Pass in initial admin password and remove admin:admin references (#631)
* Update to pass in initial admin password Signed-off-by: Derek Ho <dxho@amazon.com> * Add changelog and logic to distinguish between versions Signed-off-by: Derek Ho <dxho@amazon.com> * fix syntax Signed-off-by: Derek Ho <dxho@amazon.com> * Revert tests Signed-off-by: Derek Ho <dxho@amazon.com> * Add 2.12 to the matrix and fix testing logic Signed-off-by: Derek Ho <dxho@amazon.com> * Fix version logic Signed-off-by: Derek Ho <dxho@amazon.com> * Try to split job into two batches Signed-off-by: Derek Ho <dxho@amazon.com> * Fix lint Signed-off-by: Derek Ho <dxho@amazon.com> * Change name Signed-off-by: Derek Ho <dxho@amazon.com> * Remove period Signed-off-by: Derek Ho <dxho@amazon.com> * Pull password dynamically Signed-off-by: Derek Ho <dxho@amazon.com> * Change to proper env var Signed-off-by: Derek Ho <dxho@amazon.com> * Try passing through Signed-off-by: Derek Ho <dxho@amazon.com> --------- Signed-off-by: Derek Ho <dxho@amazon.com> Signed-off-by: Derek Ho <derek01778@gmail.com>
This commit is contained in:
+11
-1
@@ -27,6 +27,7 @@ environment=($(cat <<-END
|
|||||||
--env path.repo=/tmp
|
--env path.repo=/tmp
|
||||||
--env repositories.url.allowed_urls=http://snapshot.test*
|
--env repositories.url.allowed_urls=http://snapshot.test*
|
||||||
--env action.destructive_requires_name=false
|
--env action.destructive_requires_name=false
|
||||||
|
--env OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!
|
||||||
END
|
END
|
||||||
))
|
))
|
||||||
|
|
||||||
@@ -54,6 +55,15 @@ END
|
|||||||
END
|
END
|
||||||
))
|
))
|
||||||
|
|
||||||
|
OPENSEARCH_REQUIRED_VERSION="2.12.0"
|
||||||
|
# Starting in 2.12.0, security demo configuration script requires an initial admin password
|
||||||
|
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
|
||||||
|
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
|
||||||
|
CREDENTIAL="admin:admin"
|
||||||
|
else
|
||||||
|
CREDENTIAL="admin:myStrongPassword123!"
|
||||||
|
fi
|
||||||
|
|
||||||
# make sure we detach for all but the last node if DETACH=false (default) so all nodes are started
|
# make sure we detach for all but the last node if DETACH=false (default) so all nodes are started
|
||||||
local_detach="true"
|
local_detach="true"
|
||||||
if [[ "$i" == "$((NUMBER_OF_NODES-1))" ]]; then local_detach=$DETACH; fi
|
if [[ "$i" == "$((NUMBER_OF_NODES-1))" ]]; then local_detach=$DETACH; fi
|
||||||
@@ -61,7 +71,7 @@ END
|
|||||||
set -x
|
set -x
|
||||||
healthcmd="curl -vvv -s --fail http://localhost:9200/_cluster/health || exit 1"
|
healthcmd="curl -vvv -s --fail http://localhost:9200/_cluster/health || exit 1"
|
||||||
if [[ "$SECURE_INTEGRATION" == "true" ]]; then
|
if [[ "$SECURE_INTEGRATION" == "true" ]]; then
|
||||||
healthcmd="curl -vvv -s --insecure -u admin:admin --fail https://localhost:9200/_cluster/health || exit 1"
|
healthcmd="curl -vvv -s --insecure -u $CREDENTIAL --fail https://localhost:9200/_cluster/health || exit 1"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
CLUSTER_TAG=$CLUSTER
|
CLUSTER_TAG=$CLUSTER
|
||||||
|
|||||||
+23
-1
@@ -30,7 +30,12 @@ docker build \
|
|||||||
echo -e "\033[1m>>>>> Run [opensearch-project/opensearch-py container] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>\033[0m"
|
echo -e "\033[1m>>>>> Run [opensearch-project/opensearch-py container] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>\033[0m"
|
||||||
|
|
||||||
mkdir -p junit
|
mkdir -p junit
|
||||||
docker run \
|
|
||||||
|
OPENSEARCH_REQUIRED_VERSION="2.12.0"
|
||||||
|
# Starting in 2.12.0, security demo configuration script requires an initial admin password
|
