Pass in initial admin password and remove admin:admin references (#631)

* Update to pass in initial admin password

Signed-off-by: Derek Ho <dxho@amazon.com>

* Add changelog and logic to distinguish between versions

Signed-off-by: Derek Ho <dxho@amazon.com>

* fix syntax

Signed-off-by: Derek Ho <dxho@amazon.com>

* Revert tests

Signed-off-by: Derek Ho <dxho@amazon.com>

* Add 2.12 to the matrix and fix testing logic

Signed-off-by: Derek Ho <dxho@amazon.com>

* Fix version logic

Signed-off-by: Derek Ho <dxho@amazon.com>

* Try to split job into two batches

Signed-off-by: Derek Ho <dxho@amazon.com>

* Fix lint

Signed-off-by: Derek Ho <dxho@amazon.com>

* Change name

Signed-off-by: Derek Ho <dxho@amazon.com>

* Remove period

Signed-off-by: Derek Ho <dxho@amazon.com>

* Pull password dynamically

Signed-off-by: Derek Ho <dxho@amazon.com>

* Change to proper env var

Signed-off-by: Derek Ho <dxho@amazon.com>

* Try passing through

Signed-off-by: Derek Ho <dxho@amazon.com>

---------

Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Derek Ho <derek01778@gmail.com>
This commit is contained in:
Derek Ho
2024-06-18 11:44:21 -04:00
committed by GitHub
parent a1d27ca077
commit d3177a8bcb
10 changed files with 72 additions and 13 deletions
+11 -1
View File
@@ -27,6 +27,7 @@ environment=($(cat <<-END
--env path.repo=/tmp
--env repositories.url.allowed_urls=http://snapshot.test*
--env action.destructive_requires_name=false
--env OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!
END
))
@@ -54,6 +55,15 @@ END
END
))
OPENSEARCH_REQUIRED_VERSION="2.12.0"
# Starting in 2.12.0, security demo configuration script requires an initial admin password
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
CREDENTIAL="admin:admin"
else
CREDENTIAL="admin:myStrongPassword123!"
fi
# make sure we detach for all but the last node if DETACH=false (default) so all nodes are started
local_detach="true"
if [[ "$i" == "$((NUMBER_OF_NODES-1))" ]]; then local_detach=$DETACH; fi
@@ -61,7 +71,7 @@ END
set -x
healthcmd="curl -vvv -s --fail http://localhost:9200/_cluster/health || exit 1"
if [[ "$SECURE_INTEGRATION" == "true" ]]; then
healthcmd="curl -vvv -s --insecure -u admin:admin --fail https://localhost:9200/_cluster/health || exit 1"
healthcmd="curl -vvv -s --insecure -u $CREDENTIAL --fail https://localhost:9200/_cluster/health || exit 1"
fi
CLUSTER_TAG=$CLUSTER
+23 -1
View File
@@ -30,7 +30,12 @@ docker build \
echo -e "\033[1m>>>>> Run [opensearch-project/opensearch-py container] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>\033[0m"
mkdir -p junit
docker run \
OPENSEARCH_REQUIRED_VERSION="2.12.0"
# Starting in 2.12.0, security demo configuration script requires an initial admin password
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
docker run \
--network=${network_name} \
--env "STACK_VERSION=${STACK_VERSION}" \
--env "OPENSEARCH_URL=${opensearch_url}" \
@@ -39,9 +44,26 @@ docker run \
--env "PYTHON_CONNECTION_CLASS=${PYTHON_CONNECTION_CLASS}" \
--env "TEST_TYPE=server" \
--env "TEST_PATTERN=${TEST_PATTERN}" \
--env "OPENSEARCH_INITIAL_ADMIN_PASSWORD=admin" \
--name opensearch-py \
--rm \
opensearch-project/opensearch-py \
python setup.py test
else
docker run \
--network=${network_name} \
--env "STACK_VERSION=${STACK_VERSION}" \
--env "OPENSEARCH_URL=${opensearch_url}" \
--env "OPENSEARCH_VERSION=${OPENSEARCH_VERSION}" \
--env "TEST_SUITE=${TEST_SUITE}" \
--env "PYTHON_CONNECTION_CLASS=${PYTHON_CONNECTION_CLASS}" \
--env "TEST_TYPE=server" \
--env "TEST_PATTERN=${TEST_PATTERN}" \
--env "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" \
--name opensearch-py \
--rm \
opensearch-project/opensearch-py \
python setup.py test
fi
unset TEST_PATTERN
+20 -2
View File
@@ -3,8 +3,8 @@ name: Integration Tests
on: [push, pull_request]
jobs:
integration:
name: Integ
integration-pre-212:
name: Integ-pre-212
runs-on: ubuntu-latest
strategy:
fail-fast: false
@@ -22,3 +22,21 @@ jobs:
uses: actions/checkout@v3
- name: Integ OpenSearch secured=${{ matrix.secured }} version=${{ matrix.opensearch_version }}
run: "./.ci/run-tests ${{ matrix.secured }} ${{ matrix.opensearch_version }}"
integration-post-212:
name: Integ-post-212
runs-on: ubuntu-latest
env:
OPENSEARCH_URL: 'https://admin:myStrongPassword123!@localhost:9200'
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
strategy:
fail-fast: false
matrix:
opensearch_version: [ '2.12.0', '2.13.0', '2.14.0' ]
secured: [ "true", "false" ]
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Integ OpenSearch secured=${{ matrix.secured }} version=${{ matrix.opensearch_version }}
