RyanL1997 RyanL1997 mentioned this pull request Oct 4, 2023
Closed
2 tasks
peternied
peternied reviewed Oct 4, 2023
View reviewed changes
.github/workflows/ci.yml
@@ -52,6 +58,33 @@ jobs:
- name: Checkout security
uses: actions/checkout@v4

- name: Insert Admin Credential on Linux
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is broken without this section?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the log:

 - org.opensearch.security.InitializationIntegrationTests.testDefaultConfig
 - org.opensearch.security.InitializationIntegrationTests.testInvalidDefaultConfig
 - org.opensearch.security.TransportUserInjectorIntegTest.testSecurityUserInjection
 - org.opensearch.security.SlowIntegrationTests.testDelayInSecurityIndexInitialization

For example, the test of InitializationIntegrationTests.testDefaultConfig is using the admin admin credential to send out the request:

security/src/test/java/org/opensearch/security/InitializationIntegrationTests.java

Line 287 in 93f79f8

HttpResponse res = rh.executeGetRequest("/_cluster/health", encodeBasicHeader("admin", "admin"));

peternied
peternied reviewed Oct 4, 2023
View reviewed changes
config/internal_users.yml
@@ -10,13 +10,6 @@ _meta:

## Demo users

admin:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the cluster fail to startup with this change? Could you include what that looks like?

@RyanL1997 RyanL1997 mentioned this pull request Oct 9, 2023
Closed
@DarshitChanpura
Copy link
Member

We do not want a cluster to start without admin credentials. What do you think about closing this @RyanL1997 ?

@peternied
Copy link
Member

@RyanL1997 Since the password change was reverted in 2.11 - lets regroup and figure out how to approach this. I'm going to close out this PR - we can reopen if we need it. Thanks

@peternied peternied closed this Oct 13, 2023
@RyanL1997 RyanL1997 mentioned this pull request Oct 19, 2023
Closed
23 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DarshitChanpura DarshitChanpura DarshitChanpura left review comments

@peternied peternied peternied left review comments

@cliu123 cliu123 Awaiting requested review from cliu123

@cwperks cwperks Awaiting requested review from cwperks cwperks is a code owner

@davidlago davidlago Awaiting requested review from davidlago

@stephen-crawford stephen-crawford Awaiting requested review from stephen-crawford

@reta reta Awaiting requested review from reta reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin is a code owner

Assignees
No one assigned
Labels
backport 2.x backport to 2.x branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@RyanL1997 @DarshitChanpura @peternied