||||||
|
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
|
||||||
|
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
|
||||||
|
docker run \
|
||||||
--network=${network_name} \
|
--network=${network_name} \
|
||||||
--env "STACK_VERSION=${STACK_VERSION}" \
|
--env "STACK_VERSION=${STACK_VERSION}" \
|
||||||
--env "OPENSEARCH_URL=${opensearch_url}" \
|
--env "OPENSEARCH_URL=${opensearch_url}" \
|
||||||
@@ -39,9 +44,26 @@ docker run \
|
|||||||
--env "PYTHON_CONNECTION_CLASS=${PYTHON_CONNECTION_CLASS}" \
|
--env "PYTHON_CONNECTION_CLASS=${PYTHON_CONNECTION_CLASS}" \
|
||||||
--env "TEST_TYPE=server" \
|
--env "TEST_TYPE=server" \
|
||||||
--env "TEST_PATTERN=${TEST_PATTERN}" \
|
--env "TEST_PATTERN=${TEST_PATTERN}" \
|
||||||
|
--env "OPENSEARCH_INITIAL_ADMIN_PASSWORD=admin" \
|
||||||
--name opensearch-py \
|
--name opensearch-py \
|
||||||
--rm \
|
--rm \
|
||||||
opensearch-project/opensearch-py \
|
opensearch-project/opensearch-py \
|
||||||
python setup.py test
|
python setup.py test
|
||||||
|
else
|
||||||
|
docker run \
|
||||||
|
--network=${network_name} \
|
||||||
|
--env "STACK_VERSION=${STACK_VERSION}" \
|
||||||
|
--env "OPENSEARCH_URL=${opensearch_url}" \
|
||||||
|
--env "OPENSEARCH_VERSION=${OPENSEARCH_VERSION}" \
|
||||||
|
--env "TEST_SUITE=${TEST_SUITE}" \
|
||||||
|
--env "PYTHON_CONNECTION_CLASS=${PYTHON_CONNECTION_CLASS}" \
|
||||||
|
--env "TEST_TYPE=server" \
|
||||||
|
--env "TEST_PATTERN=${TEST_PATTERN}" \
|
||||||
|
--env "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" \
|
||||||
|
--name opensearch-py \
|
||||||
|
--rm \
|
||||||
|
opensearch-project/opensearch-py \
|
||||||
|
python setup.py test
|
||||||
|
fi
|
||||||
|
|
||||||
unset TEST_PATTERN
|
unset TEST_PATTERN
|
||||||
|
|||||||
@@ -3,8 +3,8 @@ name: Integration Tests
|
|||||||
on: [push, pull_request]
|
on: [push, pull_request]
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
integration:
|
integration-pre-212:
|
||||||
name: Integ
|
name: Integ-pre-212
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
@@ -22,3 +22,21 @@ jobs:
|
|||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
- name: Integ OpenSearch secured=${{ matrix.secured }} version=${{ matrix.opensearch_version }}
|
- name: Integ OpenSearch secured=${{ matrix.secured }} version=${{ matrix.opensearch_version }}
|
||||||
run: "./.ci/run-tests ${{ matrix.secured }} ${{ matrix.opensearch_version }}"
|
run: "./.ci/run-tests ${{ matrix.secured }} ${{ matrix.opensearch_version }}"
|
||||||
|
|
||||||
|
integration-post-212:
|
||||||
|
name: Integ-post-212
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
env:
|
||||||
|
OPENSEARCH_URL: 'https://admin:myStrongPassword123!@localhost:9200'
|
||||||
|
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
opensearch_version: [ '2.12.0', '2.13.0', '2.14.0' ]
|
||||||
|
secured: [ "true", "false" ]
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
- name: Integ OpenSearch secured=${{ matrix.secured }} version=${{ matrix.opensearch_version }}
|
||||||
|
run: "./.ci/run-tests ${{ matrix.secured }} ${{ matrix.opensearch_version }}"
|
||||||
|
|||||||
@@ -62,6 +62,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
|||||||
- Enhance generator to update changelog only if generated code differs from existing ([#684](https://github.com/opensearch-project/opensearch-py/pull/684))
|
- Enhance generator to update changelog only if generated code differs from existing ([#684](https://github.com/opensearch-project/opensearch-py/pull/684))
|
||||||
- Added guide for configuring ssl_assert_hostname ([#694](https://github.com/opensearch-project/opensearch-py/pull/694))
