Default admin password as admin #234
Conversation
Signed-off-by: Derek Ho <dxho@amazon.com>
derek-ho
requested review from
dblock,
Xtansia,
VachaShah and
reta
as code owners
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #234 +/- ##
==========================================
+ Coverage 74.53% 79.71% +5.18%
==========================================
Files 413 418 +5
Lines 65509 71104 +5595
==========================================
+ Hits 48824 56682 +7858
+ Misses 16685 14422 -2263
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
https://github.com/opensearch-project/opensearch-rs/blob/main/.github/workflows/test.yml#L36 - if this becomes 2.12.0 or onwards, then this change is necessary. For now this is unnecessary. Should the tests be run with a matrix of different opensearch versions to ensure compatibility? |
The linked line is only used for a handful of very basic tests, the real integration tests where we use core's YAML tests is this matrix here: https://github.com/opensearch-project/opensearch-rs/blob/main/.github/workflows/test.yml#L66 |
|
Got it. @Xtansia this change is starting in 2.12.0 onwards. I am seeing in the matrix this wouldn't be tested. Can you suggest how you think I can change this PR to best pickup the changes from 2.12.0 onwards? |
|
@derek-ho AFAIK when 2.12 is available we'll add it to CI. I think you can mark this as draft as other PRs? |
|
Now that 2.12 is released this should be unblocked. Would the maintainers review and merge this? |
|
@derek-ho Could you please add |
Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Derek Ho <dxho@amazon.com>
| @@ -34,7 +35,7 @@ runs: | |||
|
|
|||
| if [[ -d "$OPENSEARCH_HOME/plugins/opensearch-security" ]]; then | |||
| if [[ "$SECURED" == "true" ]]; then | |||
| bash $OPENSEARCH_HOME/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s | |||
| bash $OPENSEARCH_HOME/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s -t | |||
There was a problem hiding this comment.
This is causing all versions other than 2.12.0 to fail as the old versions of the script throw an error on the unrecognised parameter.
Could do this via something like:
SECURITY_VERSION=$(cat $OPENSEARCH_HOME/plugins/opensearch-security/plugin-descriptor.properties | grep '^version=' | cut -d'=' -f 2)
SECURITY_VERSION_COMPONENTS=(${SECURITY_VERSION//./ })
SECURITY_MAJOR="${SECURITY_VERSION_COMPONENTS[0]}"
SECURITY_MINOR="${SECURITY_VERSION_COMPONENTS[1]}"
if (( $SECURITY_MAJOR > 2 || ( $SECURITY_MAJOR == 2 && $SECURITY_MINOR >= 12 ) )); then
# with -t
else
# without -t
fiSigned-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Derek Ho <dxho@amazon.com>
|
@Xtansia thanks for the suggestion. I used your logic to extract the version, but used the same logic as opensearch-build: https://github.com/opensearch-project/opensearch-build/blob/main/scripts/default/integtest.sh to determine whether it is >= 2.12, just to be consistent. It looks like tests are passing and PR is in a good state. Please merge when it looks good, thanks! |
| # Starting in 2.12.0, security demo configuration script requires an initial admin password | ||
| COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1` | ||
| if [ "$COMPARE_VERSION" == "$OPENSEARCH_REQUIRED_VERSION" ]; then | ||
| bash $OPENSEARCH_HOME/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s -t |
There was a problem hiding this comment.
Ideally >=2.12.0 should use a strong password, but since this repo is using the scriptfile, it is possible to add this -t parameter and still use admin. This minimizes the surface area of this change.
|
Thanks @derek-ho! |
* Default admin password as admin Signed-off-by: Derek Ho <dxho@amazon.com> * Add 2.12.0 to matrix Signed-off-by: Derek Ho <dxho@amazon.com> * Export var Signed-off-by: Derek Ho <dxho@amazon.com> * Add version logic Signed-off-by: Derek Ho <dxho@amazon.com> * Get the version via the properties Signed-off-by: Derek Ho <dxho@amazon.com> * Invert the logic Signed-off-by: Derek Ho <dxho@amazon.com> * Only pull the version if it exists Signed-off-by: Derek Ho <dxho@amazon.com> * Only extract the version if it exists Signed-off-by: Derek Ho <dxho@amazon.com> --------- Signed-off-by: Derek Ho <dxho@amazon.com> (cherry picked from commit 41417d4)
* Default admin password as admin Signed-off-by: Derek Ho <dxho@amazon.com> * Add 2.12.0 to matrix Signed-off-by: Derek Ho <dxho@amazon.com> * Export var Signed-off-by: Derek Ho <dxho@amazon.com> * Add version logic Signed-off-by: Derek Ho <dxho@amazon.com> * Get the version via the properties Signed-off-by: Derek Ho <dxho@amazon.com> * Invert the logic Signed-off-by: Derek Ho <dxho@amazon.com> * Only pull the version if it exists Signed-off-by: Derek Ho <dxho@amazon.com> * Only extract the version if it exists Signed-off-by: Derek Ho <dxho@amazon.com> --------- Signed-off-by: Derek Ho <dxho@amazon.com> (cherry picked from commit 41417d4) Co-authored-by: Derek Ho <derek01778@gmail.com>
Description
Fixes the CI to pass in "admin" as the admin password if the version is >= 2.12. This is necessary since 2.12 and onwards requires an initial admin password to be set in order to run the security demo configuration.
Issues Resolved
List any issues this PR will resolve, e.g. Closes [...].
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.