[Backport 2.x] Demo configuration script requires admin password

[opensearch-trigger-bot]

Backport 8628a89 from #3329.

Related Issues

• Related Replace admin:admin default credentials with configuration file password #3285

[codecov]

Codecov Report

Merging #3414 (eabc278) into 2.x (3841f14) will increase coverage by 0.01%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##                2.x    #3414      +/-   ##
============================================
+ Coverage     64.09%   64.10%   +0.01%     
+ Complexity     3369     3367       -2     
============================================
  Files           256      256              
  Lines         19515    19515              
  Branches       3297     3297              
============================================
+ Hits          12508    12511       +3     
+ Misses         5365     5362       -3     
  Partials       1642     1642              

see 2 files with indirect coverage changes

[peternied]

Requiring a password is a breaking change in 2.x

• What do we think about taking this change as is versus modifying this change so the password is opt-in?

[stephen-crawford]

@peternied maybe you disagree but here is my thought process: for this change to be breaking, someone would have to have configured an automated flow which expected admin as the password. However, we only changed this behavior for the demo configuration so this would only change if they upgraded and then expected the demo configuration to use the admin password as before. There is nothing stopping someone from using their own configuration and setting to admin again. It is just when starting from nothing and installing the demo. Therefore, I am of the opinion that changes to demos should not count as breaking changes.

[DarshitChanpura]

What is the disadvantage of making this change mandatory? IMO, we are promoting a better security posture, and since this affects demo configuration script, I'm onboard with bringing this change in unless you think this would be a deal-breaker for everyone using automated scripts for programatic access (in which case they can read the password from the logs). Thoughts?

[peternied]

Thanks for the thoughts @scrawfor99 @DarshitChanpura

• I've marked Replace admin:admin default credentials #1576 as untraiged to make sure we discuss the breaking nature of this change and if its OK or not.

---

Since I didn't state my own opinion, I feel that we should make a breaking change to these scripts, if this is opt-in no one will make the conversion to use a password they provide.

Work around for impacted folks is they can provide the password as admin

[DarshitChanpura]

Agreed @peternied.

[peternied]

This change has been reviewed and approved during the Security Triage team meeting on 10/2