|
- Added guide for configuring ssl_assert_hostname ([#694](https://github.com/opensearch-project/opensearch-py/pull/694))
|
||||||
### Changed
|
### Changed
|
||||||
|
- Pass in initial admin password in setup and remove default `admin` password ([#631](https://github.com/opensearch-project/opensearch-py/pull/631))
|
||||||
- Updated the `get_policy` API in the index_management plugin to allow the policy_id argument as optional ([#633](https://github.com/opensearch-project/opensearch-py/pull/633))
|
- Updated the `get_policy` API in the index_management plugin to allow the policy_id argument as optional ([#633](https://github.com/opensearch-project/opensearch-py/pull/633))
|
||||||
- Updated the `point_in_time.md` guide with examples demonstrating the usage of the new APIs as alternatives to the deprecated ones. ([#661](https://github.com/opensearch-project/opensearch-py/pull/661))
|
- Updated the `point_in_time.md` guide with examples demonstrating the usage of the new APIs as alternatives to the deprecated ones. ([#661](https://github.com/opensearch-project/opensearch-py/pull/661))
|
||||||
### Deprecated
|
### Deprecated
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ This guide covers OpenSearch Python Client API actions for Index Lifecycle. You'
|
|||||||
|
|
||||||
## Setup
|
## Setup
|
||||||
|
|
||||||
In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:admin`.
|
In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:<admin password>`.
|
||||||
|
|
||||||
To start the cluster, run the following command:
|
To start the cluster, run the following command:
|
||||||
|
|
||||||
@@ -28,7 +28,7 @@ Let's create a client instance to access this cluster:
|
|||||||
from opensearchpy import OpenSearch
|
from opensearchpy import OpenSearch
|
||||||
|
|
||||||
client = OpenSearch(
|
client = OpenSearch(
|
||||||
hosts=['https://admin:admin@localhost:9200'],
|
hosts=['https://admin:<admin password>@localhost:9200'],
|
||||||
use_ssl=True,
|
use_ssl=True,
|
||||||
verify_certs=False
|
verify_certs=False
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ docker pull opensearchproject/opensearch:latest
|
|||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "discovery.type=single-node" opensearchproject/opensearch:latest
|
docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "discovery.type=single-node" -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=<admin password>" opensearchproject/opensearch:latest
|
||||||
```
|
```
|
||||||
|
|
||||||
## Setup Connection with OpenSearch
|
## Setup Connection with OpenSearch
|
||||||
@@ -44,11 +44,11 @@ docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "disco
|
|||||||
Create a client instance:
|
Create a client instance:
|
||||||
```python
|
```python
|
||||||
opensearch_client: Any = OpenSearch(
|
opensearch_client: Any = OpenSearch(
|
||||||
"https://admin:admin@localhost:9200",
|
"https://admin:<admin password>@localhost:9200",
|
||||||
use_ssl=True,
|
use_ssl=True,
|
||||||
verify_certs=False,
|
verify_certs=False,
|
||||||
ssl_show_warn=False,
|
ssl_show_warn=False,
|
||||||
http_auth=("admin", "admin"),
|
http_auth=("admin", "<admin password>"),
|
||||||
)
|
)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|||||||
@@ -25,6 +25,7 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
import os
|
||||||
from unittest import IsolatedAsyncioTestCase
|
from unittest import IsolatedAsyncioTestCase
|
||||||
|
|
||||||
from opensearchpy._async.helpers.test import get_test_client
|
from opensearchpy._async.helpers.test import get_test_client
|
||||||
@@ -38,8 +39,9 @@ class AsyncOpenSearchTestCase(IsolatedAsyncioTestCase):
