-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactors occurrences of admin:admin and remove integtest.sh #978
Refactors occurrences of admin:admin and remove integtest.sh #978
Conversation
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
This change should be backported to 2.x |
@SuZhou-Joe @xluo-aws can you take a look at this PR and let us know what you think? Full context is that now install demo configuration requires a strong password to be set, instead of just default to admin:admin. |
@@ -22,6 +22,8 @@ jobs: | |||
TERM: xterm | |||
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment | |||
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' | |||
# 2.12 onwards security demo configuration require a custom admin password | |||
OPENSEARCH_INTIAL_ADMIN_PASSWORD: 'myStrongPassword123!' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For curious, is this the new default password of admin user? or security plugin will honour env variable OPENSEARCH_INTIAL_ADMIN_PASSWORD
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@derek-ho Same question here, could you clarify this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo here, reference: https://github.com/opensearch-project/security/blob/main/DEVELOPER_GUIDE.md?plain=1#L169
OPENSEARCH_INTIAL_ADMIN_PASSWORD: 'myStrongPassword123!' | |
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the catch! And yes, when running the install demo config we will honor whatever you put as that variable.
@@ -104,8 +106,8 @@ jobs: | |||
else | |||
echo "Keep Dashboards Security" | |||
bin/opensearch-dashboards.bat & | |||
timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin:admin | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done' | |||
curl -sk localhost:5601/api/status -u admin:admin | jq | |||
timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done' | |
timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done' |
timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin:admin | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done' | ||
curl -sk localhost:5601/api/status -u admin:admin | jq | ||
timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done' | ||
curl -sk localhost:5601/api/status -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} | jq |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
curl -sk localhost:5601/api/status -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} | jq | |
curl -sk localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} | jq |
@@ -61,8 +63,8 @@ jobs: | |||
else | |||
echo "Keep OpenSearch Security" | |||
./opensearch-tar-install.sh & | |||
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' | |||
curl https://localhost:9200 -u admin:admin --insecure | |||
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' | |
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' |
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' | ||
curl https://localhost:9200 -u admin:admin --insecure | ||
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' | ||
curl https://localhost:9200 -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} --insecure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
curl https://localhost:9200 -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} --insecure | |
curl https://localhost:9200 -u admin:${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} --insecure |
timeout 300 bash -c 'while [[ "$(curl -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done' | ||
curl http://localhost:5601/api/status -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} --insecure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
timeout 300 bash -c 'while [[ "$(curl -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done' | |
curl http://localhost:5601/api/status -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} --insecure | |
timeout 300 bash -c 'while [[ "$(curl -u admin:${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done' | |
curl http://localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} --insecure |
@@ -29,7 +31,7 @@ jobs: | |||
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz | |||
cd opensearch-${{ env.VERSION }}/ | |||
./opensearch-tar-install.sh & | |||
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' | |||
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' | |
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' |
@@ -29,7 +31,7 @@ jobs: | |||
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz | |||
cd opensearch-${{ env.VERSION }}/ | |||
./opensearch-tar-install.sh & | |||
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' | |||
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' | |
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INTIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please update all reference accordingly.
Closing this in favor of: https://github.com/opensearch-project/opensearch-dashboards-functional-test/pull/981/files, since Darshit is away on vacation |
Description
There were recent changes to security demo configuration setup which now requires a custom admin Password to be setup. This PR changes workflows that previously used admin as password.
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.