run: "./.ci/run-tests ${{ matrix.secured }} ${{ matrix.opensearch_version }}"
+1
View File
@@ -62,6 +62,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Enhance generator to update changelog only if generated code differs from existing ([#684](https://github.com/opensearch-project/opensearch-py/pull/684))
- Added guide for configuring ssl_assert_hostname ([#694](https://github.com/opensearch-project/opensearch-py/pull/694))
### Changed
- Pass in initial admin password in setup and remove default `admin` password ([#631](https://github.com/opensearch-project/opensearch-py/pull/631))
- Updated the `get_policy` API in the index_management plugin to allow the policy_id argument as optional ([#633](https://github.com/opensearch-project/opensearch-py/pull/633))
- Updated the `point_in_time.md` guide with examples demonstrating the usage of the new APIs as alternatives to the deprecated ones. ([#661](https://github.com/opensearch-project/opensearch-py/pull/661))
### Deprecated
+2 -2
View File
@@ -13,7 +13,7 @@ This guide covers OpenSearch Python Client API actions for Index Lifecycle. You'
## Setup
In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:admin`.
In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:<admin password>`.
To start the cluster, run the following command:
@@ -28,7 +28,7 @@ Let's create a client instance to access this cluster:
from opensearchpy import OpenSearch
client = OpenSearch(
hosts=['https://admin:admin@localhost:9200'],
hosts=['https://admin:<admin password>@localhost:9200'],
use_ssl=True,
verify_certs=False
)
+3 -3
View File
@@ -36,7 +36,7 @@ docker pull opensearchproject/opensearch:latest
```
```
docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "discovery.type=single-node" opensearchproject/opensearch:latest
docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "discovery.type=single-node" -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=<admin password>" opensearchproject/opensearch:latest
```
## Setup Connection with OpenSearch
@@ -44,11 +44,11 @@ docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "disco
Create a client instance:
```python
opensearch_client: Any = OpenSearch(
"https://admin:admin@localhost:9200",
"https://admin:<admin password>@localhost:9200",
use_ssl=True,
verify_certs=False,
ssl_show_warn=False,
http_auth=("admin", "admin"),
http_auth=("admin", "<admin password>"),
)
```
@@ -25,6 +25,7 @@
# under the License.
import os
from unittest import IsolatedAsyncioTestCase
from opensearchpy._async.helpers.test import get_test_client
@@ -38,8 +39,9 @@ class AsyncOpenSearchTestCase(IsolatedAsyncioTestCase):
self,
) -> None:
# pylint: disable=invalid-name,missing-function-docstring
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
self.client = await get_test_client(
verify_certs=False, http_auth=("admin", "admin")
verify_certs=False, http_auth=("admin", password)
)
await add_connection("default", self.client)
@@ -10,6 +10,7 @@
from __future__ import unicode_literals
import os
from unittest import IsolatedAsyncioTestCase
import pytest
@@ -42,8 +43,9 @@ class TestSecurityPlugin(IsolatedAsyncioTestCase):
async def asyncSetUp(self) -> None:
# pylint: disable=invalid-name, missing-function-docstring
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
self.client = await get_test_client(
verify_certs=False, http_auth=("admin", "admin")
verify_certs=False, http_auth=("admin", password)
)
await add_connection("default", self.client)
@@ -7,6 +7,7 @@
# Modifications Copyright OpenSearch Contributors. See
# GitHub history for details.
import os
from unittest import TestCase
from opensearchpy import OpenSearch
@@ -15,9 +16,10 @@ from opensearchpy.helpers.test import OPENSEARCH_URL
class TestSecurity(TestCase):
def test_security(self) -> None:
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
client = OpenSearch(
OPENSEARCH_URL,
http_auth=("admin", "admin"),
http_auth=("admin", password),
verify_certs=False,
)
@@ -10,6 +10,7 @@
from __future__ import unicode_literals
import os
from unittest import TestCase
from opensearchpy.connection.connections import add_connection
@@ -36,7 +37,8 @@ class TestSecurityPlugin(TestCase):
USER_CONTENT = {"password": "opensearchpy@123", "opendistro_security_roles": []}
def setUp(self) -> None:
self.client = get_test_client(verify_certs=False, http_auth=("admin", "admin"))
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
self.client = get_test_client(verify_certs=False, http_auth=("admin", password))
add_connection("default", self.client)
def tearDown(self) -> None: