Adds random password generation capability to demo config install scr…

…ipts Signed-off-by: Darshit Chanpura <[email protected]>
DarshitChanpura · Oct 5, 2023 · 24e8cd2 · 24e8cd2
1 parent bfba97a
commit 24e8cd2
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 14 deletions.
diff --git a/tools/generate-password.bat b/tools/generate-password.bat
@@ -0,0 +1,23 @@
+@echo off
+setlocal enableDelayedExpansion
+
+REM Set the directory of the current script
+set "SCRIPT_DIR=%~dp0"
+
+REM Set the desired password length
+set "length=16"
+
+REM Define the character set for the password
+set "characters=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+
+REM Initialize the password variable
+set "password="
+
+REM Loop to generate the random password
+for /l %%i in (1,1,%length%) do (
+    set /a "index=!random! %% 62"
+    for %%c in (!index!) do (
+        set "char=!characters:~%%c,1!"
+        set "password=!password!!char!"
+    )
+)
diff --git a/tools/generate-password.sh b/tools/generate-password.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+length="$1"
+if [ -z "$length" ]; then
+    length=12  # Default password length
+fi
+
+# Define the character set for the password
+characters="A-Za-z0-9"
+
+# Use /dev/urandom to generate random bytes and tr to shuffle them
+LC_ALL=C tr -dc "$characters" < /dev/urandom | head -c "$length"
diff --git a/tools/install_demo_configuration.bat b/tools/install_demo_configuration.bat
@@ -17,6 +17,7 @@ set "assumeyes=0"
 set "initsecurity=0"
 set "cluster_mode=0"
 set "skip_updates=-1"
+set "generate_random_password=0"
 
 goto :GETOPTS
 
@@ -27,6 +28,7 @@ echo   -y confirm all installation dialogues automatically
 echo   -i initialize Security plugin with default configuration (default is to ask if -y is not given)
 echo   -c enable cluster mode by binding to all network interfaces (default is to ask if -y is not given)
 echo   -s skip updates if config is already applied to opensearch.yml
+echo   -g generates random password for admin
 EXIT /B 0
 
 :GETOPTS
@@ -35,6 +37,7 @@ if /I "%1" == "-y" set "assumeyes=1"
 if /I "%1" == "-i" set "initsecurity=1"
 if /I "%1" == "-c" set "cluster_mode=1"
 if /I "%1" == "-s" set "skip_updates=0"
+if /I "%1" == "-g" set "generate_random_password=1"
 shift
 if not "%1" == "" goto :GETOPTS
 
@@ -325,36 +328,41 @@ setlocal enabledelayedexpansion
 set "ADMIN_PASSWORD_FILE=%OPENSEARCH_CONF_DIR%initialAdminPassword.txt"
 set "INTERNAL_USERS_FILE=%OPENSEARCH_CONF_DIR%opensearch-security\internal_users.yml"
 
-echo "what is in the config directory"  
+echo "what is in the config directory"
 dir %OPENSEARCH_CONF_DIR%
 
 echo "what is in the password file"
 type "%ADMIN_PASSWORD_FILE%"
 
-
-if "%initialAdminPassword%" NEQ "" (
-  set "ADMIN_PASSWORD=!initialAdminPassword!"
+if not "%initialAdminPassword%"=="" (
+    set "ADMIN_PASSWORD=%initialAdminPassword%"
+) else if exist "%ADMIN_PASSWORD_FILE%" (
+    for /f %%a in ('type "%ADMIN_PASSWORD_FILE%"') do set "ADMIN_PASSWORD=%%a"
+) else if "%generate_random_password%"=="1" (
+    set "generate_password_script=%OPENSEARCH_PLUGINS_DIR%\opensearch-security\tools\generate-password.bat"
+    for /f %%a in ('"!generate_password_script!" 16') do set "ADMIN_PASSWORD=%%a"
 ) else (
-  for /f %%a in ('type "%ADMIN_PASSWORD_FILE%"') do set "ADMIN_PASSWORD=%%a"
+    echo Unable to find the admin password for the cluster. Please set initialAdminPassword or create a file %ADMIN_PASSWORD_FILE% with a single line that contains the password.
+    exit /b 1
 )
 
