From aa6b7106dcdfff31c0c578c7abc240712f09010e Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Tue, 23 Jan 2024 10:33:42 -0800 Subject: [PATCH 01/11] Remove admin credentials Signed-off-by: Varun Jain --- DEVELOPER_GUIDE.md | 9 ++++----- build.gradle | 7 ++++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index f19f178c4..7c5a182aa 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -137,12 +137,11 @@ Additionally, it is also possible to run a cluster with security enabled: ./gradlew run -Dsecurity.enabled=true ``` -By default, if `-Dsecurity.enabled=true` is passed the following defaults will be used: `https=true`, `user=admin` and -`password=admin`. +By default, if `-Dsecurity.enabled=true` is passed the following defaults will be used: `https=true`, `user=admin`. There is no default password and it is set as `password= parameter is the password set by admin. ```bash -curl https://localhost:9200 --insecure -u admin:admin +curl https://localhost:9200 --insecure -u admin: { "name" : "integTest-0", @@ -191,7 +190,7 @@ Integration tests can be run with remote cluster. For that run the following com In case remote cluster is secured it's possible to pass username and password with the following command: ``` -./gradlew :integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="integTest-0" -Dhttps=true -Duser=admin -Dpassword=admin +./gradlew :integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="integTest-0" -Dhttps=true -Duser=admin -Dpassword= ``` ### Debugging diff --git a/build.gradle b/build.gradle index c2dc3a317..85c1793bb 100644 --- a/build.gradle +++ b/build.gradle @@ -29,6 +29,7 @@ buildscript { } opensearch_group = "org.opensearch" opensearch_no_snapshot = opensearch_build.replace("-SNAPSHOT","") + System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "myStrongPassword123!") } repositories { @@ -85,9 +86,9 @@ ext { cluster.getNodes().forEach { node -> var creds = node.getCredentials() if (creds.isEmpty()) { - creds.add(Map.of('username', 'admin', 'password', 'admin')) + creds.add(Map.of('username', 'admin', 'password', System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD"))) } else { - creds.get(0).putAll(Map.of('username', 'admin', 'password', 'admin')) + creds.get(0).putAll(Map.of('username', 'admin', 'password', System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD"))) } } @@ -302,7 +303,7 @@ integTest { // If security is enabled, set is_https/user/password defaults is_https = is_https == null ? "true" : is_https user = user == null ? "admin" : user - password = password == null ? "admin" : password + password = password == null ? System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD") : password } systemProperty("https", is_https) systemProperty("user", user) From b66f2638b1e277d10a1fd29ed574861ee8829120 Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Tue, 23 Jan 2024 12:41:52 -0800 Subject: [PATCH 02/11] Setting password Signed-off-by: Varun Jain --- DEVELOPER_GUIDE.md | 2 +- build.gradle | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index 7c5a182aa..fb171ca1c 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -137,7 +137,7 @@ Additionally, it is also possible to run a cluster with security enabled: ./gradlew run -Dsecurity.enabled=true ``` -By default, if `-Dsecurity.enabled=true` is passed the following defaults will be used: `https=true`, `user=admin`. There is no default password and it is set as `password=`. Then, to access the cluster, we can run the below command. parameter is the password set by admin. ```bash diff --git a/build.gradle b/build.gradle index 85c1793bb..bb76a8691 100644 --- a/build.gradle +++ b/build.gradle @@ -29,7 +29,6 @@ buildscript { } opensearch_group = "org.opensearch" opensearch_no_snapshot = opensearch_build.replace("-SNAPSHOT","") - System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "myStrongPassword123!") } repositories { @@ -63,6 +62,7 @@ def opensearch_tmp_dir = rootProject.file('build/private/opensearch_tmp').absolu opensearch_tmp_dir.mkdirs() ext { + System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "myStrongPassword123!") isSnapshot = "true" == System.getProperty("build.snapshot", "true") projectSubstitutions = [:] @@ -86,9 +86,9 @@ ext { cluster.getNodes().forEach { node -> var creds = node.getCredentials() if (creds.isEmpty()) { - creds.add(Map.of('username', 'admin', 'password', System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD"))) + creds.add(Map.of('username', 'admin', 'password', System.getProperty("password"))) } else { - creds.get(0).putAll(Map.of('username', 'admin', 'password', System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD"))) + creds.get(0).putAll(Map.of('username', 'admin', 'password', System.getProperty("password"))) } } From 3892efea0714de0b218a2daa3a28ca2528f44628 Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Tue, 23 Jan 2024 13:24:13 -0800 Subject: [PATCH 03/11] Addressing Darshit Comments Signed-off-by: Varun Jain --- build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index bb76a8691..e74353d34 100644 --- a/build.gradle +++ b/build.gradle @@ -86,9 +86,9 @@ ext { cluster.getNodes().forEach { node -> var creds = node.getCredentials() if (creds.isEmpty()) { - creds.add(Map.of('username', 'admin', 'password', System.getProperty("password"))) + creds.add(Map.of('username', 'admin', 'password', System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD"))) } else { - creds.get(0).putAll(Map.of('username', 'admin', 'password', System.getProperty("password"))) + creds.get(0).putAll(Map.of('username', 'admin', 'password', System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD"))) } } From f8ee1a6ccfcd1dc3b334b1a565cd86cb0d05ec8c Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Tue, 23 Jan 2024 20:42:49 -0800 Subject: [PATCH 04/11] Adding version check Signed-off-by: Varun Jain --- build.gradle | 7 ++++++- gradle.properties | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index e74353d34..da92dd3eb 100644 --- a/build.gradle +++ b/build.gradle @@ -62,7 +62,12 @@ def opensearch_tmp_dir = rootProject.file('build/private/opensearch_tmp').absolu opensearch_tmp_dir.mkdirs() ext { - System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "myStrongPassword123!") + var versionsWithoutDefaultAdminPassword = System.getProperty("versionsWithoutDefaultAdminPassword").split(',').toList() + if(versionsWithoutDefaultAdminPassword.contains(version_tokens[0])){ + System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "myStrongPassword123!") + }else{ + System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin") + } isSnapshot = "true" == System.getProperty("build.snapshot", "true") projectSubstitutions = [:] diff --git a/gradle.properties b/gradle.properties index 98663c787..98e61e76b 100644 --- a/gradle.properties +++ b/gradle.properties @@ -15,3 +15,6 @@ org.gradle.jvmargs=--add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAME --add-exports jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED \ --add-exports jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED \ --add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED + +#versions with not having default password as admin +systemProp.versionsWithoutDefaultAdminPassword=2.12.0,3.0.0 \ No newline at end of file From bbc76337f2f54c64375b7fa33313e921f7210266 Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Tue, 23 Jan 2024 21:22:12 -0800 Subject: [PATCH 05/11] Adding version check Signed-off-by: Varun Jain --- build.gradle | 8 ++++++-- gradle.properties | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index da92dd3eb..d82f0e4be 100644 --- a/build.gradle +++ b/build.gradle @@ -8,6 +8,7 @@ import org.opensearch.gradle.test.RestIntegTestTask import org.opensearch.gradle.testclusters.OpenSearchCluster +import org.opensearch.gradle.Version import java.nio.file.Paths import java.util.concurrent.Callable @@ -62,12 +63,15 @@ def opensearch_tmp_dir = rootProject.file('build/private/opensearch_tmp').absolu opensearch_tmp_dir.mkdirs() ext { - var versionsWithoutDefaultAdminPassword = System.getProperty("versionsWithoutDefaultAdminPassword").split(',').toList() - if(versionsWithoutDefaultAdminPassword.contains(version_tokens[0])){ + var versionsWithoutDefaultAdminPassword = System.getProperty("versionsWithoutDefaultAdminPassword").toString() + Version currentVersion= Version.fromString(version_tokens[0]) + Version versionWithoutDefaultAdminPassword=Version.fromString(versionsWithoutDefaultAdminPassword) + if(currentVersion.onOrAfter(versionWithoutDefaultAdminPassword)){ System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "myStrongPassword123!") }else{ System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin") } + isSnapshot = "true" == System.getProperty("build.snapshot", "true") projectSubstitutions = [:] diff --git a/gradle.properties b/gradle.properties index 98e61e76b..876765cff 100644 --- a/gradle.properties +++ b/gradle.properties @@ -17,4 +17,4 @@ org.gradle.jvmargs=--add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAME --add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED #versions with not having default password as admin -systemProp.versionsWithoutDefaultAdminPassword=2.12.0,3.0.0 \ No newline at end of file +systemProp.versionsWithoutDefaultAdminPassword=2.12.0 \ No newline at end of file From e99a63e765dbd302663b84d4804556b2d51178e7 Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Fri, 26 Jan 2024 10:02:12 -0800 Subject: [PATCH 06/11] Reverting build.gradle changes Signed-off-by: Varun Jain --- build.gradle | 30 ++++++++++-------------------- gradle.properties | 5 +---- 2 files changed, 11 insertions(+), 24 deletions(-) diff --git a/build.gradle b/build.gradle index d82f0e4be..a0a8ec321 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,6 @@ import org.opensearch.gradle.test.RestIntegTestTask import org.opensearch.gradle.testclusters.OpenSearchCluster -import org.opensearch.gradle.Version import java.nio.file.Paths import java.util.concurrent.Callable @@ -63,15 +62,6 @@ def opensearch_tmp_dir = rootProject.file('build/private/opensearch_tmp').absolu opensearch_tmp_dir.mkdirs() ext { - var versionsWithoutDefaultAdminPassword = System.getProperty("versionsWithoutDefaultAdminPassword").toString() - Version currentVersion= Version.fromString(version_tokens[0]) - Version versionWithoutDefaultAdminPassword=Version.fromString(versionsWithoutDefaultAdminPassword) - if(currentVersion.onOrAfter(versionWithoutDefaultAdminPassword)){ - System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "myStrongPassword123!") - }else{ - System.setProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin") - } - isSnapshot = "true" == System.getProperty("build.snapshot", "true") projectSubstitutions = [:] @@ -95,9 +85,9 @@ ext { cluster.getNodes().forEach { node -> var creds = node.getCredentials() if (creds.isEmpty()) { - creds.add(Map.of('username', 'admin', 'password', System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD"))) + creds.add(Map.of('username', 'admin', 'password', 'admin')) } else { - creds.get(0).putAll(Map.of('username', 'admin', 'password', System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD"))) + creds.get(0).putAll(Map.of('username', 'admin', 'password', 'admin')) } } @@ -312,7 +302,7 @@ integTest { // If security is enabled, set is_https/user/password defaults is_https = is_https == null ? "true" : is_https user = user == null ? "admin" : user - password = password == null ? System.getProperty("OPENSEARCH_INITIAL_ADMIN_PASSWORD") : password + password = password == null ? "admin" : password } systemProperty("https", is_https) systemProperty("user", user) @@ -349,15 +339,15 @@ testClusters.integTest { // Install K-NN/ml-commons plugins on the integTest cluster nodes except security configurations.zipArchive.asFileTree.each { plugin(provider(new Callable(){ - @Override - RegularFile call() throws Exception { - return new RegularFile() { - @Override - File getAsFile() { - return it - } + @Override + RegularFile call() throws Exception { + return new RegularFile() { + @Override + File getAsFile() { + return it } } + } })) } diff --git a/gradle.properties b/gradle.properties index 876765cff..9e21abb8b 100644 --- a/gradle.properties +++ b/gradle.properties @@ -14,7 +14,4 @@ org.gradle.jvmargs=--add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAME --add-exports jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED \ --add-exports jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED \ --add-exports jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED \ - --add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED - -#versions with not having default password as admin -systemProp.versionsWithoutDefaultAdminPassword=2.12.0 \ No newline at end of file + --add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED \ No newline at end of file From e894b5a7897bcd4a4365069a003ca4d5cd0e1c61 Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Fri, 26 Jan 2024 10:07:32 -0800 Subject: [PATCH 07/11] Reverting build.gradle changes Signed-off-by: Varun Jain --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index a0a8ec321..432068917 100644 --- a/build.gradle +++ b/build.gradle @@ -417,4 +417,4 @@ task updateVersion { // String tokenization to support -SNAPSHOT ant.replaceregexp(file:'build.gradle', match: '"opensearch.version", "\\d.