Skip to content

Commit

Permalink
Pass in initial admin password and remove admin:admin references (ope…
Browse files Browse the repository at this point in the history
…nsearch-project#631)

* Update to pass in initial admin password

Signed-off-by: Derek Ho <dxho@amazon.com>

* Add changelog and logic to distinguish between versions

Signed-off-by: Derek Ho <dxho@amazon.com>

* fix syntax

Signed-off-by: Derek Ho <dxho@amazon.com>

* Revert tests

Signed-off-by: Derek Ho <dxho@amazon.com>

* Add 2.12 to the matrix and fix testing logic

Signed-off-by: Derek Ho <dxho@amazon.com>

* Fix version logic

Signed-off-by: Derek Ho <dxho@amazon.com>

* Try to split job into two batches

Signed-off-by: Derek Ho <dxho@amazon.com>

* Fix lint

Signed-off-by: Derek Ho <dxho@amazon.com>

* Change name

Signed-off-by: Derek Ho <dxho@amazon.com>

* Remove period

Signed-off-by: Derek Ho <dxho@amazon.com>

* Pull password dynamically

Signed-off-by: Derek Ho <dxho@amazon.com>

* Change to proper env var

Signed-off-by: Derek Ho <dxho@amazon.com>

* Try passing through

Signed-off-by: Derek Ho <dxho@amazon.com>

---------

Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Derek Ho <derek01778@gmail.com>
  • Loading branch information
derek-ho authored Jun 18, 2024
1 parent a1d27ca commit d3177a8
Show file tree
Hide file tree
Showing 10 changed files with 72 additions and 13 deletions.
12 changes: 11 additions & 1 deletion .ci/run-opensearch.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ environment=($(cat <<-END
--env path.repo=/tmp
--env repositories.url.allowed_urls=http://snapshot.test*
--env action.destructive_requires_name=false
--env OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!
END
))

Expand Down Expand Up @@ -54,14 +55,23 @@ END
END
))

OPENSEARCH_REQUIRED_VERSION="2.12.0"
# Starting in 2.12.0, security demo configuration script requires an initial admin password
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
CREDENTIAL="admin:admin"
else
CREDENTIAL="admin:myStrongPassword123!"
fi

# make sure we detach for all but the last node if DETACH=false (default) so all nodes are started
local_detach="true"
if [[ "$i" == "$((NUMBER_OF_NODES-1))" ]]; then local_detach=$DETACH; fi

set -x
healthcmd="curl -vvv -s --fail http://localhost:9200/_cluster/health || exit 1"
if [[ "$SECURE_INTEGRATION" == "true" ]]; then
healthcmd="curl -vvv -s --insecure -u admin:admin --fail https://localhost:9200/_cluster/health || exit 1"
healthcmd="curl -vvv -s --insecure -u $CREDENTIAL --fail https://localhost:9200/_cluster/health || exit 1"
fi

CLUSTER_TAG=$CLUSTER
Expand Down
24 changes: 23 additions & 1 deletion .ci/run-repository.sh
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,27 @@ docker build \
echo -e "\033[1m>>>>> Run [opensearch-project/opensearch-py container] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>\033[0m"

mkdir -p junit
docker run \

OPENSEARCH_REQUIRED_VERSION="2.12.0"
# Starting in 2.12.0, security demo configuration script requires an initial admin password
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
docker run \
--network=${network_name} \
--env "STACK_VERSION=${STACK_VERSION}" \
--env "OPENSEARCH_URL=${opensearch_url}" \
--env "OPENSEARCH_VERSION=${OPENSEARCH_VERSION}" \
--env "TEST_SUITE=${TEST_SUITE}" \
--env "PYTHON_CONNECTION_CLASS=${PYTHON_CONNECTION_CLASS}" \
--env "TEST_TYPE=server" \
--env "TEST_PATTERN=${TEST_PATTERN}" \
--env "OPENSEARCH_INITIAL_ADMIN_PASSWORD=admin" \
--name opensearch-py \
--rm \
opensearch-project/opensearch-py \
python setup.py test
else
docker run \
--network=${network_name} \
--env "STACK_VERSION=${STACK_VERSION}" \
--env "OPENSEARCH_URL=${opensearch_url}" \
Expand All @@ -39,9 +59,11 @@ docker run \
--env "PYTHON_CONNECTION_CLASS=${PYTHON_CONNECTION_CLASS}" \
--env "TEST_TYPE=server" \
--env "TEST_PATTERN=${TEST_PATTERN}" \
--env "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" \
--name opensearch-py \
--rm \
opensearch-project/opensearch-py \
python setup.py test
fi

unset TEST_PATTERN
22 changes: 20 additions & 2 deletions .github/workflows/integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ name: Integration Tests
on: [push, pull_request]

jobs:
integration:
name: Integ
integration-pre-212:
name: Integ-pre-212
runs-on: ubuntu-latest
strategy:
fail-fast: false
Expand All @@ -22,3 +22,21 @@ jobs:
uses: actions/checkout@v3
- name: Integ OpenSearch secured=${{ matrix.secured }} version=${{ matrix.opensearch_version }}
run: "./.ci/run-tests ${{ matrix.secured }} ${{ matrix.opensearch_version }}"

integration-post-212:
name: Integ-post-212
runs-on: ubuntu-latest
env:
OPENSEARCH_URL: 'https://admin:myStrongPassword123!@localhost:9200'
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
strategy:
fail-fast: false
matrix:
opensearch_version: [ '2.12.0', '2.13.0', '2.14.0' ]
secured: [ "true", "false" ]

steps:
- name: Checkout
uses: actions/checkout@v3
- name: Integ OpenSearch secured=${{ matrix.secured }} version=${{ matrix.opensearch_version }}
run: "./.ci/run-tests ${{ matrix.secured }} ${{ matrix.opensearch_version }}"
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Enhance generator to update changelog only if generated code differs from existing ([#684](https://github.com/opensearch-project/opensearch-py/pull/684))
- Added guide for configuring ssl_assert_hostname ([#694](https://github.com/opensearch-project/opensearch-py/pull/694))
### Changed
- Pass in initial admin password in setup and remove default `admin` password ([#631](https://github.com/opensearch-project/opensearch-py/pull/631))
- Updated the `get_policy` API in the index_management plugin to allow the policy_id argument as optional ([#633](https://github.com/opensearch-project/opensearch-py/pull/633))
- Updated the `point_in_time.md` guide with examples demonstrating the usage of the new APIs as alternatives to the deprecated ones. ([#661](https://github.com/opensearch-project/opensearch-py/pull/661))
### Deprecated
Expand Down
4 changes: 2 additions & 2 deletions guides/index_lifecycle.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ This guide covers OpenSearch Python Client API actions for Index Lifecycle. You'

## Setup

In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:admin`.
In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:<admin password>`.

To start the cluster, run the following command:

Expand All @@ -28,7 +28,7 @@ Let's create a client instance to access this cluster:
from opensearchpy import OpenSearch

client = OpenSearch(
hosts=['https://admin:admin@localhost:9200'],
hosts=['https://admin:<admin password>@localhost:9200'],
use_ssl=True,
verify_certs=False
)
Expand Down
6 changes: 3 additions & 3 deletions guides/log_collection.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,19 +36,19 @@ docker pull opensearchproject/opensearch:latest
```

```
docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "discovery.type=single-node" opensearchproject/opensearch:latest
docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "discovery.type=single-node" -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=<admin password>" opensearchproject/opensearch:latest
```

## Setup Connection with OpenSearch

Create a client instance:
```python
opensearch_client: Any = OpenSearch(
"https://admin:admin@localhost:9200",
"https://admin:<admin password>@localhost:9200",
use_ssl=True,
verify_certs=False,
ssl_show_warn=False,
http_auth=("admin", "admin"),
http_auth=("admin", "<admin password>"),
)
```

Expand Down
4 changes: 3 additions & 1 deletion test_opensearchpy/test_async/test_server/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
# under the License.


import os
from unittest import IsolatedAsyncioTestCase

from opensearchpy._async.helpers.test import get_test_client
Expand All @@ -38,8 +39,9 @@ async def asyncSetUp(
self,
) -> None:
# pylint: disable=invalid-name,missing-function-docstring
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
self.client = await get_test_client(
verify_certs=False, http_auth=("admin", "admin")
verify_certs=False, http_auth=("admin", password)
)
await add_connection("default", self.client)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

from __future__ import unicode_literals

import os
from unittest import IsolatedAsyncioTestCase

import pytest
Expand Down Expand Up @@ -42,8 +43,9 @@ class TestSecurityPlugin(IsolatedAsyncioTestCase):

async def asyncSetUp(self) -> None:
# pylint: disable=invalid-name, missing-function-docstring
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
self.client = await get_test_client(
verify_certs=False, http_auth=("admin", "admin")
verify_certs=False, http_auth=("admin", password)
)
await add_connection("default", self.client)

Expand Down
4 changes: 3 additions & 1 deletion test_opensearchpy/test_server_secured/test_clients.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
# Modifications Copyright OpenSearch Contributors. See
# GitHub history for details.

import os
from unittest import TestCase

from opensearchpy import OpenSearch
Expand All @@ -15,9 +16,10 @@

class TestSecurity(TestCase):
def test_security(self) -> None:
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
client = OpenSearch(
OPENSEARCH_URL,
http_auth=("admin", "admin"),
http_auth=("admin", password),
verify_certs=False,
)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

from __future__ import unicode_literals

import os
from unittest import TestCase

from opensearchpy.connection.connections import add_connection
Expand All @@ -36,7 +37,8 @@ class TestSecurityPlugin(TestCase):
USER_CONTENT = {"password": "opensearchpy@123", "opendistro_security_roles": []}

def setUp(self) -> None:
self.client = get_test_client(verify_certs=False, http_auth=("admin", "admin"))
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
self.client = get_test_client(verify_certs=False, http_auth=("admin", password))
add_connection("default", self.client)

def tearDown(self) -> None:
Expand Down

0 comments on commit d3177a8

Please sign in to comment.