[Security] Updates dev guide for security (opensearch-project#5736)

* [Docs] Updates dev guide for security Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * better default creds Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * undo changelog changes Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds sample password Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> --------- Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
AMoo-Miki · Jan 26, 2024 · 1a0cf47 · 1a0cf47
1 parent 058dfbc
commit 1a0cf47
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 23 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -59,6 +59,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CI] Enable inputs for manually triggered Cypress test jobs ([#5134](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5134))
 - [CI] Replace usage of deprecated `set-output` in workflows ([#5340](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5340))
 - [Chore] Add `--security` for `opensearch snapshot` and `opensearch_dashboards` to configure local setup with the security plugin ([#5451](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5451))
+- [Chore] Updates default dev environment security credentials ([#5736](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5736))
 
 ### 📝 Documentation
 

diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md
@@ -179,6 +179,7 @@ For windows:
 $ wsl -d docker-desktop
 $ sysctl -w vm.max_map_count=262144
 ```
+
 ### Next Steps
 
 Now that you have a development environment to play with, there are a number of different paths you may take next.
@@ -235,6 +236,7 @@ $ yarn opensearch snapshot --P https://repo1.maven.org/maven2/org/opensearch/plu
 Note - if you add the [`security` plugin](https://github.com/opensearch-project/security), you'll also need to [configure OpenSearch Dashboards for security](#configure-opensearch-dashboards-for-security).
 
 ### Plugin development
+
 The osd-plugin-generator tool makes it easier to create a plugin for OpenSearch Dashboards. It sets up the basic structure of the project and provides scripts to build it. Refer to [osd-plugin-generator](https://github.com/opensearch-project/OpenSearch-Dashboards/tree/main/packages/osd-plugin-generator) for more details.
 
 #### Other snapshot configuration options
@@ -280,29 +282,26 @@ This method can also be used to develop against the [full distribution of OpenSe
 
 ### Configure OpenSearch Dashboards for security
 
-_This step is only mandatory if you have the [`security` plugin](https://github.com/opensearch-project/security) installed on your OpenSearch cluster with https/authentication enabled._
+_This step is only needed if you want your dev environment to also start with security. To do so both the OpenSearch node and OpenSearch Dashboards cluster need to have the security plugin installed. Follow the steps below to get setup correctly._
 
-> 1. Run `export initialAdminPassword=<initial admin password>` since it's needed by the configuration script
-> 2. Run `yarn opensearch snapshot --security`
-> 3. Wait a few seconds while the plugin is installed, configured, and OpenSearch starts up.
+To startup the OpenSearch snapshot with security
 
-Then within another window. You can start:
+> OpenSearch has strong password requirements and will fail to bootstrap if the password requirements are not met. e.g. myStrongPassword123!
 
-> 1. Run `export OPENSEARCH_USERNAME=admin`
-> 2. Run `export OPENSEARCH_PASSWORD=<initial admin password>`
-> 3. Optional: Run `export OPENSEARCH_SECURITY_READONLY_ROLE=<read only role>`
-> 4. Run `yarn start:security`
-> 5. Navigate to OpenSearch Dashboards and login with the above username and password.
+1. Run `export OPENSEARCH_INITIAL_ADMIN_PASSWORD=<initial admin password>` since it's needed by the configuration script
+2. Run `yarn opensearch snapshot --security`
+3. Wait a few seconds while the plugin is installed, configured, and OpenSearch starts up.
 
-Once the bootstrap of OpenSearch Dashboards is finished, you need to apply some
-changes to the default [`opensearch_dashboards.yml`](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml#L25-L72) in order to connect to OpenSearch.
+Then within another window you can start OpenSearch Dashboards:
 
-```yml
-opensearch.hosts: ["https://localhost:9200"]
-opensearch.username: "admin" # Default username on the docker image
-opensearch.password: "admin" # Default password on the docker image
-opensearch.ssl.verificationMode: none
-```
+_First make sure to clone the https://github.com/opensearch-project/security-dashboards-plugin repo into the plugins folder and build it (Using `yarn build`). You can follow the instructions here https://github.com/opensearch-project/security-dashboards-plugin/blob/main/DEVELOPER_GUIDE.md#install-opensearch-dashboards-with-security-dashboards-plugin._
+
+> You do not have to edit the `config/opensearch-dashboards.yml` file since the `yarn start:security` command sets up the default overrides automatically
+
+Then do the following:
+
+1. Run `yarn start:security`
+2. Navigate to OpenSearch Dashboards and login with the username `admin` and password `<initial admin password>`.
 
 For more detailed documentation, see [Configure TLS for OpenSearch Dashboards](https://opensearch.org/docs/latest/install-and-configure/install-dashboards/tls).
 

diff --git a/src/cli/serve/serve.js b/src/cli/serve/serve.js
@@ -80,11 +80,11 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
     set('env', 'development');
 
     if (!has('opensearch.username')) {
-      set('opensearch.username', 'opensearch_dashboards_system');
+      set('opensearch.username', 'kibanaserver');
     }
 
     if (!has('opensearch.password')) {
-      set('opensearch.password', 'changeme');
+      set('opensearch.password', 'kibanaserver');
     }
 
     if (opts.ssl) {
@@ -146,11 +146,10 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
         set('opensearch.ssl.verificationMode', 'none');
       }
 
-      if (get('opensearch.username') === 'opensearch_dashboards_system') {
+      if (process.env.OPENSEARCH_USERNAME) {
         set('opensearch.username', process.env.OPENSEARCH_USERNAME);
       }
-
-      if (get('opensearch.password') === 'changeme') {
+      if (process.env.OPENSEARCH_PASSWORD) {
         set('opensearch.password', process.env.OPENSEARCH_PASSWORD);
       }