From 64f17affa8e250391b06e22874bf3439857c26df Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Mon, 18 Dec 2023 16:33:06 -0500 Subject: [PATCH 1/7] Remove reference to default credentials Signed-off-by: Derek Ho --- .github/actions/opensearch/run.sh | 3 ++- .github/workflows/compatibility.yml | 2 +- .github/workflows/main.yml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/actions/opensearch/run.sh b/.github/actions/opensearch/run.sh index ee41c1f8b..5f5ef5389 100755 --- a/.github/actions/opensearch/run.sh +++ b/.github/actions/opensearch/run.sh @@ -32,6 +32,7 @@ do --env "ES_JAVA_OPTS=-Xms1g -Xmx1g" \ --env "http.port=${port}" \ --env "action.destructive_requires_name=false" \ + --env "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" \ --env "plugins.security.disabled=${DISABLE_SECURITY}" \ --ulimit nofile=65536:65536 \ --ulimit memlock=-1:-1 \ @@ -66,7 +67,7 @@ else --show-error \ --silent \ --insecure \ - https://admin:admin@os1:$PORT + https://admin:myStrongPassword123!@os1:$PORT fi sleep 10 diff --git a/.github/workflows/compatibility.yml b/.github/workflows/compatibility.yml index a8a25b3e7..0616844a4 100644 --- a/.github/workflows/compatibility.yml +++ b/.github/workflows/compatibility.yml @@ -47,7 +47,7 @@ jobs: test-opensearch-security: env: - TEST_OPENSEARCH_SERVER: https://admin:admin@localhost:9200 + TEST_OPENSEARCH_SERVER: https://admin:myStrongPassword123!@localhost:9200 PORT: 9200 strategy: fail-fast: false diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d4db8462a..921e94078 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -82,7 +82,7 @@ jobs: test-opensearch-security: env: - TEST_OPENSEARCH_SERVER: https://admin:admin@localhost:9200 + TEST_OPENSEARCH_SERVER: https://admin:myStrongPassword123!@localhost:9200 PORT: 9200 strategy: fail-fast: false From dcee918299ddfed3e1ff0ee99ce33036800214f0 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Wed, 27 Dec 2023 11:03:38 -0500 Subject: [PATCH 2/7] Add changelog line and change PR to be merged in after 2.12 release Signed-off-by: Derek Ho --- .github/actions/opensearch/run.sh | 40 ++++++++++++++++++++--------- .github/workflows/compatibility.yml | 2 +- CHANGELOG.md | 1 + 3 files changed, 30 insertions(+), 13 deletions(-) diff --git a/.github/actions/opensearch/run.sh b/.github/actions/opensearch/run.sh index 5f5ef5389..6c005ab87 100755 --- a/.github/actions/opensearch/run.sh +++ b/.github/actions/opensearch/run.sh @@ -56,18 +56,34 @@ if [[ $DISABLE_SECURITY = true ]]; then --silent \ http://os1:$PORT else - docker run \ - --network cluster \ - --rm \ - appropriate/curl \ - --max-time 120 \ - --retry 120 \ - --retry-delay 1 \ - --retry-connrefused \ - --show-error \ - --silent \ - --insecure \ - https://admin:myStrongPassword123!@os1:$PORT + if [[ $CLUSTER_VERSION = 'latest' ]]; then + # Since 2.12.0, security demo configuration requires an initial admin password, which is set to + # myStrongPassword123! + docker run \ + --network cluster \ + --rm \ + appropriate/curl \ + --max-time 120 \ + --retry 120 \ + --retry-delay 1 \ + --retry-connrefused \ + --show-error \ + --silent \ + --insecure \ + https://admin:myStrongPassword123!@os1:$PORT + else + docker run \ + --network cluster \ + --rm \ + appropriate/curl \ + --max-time 120 \ + --retry 120 \ + --retry-delay 1 \ + --retry-connrefused \ + --show-error \ + --silent \ + --insecure \ + https://admin:admin!@os1:$PORT fi sleep 10 diff --git a/.github/workflows/compatibility.yml b/.github/workflows/compatibility.yml index 0616844a4..a8a25b3e7 100644 --- a/.github/workflows/compatibility.yml +++ b/.github/workflows/compatibility.yml @@ -47,7 +47,7 @@ jobs: test-opensearch-security: env: - TEST_OPENSEARCH_SERVER: https://admin:myStrongPassword123!@localhost:9200 + TEST_OPENSEARCH_SERVER: https://admin:admin@localhost:9200 PORT: 9200 strategy: fail-fast: false diff --git a/CHANGELOG.md b/CHANGELOG.md index a622c4a00..31c6b9189 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [Unreleased] ### Added +- Pass in an initial admin password, required by security after 2.12.0 release ([#217](https://github.com/opensearch-project/opensearch-ruby/issues/217)) ### Changed ### Deprecated ### Removed From 7760359fb2e4687e4c845aada12a714b411d2219 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Wed, 27 Dec 2023 11:06:50 -0500 Subject: [PATCH 3/7] Fix script file - missing fi Signed-off-by: Derek Ho --- .github/actions/opensearch/run.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/opensearch/run.sh b/.github/actions/opensearch/run.sh index 6c005ab87..2c935db05 100755 --- a/.github/actions/opensearch/run.sh +++ b/.github/actions/opensearch/run.sh @@ -84,6 +84,7 @@ else --silent \ --insecure \ https://admin:admin!