opensearch-project · stephen-crawford · Dec 13, 2023 · Dec 13, 2023 · Dec 13, 2023
@@ -71,9 +71,9 @@ runs:
         'y' | .\opensearch-${{ inputs.opensearch-version }}-SNAPSHOT\bin\opensearch-plugin.bat install file:$(pwd)\${{ inputs.plugin-name }}.zip
       shell: pwsh
 
-    - name: Write password to initialAdminPassword location
+    - name: Write password to opensearch_initial_admin_password txt
       run:
-        echo ${{ inputs.admin-password }} >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt
+        echo ${{ inputs.admin-password }} >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/opensearch_initial_admin_password.txt
       shell: bash
 
     # Run any configuration scripts

@@ -334,6 +334,10 @@ public enum RolesMappingResolution {
     public static final boolean EXTENSIONS_BWC_PLUGIN_MODE_DEFAULT = false;
     // CS-ENFORCE-SINGLE
 
+    // Variables for initial admin password support
+    public static final String OPENSEARCH_INITIAL_ADMIN_PASSWORD = "OPENSEARCH_INITIAL_ADMIN_PASSWORD";
+    public static final String OPENSEARCH_INITIAL_ADMIN_PASSWORD_TXT = "opensearch_initial_admin_password.txt";
+
     public static Set<String> getSettingAsSet(
         final Settings settings,
         final String key,

@@ -31,6 +31,7 @@
 import org.opensearch.security.DefaultObjectMapper;
 import org.opensearch.security.dlic.rest.validation.PasswordValidator;
 import org.opensearch.security.dlic.rest.validation.RequestContentValidator;
+import org.opensearch.security.support.ConfigConstants;
 import org.opensearch.security.tools.Hasher;
 
 import org.yaml.snakeyaml.DumperOptions;
@@ -94,8 +95,8 @@
      * Replaces the admin password in internal_users.yml with the custom or generated password
      */
     void updateAdminPassword() {
-        String initialAdminPassword = System.getenv().get("initialAdminPassword");
-        String ADMIN_PASSWORD_FILE_PATH = installer.OPENSEARCH_CONF_DIR + "initialAdminPassword.txt";
+        String initialAdminPassword = System.getenv().get(ConfigConstants.OPENSEARCH_INITIAL_ADMIN_PASSWORD);
+        String ADMIN_PASSWORD_FILE_PATH = installer.OPENSEARCH_CONF_DIR + ConfigConstants.OPENSEARCH_INITIAL_ADMIN_PASSWORD_TXT;
         String INTERNAL_USERS_FILE_PATH = installer.OPENSEARCH_CONF_DIR + "opensearch-security" + File.separator + "internal_users.yml";
         boolean shouldValidatePassword = installer.environment.equals(ExecutionEnvironment.DEMO);
         try {
@@ -115,7 +116,9 @@
                     try (BufferedReader br = new BufferedReader(new FileReader(ADMIN_PASSWORD_FILE_PATH, StandardCharsets.UTF_8))) {
                         ADMIN_PASSWORD = br.readLine();
                     } catch (IOException e) {
-                        System.out.println("Error reading admin password from initialAdminPassword.txt.");
+                        System.out.println(
+                            "Error reading admin password from " + ConfigConstants.OPENSEARCH_INITIAL_ADMIN_PASSWORD_TXT + "."
+                        );
                         System.exit(-1);
                     }
                 }

@@ -32,6 +32,7 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import org.opensearch.security.support.ConfigConstants;
 import org.opensearch.security.tools.democonfig.util.NoExitSecurityManager;
 
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -55,7 +56,7 @@ public class SecuritySettingsConfigurerTests {
     private final PrintStream originalErr = System.err;
     private final InputStream originalIn = System.in;
 
-    private final String adminPasswordKey = "initialAdminPassword";
+    private final String adminPasswordKey = ConfigConstants.OPENSEARCH_INITIAL_ADMIN_PASSWORD;
 
     private static SecuritySettingsConfigurer securitySettingsConfigurer;