|
|||||||
self,
|
self,
|
||||||
) -> None:
|
) -> None:
|
||||||
# pylint: disable=invalid-name,missing-function-docstring
|
# pylint: disable=invalid-name,missing-function-docstring
|
||||||
|
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
|
||||||
self.client = await get_test_client(
|
self.client = await get_test_client(
|
||||||
verify_certs=False, http_auth=("admin", "admin")
|
verify_certs=False, http_auth=("admin", password)
|
||||||
)
|
)
|
||||||
await add_connection("default", self.client)
|
await add_connection("default", self.client)
|
||||||
|
|
||||||
|
|||||||
@@ -10,6 +10,7 @@
|
|||||||
|
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
import os
|
||||||
from unittest import IsolatedAsyncioTestCase
|
from unittest import IsolatedAsyncioTestCase
|
||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
@@ -42,8 +43,9 @@ class TestSecurityPlugin(IsolatedAsyncioTestCase):
|
|||||||
|
|
||||||
async def asyncSetUp(self) -> None:
|
async def asyncSetUp(self) -> None:
|
||||||
# pylint: disable=invalid-name, missing-function-docstring
|
# pylint: disable=invalid-name, missing-function-docstring
|
||||||
|
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
|
||||||
self.client = await get_test_client(
|
self.client = await get_test_client(
|
||||||
verify_certs=False, http_auth=("admin", "admin")
|
verify_certs=False, http_auth=("admin", password)
|
||||||
)
|
)
|
||||||
await add_connection("default", self.client)
|
await add_connection("default", self.client)
|
||||||
|
|
||||||
|
|||||||
@@ -7,6 +7,7 @@
|
|||||||
# Modifications Copyright OpenSearch Contributors. See
|
# Modifications Copyright OpenSearch Contributors. See
|
||||||
# GitHub history for details.
|
# GitHub history for details.
|
||||||
|
|
||||||
|
import os
|
||||||
from unittest import TestCase
|
from unittest import TestCase
|
||||||
|
|
||||||
from opensearchpy import OpenSearch
|
from opensearchpy import OpenSearch
|
||||||
@@ -15,9 +16,10 @@ from opensearchpy.helpers.test import OPENSEARCH_URL
|
|||||||
|
|
||||||
class TestSecurity(TestCase):
|
class TestSecurity(TestCase):
|
||||||
def test_security(self) -> None:
|
def test_security(self) -> None:
|
||||||
|
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
|
||||||
client = OpenSearch(
|
client = OpenSearch(
|
||||||
OPENSEARCH_URL,
|
OPENSEARCH_URL,
|
||||||
http_auth=("admin", "admin"),
|
http_auth=("admin", password),
|
||||||
verify_certs=False,
|
verify_certs=False,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -10,6 +10,7 @@
|
|||||||
|
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
import os
|
||||||
from unittest import TestCase
|
from unittest import TestCase
|
||||||
|
|
||||||
from opensearchpy.connection.connections import add_connection
|
from opensearchpy.connection.connections import add_connection
|
||||||
@@ -36,7 +37,8 @@ class TestSecurityPlugin(TestCase):
|
|||||||
USER_CONTENT = {"password": "opensearchpy@123", "opendistro_security_roles": []}
|
USER_CONTENT = {"password": "opensearchpy@123", "opendistro_security_roles": []}
|
||||||
|
|
||||||
def setUp(self) -> None:
|
def setUp(self) -> None:
|
||||||
self.client = get_test_client(verify_certs=False, http_auth=("admin", "admin"))
|
password = os.environ.get("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin")
|
||||||
|
self.client = get_test_client(verify_certs=False, http_auth=("admin", password))
|
||||||
add_connection("default", self.client)
|
add_connection("default", self.client)
|
||||||
|
|
||||||
def tearDown(self) -> None:
|
def tearDown(self) -> None:
|
||||||
|
|||||||
Reference in New Issue
Block a user