@os1:$PORT + fi fi sleep 10 From d2e5383291e4bd4c6effb1819640ffa321d149ae Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Tue, 27 Feb 2024 10:10:57 -0500 Subject: [PATCH 4/7] Add version logic Signed-off-by: Derek Ho --- .github/actions/opensearch/run.sh | 46 +++++++++++++------------------ 1 file changed, 19 insertions(+), 27 deletions(-) diff --git a/.github/actions/opensearch/run.sh b/.github/actions/opensearch/run.sh index 2c935db05..8e1df1991 100755 --- a/.github/actions/opensearch/run.sh +++ b/.github/actions/opensearch/run.sh @@ -56,35 +56,27 @@ if [[ $DISABLE_SECURITY = true ]]; then --silent \ http://os1:$PORT else - if [[ $CLUSTER_VERSION = 'latest' ]]; then - # Since 2.12.0, security demo configuration requires an initial admin password, which is set to - # myStrongPassword123! - docker run \ - --network cluster \ - --rm \ - appropriate/curl \ - --max-time 120 \ - --retry 120 \ - --retry-delay 1 \ - --retry-connrefused \ - --show-error \ - --silent \ - --insecure \ - https://admin:myStrongPassword123!@os1:$PORT + # Starting in 2.12.0, security demo configuration script requires an initial admin password which is set to + # myStrongPassword123! + OPENSEARCH_REQUIRED_VERSION="2.12.0" + COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1` + if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then + CREDENTIAL="admin:admin" else - docker run \ - --network cluster \ - --rm \ - appropriate/curl \ - --max-time 120 \ - --retry 120 \ - --retry-delay 1 \ - --retry-connrefused \ - --show-error \ - --silent \ - --insecure \ - https://admin:admin!@os1:$PORT + CREDENTIAL="admin:myStrongPassword123!" fi + docker run \ + --network cluster \ + --rm \ + appropriate/curl \ + --max-time 120 \ + --retry 120 \ + --retry-delay 1 \ + --retry-connrefused \ + --show-error \ + --silent \ + --insecure \ + https://$CREDENTIAL@os1:$PORT fi sleep 10 From 416a7b3074b882504f66318fe6dba97aae18329b Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Tue, 27 Feb 2024 10:25:45 -0500 Subject: [PATCH 5/7] Update variable name Signed-off-by: Derek Ho --- .github/actions/opensearch/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/opensearch/run.sh b/.github/actions/opensearch/run.sh index 8e1df1991..c697be69c 100755 --- a/.github/actions/opensearch/run.sh +++ b/.github/actions/opensearch/run.sh @@ -59,7 +59,7 @@ else # Starting in 2.12.0, security demo configuration script requires an initial admin password which is set to # myStrongPassword123! OPENSEARCH_REQUIRED_VERSION="2.12.0" - COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1` + COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $CLUSTER_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1` if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then CREDENTIAL="admin:admin" else From 47ca8ff1f30e8191f2e4c42c413d9b6d867d373e Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Tue, 27 Feb 2024 11:00:18 -0500 Subject: [PATCH 6/7] Try upgrading lychee action Signed-off-by: Derek Ho --- .github/workflows/links.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index a0b69a83e..0a412b6ab 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v2 - name: lychee Link Checker id: lychee - uses: lycheeverse/lychee-action@v1.0.8 + uses: lycheeverse/lychee-action@v1.9.0 with: args: --accept=200,403,429 "**/*.html" "**/*.md" "**/*.txt" "**/*.json" --exclude "https://github.com/\[your*" --exclude "https://localhost:9200" --exclude "http://localhost:9200" --exclude "git://github.com/opensearch-project/*" --exclude "file:///github/workspace/*" --exclude ".*api.server.org:4430/search" --exclude ".*example.com:9200" --exclude ".*myhost:8080" --exclude ".*localhost:9200/" --exclude-mail env: From 24dde236f26f930609336f7917b6884de4e80d7b Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Tue, 27 Feb 2024 11:03:53 -0500 Subject: [PATCH 7/7] Add logic to support 'latest' Signed-off-by: Derek Ho --- .github/actions/opensearch/run.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/actions/opensearch/run.sh b/.github/actions/opensearch/run.sh index c697be69c..a71a3d7e1 100755 --- a/.github/actions/opensearch/run.sh +++ b/.github/actions/opensearch/run.sh @@ -59,11 +59,15 @@ else # Starting in 2.12.0, security demo configuration script requires an initial admin password which is set to # myStrongPassword123! OPENSEARCH_REQUIRED_VERSION="2.12.0" - COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $CLUSTER_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1` - if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then - CREDENTIAL="admin:admin" - else + if [ "$CLUSTER_VERSION" == "latest" ]; then CREDENTIAL="admin:myStrongPassword123!" + else + COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $CLUSTER_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1` + if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then + CREDENTIAL="admin:admin" + else + CREDENTIAL="admin:myStrongPassword123!" + fi fi docker run \ --network cluster \