-if not defined ADMIN_PASSWORD (
-  echo Unable to find the admin password for the cluster. Please set initialAdminPassword or create a file %ADMIN_PASSWORD_FILE% with a single line that contains the password.
-  exit /b 1
-)
 
 echo "   ***************************************************"
 echo "   ***   ADMIN PASSWORD SET TO: %ADMIN_PASSWORD%   ***"
 echo "   ***************************************************"
 
 set "HASH_SCRIPT=%OPENSEARCH_PLUGINS_DIR%\opensearch-security\tools\hash.bat"
 
+REM The error level is set to 1 here if initialAdminPassword.txt was not provided
+REM so we set it to 0 otherwise it would falsely fail this script on line 367
+set ERRORLEVEL=0
+
 REM Run the command and capture its output
 for /f %%a in ('%HASH_SCRIPT% -p !ADMIN_PASSWORD!') do (
   set "HASHED_ADMIN_PASSWORD=%%a"
 )
 
-if errorlevel 1 (
+if %ERRORLEVEL% == 1 (
   echo Failed to hash the admin password
   exit /b 1
 )
@@ -397,14 +405,14 @@ echo. > securityadmin_demo.bat
 echo %OPENSEARCH_PLUGINS_DIR%opensearch-security\tools\securityadmin.bat -cd %OPENSEARCH_CONF_DIR%opensearch-security -icl -key %OPENSEARCH_CONF_DIR%kirk-key.pem -cert %OPENSEARCH_CONF_DIR%kirk.pem -cacert %OPENSEARCH_CONF_DIR%root-ca.pem -nhnv >> securityadmin_demo.bat
 
 if %initsecurity% == 0 (
-	echo ### After the whole cluster is up execute: 
+	echo ### After the whole cluster is up execute:
 	type securityadmin_demo.bat
 	echo ### or run ./securityadmin_demo.bat
     echo ### After that you can also use the Security Plugin ConfigurationGUI
 ) else (
     echo ### OpenSearch Security will be automatically initialized.
-    echo ### If you like to change the runtime configuration 
-    echo ### change the files in ../../../config/opensearch-security and execute: 
+    echo ### If you like to change the runtime configuration
+    echo ### change the files in ../../../config/opensearch-security and execute:
 	type securityadmin_demo.bat
 	echo ### or run ./securityadmin_demo.bat
 	echo ### To use the Security Plugin ConfigurationGUI

diff --git a/tools/install_demo_configuration.sh b/tools/install_demo_configuration.sh
@@ -29,6 +29,7 @@ assumeyes=0
 initsecurity=0
 cluster_mode=0
 skip_updates=-1
+generate_random_password=0
 
 function show_help() {
     echo "install_demo_configuration.sh [-y] [-i] [-c]"
@@ -37,9 +38,10 @@ function show_help() {
     echo "  -i initialize Security plugin with default configuration (default is to ask if -y is not given)"
     echo "  -c enable cluster mode by binding to all network interfaces (default is to ask if -y is not given)"
     echo "  -s skip updates if config is already applied to opensearch.yml"
+    echo "  -g generates random password for admin"
 }
 
-while getopts "h?yics" opt; do
+while getopts "h?yicsg" opt; do
     case "$opt" in
     h|\?)
         show_help
@@ -52,6 +54,8 @@ while getopts "h?yics" opt; do
     c)  cluster_mode=1
         ;;
     s)  skip_updates=0
+        ;;
+    g)  generate_random_password=1
     esac
 done
 
@@ -392,10 +396,14 @@ echo 'plugins.security.system_indices.indices: [".plugins-ml-config", ".plugins-
 ADMIN_PASSWORD_FILE="$OPENSEARCH_CONF_DIR/initialAdminPassword.txt"
 INTERNAL_USERS_FILE="$OPENSEARCH_CONF_DIR/opensearch-security/internal_users.yml"
 
+
 if [[ -n "$initialAdminPassword" ]]; then
   ADMIN_PASSWORD="$initialAdminPassword"
 elif [[ -f "$ADMIN_PASSWORD_FILE" && -s "$ADMIN_PASSWORD_FILE" ]]; then
   ADMIN_PASSWORD=$(head -n 1 "$ADMIN_PASSWORD_FILE")
+elif [ "$generate_random_password" == 1 ]; then  # Added double quotes around "1"
+  $SUDO_CMD chmod +x "$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/generate-password.sh"
+  ADMIN_PASSWORD=$("$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/generate-password.sh" 16)
 else
   echo "Unable to find the admin password for the cluster. Please run 'export initialAdminPassword=<your_password>' or create a file $ADMIN_PASSWORD_FILE with a single line that contains the password."
   exit 1