*"', replace: '"opensearch.version", "' + newVersion.tokenize('-')[0] + '-SNAPSHOT"', flags:'g', byline:true) } -} +} \ No newline at end of file From c5fd3f4a3c663a70b1148889a1e0ba6ecfdbff02 Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Fri, 26 Jan 2024 10:08:13 -0800 Subject: [PATCH 08/11] Reverting build.gradle changes Signed-off-by: Varun Jain --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 432068917..a0a8ec321 100644 --- a/build.gradle +++ b/build.gradle @@ -417,4 +417,4 @@ task updateVersion { // String tokenization to support -SNAPSHOT ant.replaceregexp(file:'build.gradle', match: '"opensearch.version", "\\d.*"', replace: '"opensearch.version", "' + newVersion.tokenize('-')[0] + '-SNAPSHOT"', flags:'g', byline:true) } -} \ No newline at end of file +} From dfc71399aea78a7165d8fe0aebed83edc8b04a47 Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Fri, 26 Jan 2024 10:10:50 -0800 Subject: [PATCH 09/11] Adding properties extension in formatting.gradle Signed-off-by: Varun Jain --- gradle.properties | 2 +- gradle/formatting.gradle | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gradle.properties b/gradle.properties index 9e21abb8b..98663c787 100644 --- a/gradle.properties +++ b/gradle.properties @@ -14,4 +14,4 @@ org.gradle.jvmargs=--add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAME --add-exports jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED \ --add-exports jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED \ --add-exports jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED \ - --add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED \ No newline at end of file + --add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED diff --git a/gradle/formatting.gradle b/gradle/formatting.gradle index 197b848c9..98720b5d4 100644 --- a/gradle/formatting.gradle +++ b/gradle/formatting.gradle @@ -19,7 +19,7 @@ allprojects { } } format 'misc', { - target '*.md', '**/*.gradle', '**/*.json', '**/*.yaml', '**/*.yml', '**/*.svg' + target '*.md', '**/*.gradle', '**/*.json', '**/*.yaml', '**/*.yml', '**/*.svg', '**/*.properties' trimTrailingWhitespace() endWithNewline() From 4ebd8ff97b7c7062108da5ce1395dc57388cc02e Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Fri, 26 Jan 2024 10:19:28 -0800 Subject: [PATCH 10/11] Reverting build.gradle changes Signed-off-by: Varun Jain --- build.gradle | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/build.gradle b/build.gradle index a0a8ec321..c2dc3a317 100644 --- a/build.gradle +++ b/build.gradle @@ -339,15 +339,15 @@ testClusters.integTest { // Install K-NN/ml-commons plugins on the integTest cluster nodes except security configurations.zipArchive.asFileTree.each { plugin(provider(new Callable(){ - @Override - RegularFile call() throws Exception { - return new RegularFile() { - @Override - File getAsFile() { - return it + @Override + RegularFile call() throws Exception { + return new RegularFile() { + @Override + File getAsFile() { + return it + } } } - } })) } From b0fa08b716bab19af841b8973296f02f1a1ef28f Mon Sep 17 00:00:00 2001 From: Varun Jain Date: Fri, 26 Jan 2024 10:29:30 -0800 Subject: [PATCH 11/11] Addressing Darshit Comment Signed-off-by: Varun Jain --- DEVELOPER_GUIDE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index fb171ca1c..acbb00883 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -139,7 +139,7 @@ Additionally, it is also possible to run a cluster with security enabled: By default, if `-Dsecurity.enabled=true` is passed the following defaults will be used: `https=true`, `user=admin`. There is no default password and it is to be set as `password=`. -Then, to access the cluster, we can run the below command. parameter is the password set by admin. +Then, to connect to the cluster, use the following command. Remember to replace `` with the password you chose when setting up the admin user. ```bash curl https://localhost:9200 --insecure -u admin: