Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove references to admin:admin #1298

Merged
merged 8 commits into from
Jan 19, 2024
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion HANDBOOK.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ plugins.security.nodes_dn_dynamic_config_enabled: true
Allow connections from follower cluster on the leader as follows

```bash
curl -k -u admin:admin -XPUT "https://${LEADER}/_plugins/_security/api/nodesdn/follower" \
curl -k -u admin:<admin password> -XPUT "https://${LEADER}/_plugins/_security/api/nodesdn/follower" \
-H 'Content-type: application/json' \
-d'{"nodes_dn": ["CN=follower.example.com"]}'
```
Expand Down
4 changes: 3 additions & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ import org.opensearch.gradle.test.RestIntegTestTask

buildscript {
ext {
System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "myStrongPassword123!")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should be setting this value based on versions. i.e. for 2.11 and lower, it should be admin else use myStrongPassword123. Tests for 2.11 and lower would fail otherwise as the integtest.sh is modified to followed the same conditional assignment

isSnapshot = "true" == System.getProperty("build.snapshot", "true")
opensearch_version = System.getProperty("opensearch.version", "3.0.0-SNAPSHOT")
buildVersionQualifier = System.getProperty("build.version_qualifier", "")
Expand Down Expand Up @@ -429,7 +430,7 @@ def configureCluster(OpenSearchCluster cluster, Boolean securityEnabled) {
}
CrossClusterWaitForHttpResource wait = new CrossClusterWaitForHttpResource(protocol, cluster.getFirstNode().getHttpSocketURI(), cluster.nodes.size())
wait.setUsername("admin")
wait.setPassword("admin")
wait.setPassword(System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD"))
return wait.wait(500)
}

Expand Down Expand Up @@ -682,6 +683,7 @@ clusters.each { name ->
if (securityEnabled) {
plugin(provider(securityPluginOld))
cliSetup("opensearch-security/install_demo_configuration.sh", "-y")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DarshitChanpura how is this being used? How do we pass in "admin" as the password here? -t?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't pass it here.

We have to export it as a separate command.

And if you want to use admin as password you can pass in option -t in addition to -y


}
// Currently fetching the ARCHIVE distribution fails on mac as it tries to fetch the Mac specific "DARWIN" distribution
// for Opensearch which is not publish yet. Changing this to INTEG_TEST to make it work on mac.
Expand Down
13 changes: 11 additions & 2 deletions scripts/integtest.sh
100755 → 100644
Original file line number Diff line number Diff line change
Expand Up @@ -70,9 +70,18 @@ then
SECURITY_ENABLED="true"
fi

IFS='.' read -ra version_array <<< "$version"



if [ -z "$CREDENTIAL" ]
then
CREDENTIAL="admin:admin"
# Starting in 2.12.0, security demo configuration script requires an initial admin password
if (( ${version_array[0]} > 2 || (${version_array[0]} == 2 && ${version_array[1]} >= 12) )); then
CREDENTIAL="admin:myStrongPassword123!"
else
CREDENTIAL="admin:admin"
fi
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic to use strong password in 2.12.0 onwards

fi

USERNAME=`echo $CREDENTIAL | awk -F ':' '{print $1}'`
Expand Down Expand Up @@ -118,4 +127,4 @@ else
TRANSPORT_PORT="9300"
fi
./gradlew singleClusterSanityTest -Dfollower.http_host="$BIND_ADDRESS:$BIND_PORT" -Dfollower.transport_host="$BIND_ADDRESS:$TRANSPORT_PORT" -Dsecurity_enabled=$SECURITY_ENABLED -Duser=$USERNAME -Dpassword=$PASSWORD --console=plain
fi
fi
Loading