Skip to content

Commit

Permalink
Remove instances of hard admin credentials (opensearch-project#981)
Browse files Browse the repository at this point in the history
* Remove instances of hard admin credentials

opensearch-project/opensearch-build#4302

Signed-off-by: Derek Ho <[email protected]>
  • Loading branch information
derek-ho authored Jan 10, 2024
1 parent 1fa3e2b commit 8391566
Show file tree
Hide file tree
Showing 14 changed files with 49 additions and 23 deletions.
10 changes: 6 additions & 4 deletions .github/workflows/release-e2e-workflow-template-windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Set up JDK
uses: actions/setup-java@v1
Expand Down Expand Up @@ -62,8 +64,8 @@ jobs:
else
echo "Keep OpenSearch Security"
nohup ./opensearch-windows-install.bat &
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do echo sleeping 5; sleep 5; done'
curl -sk https://localhost:9200/_cluster/health?pretty -u admin:admin
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do echo sleeping 5; sleep 5; done'
curl -sk https://localhost:9200/_cluster/health?pretty -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
fi
netstat -anP tcp | grep LISTEN | grep 9200 || netstat -ntlp | grep 9200
shell: bash
Expand Down Expand Up @@ -104,8 +106,8 @@ jobs:
else
echo "Keep Dashboards Security"
bin/opensearch-dashboards.bat &
timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin:admin | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done'
curl -sk localhost:5601/api/status -u admin:admin | jq
timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done'
curl -sk localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} | jq
fi
netstat -anP tcp | grep LISTEN | grep 5601 || netstat -ntlp | grep 5601
shell: bash
Expand Down
10 changes: 6 additions & 4 deletions .github/workflows/release-e2e-workflow-template.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Set up JDK
uses: actions/setup-java@v1
Expand Down Expand Up @@ -61,8 +63,8 @@ jobs:
else
echo "Keep OpenSearch Security"
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
curl https://localhost:9200 -u admin:admin --insecure
timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
curl https://localhost:9200 -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} --insecure
fi
- name: Get OpenSearch-Dashboards
run: |
Expand Down Expand Up @@ -92,8 +94,8 @@ jobs:
else
echo "Keep Dashboards Security"
bin/opensearch-dashboards serve ${{ inputs.osd-serve-args }} &
timeout 300 bash -c 'while [[ "$(curl -u admin:admin -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done'
curl http://localhost:5601/api/status -u admin:admin --insecure
timeout 300 bash -c 'while [[ "$(curl -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done'
curl http://localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} --insecure
fi
- name: Get Cypress version
id: cypress_version
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/release-signoff-chrome.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/release-signoff-chromium-ad-only.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/release-signoff-chromium-ism-only.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/release-signoff-chromium.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/release-signoff-electron.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/release-signoff-firefox.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ jobs:
TERM: xterm
# make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
# 2.12 onwards security demo configuration require a custom admin password
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
steps:
- name: Checkout functional-test
uses: actions/checkout@v2
Expand All @@ -29,7 +31,7 @@ jobs:
tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
cd opensearch-${{ env.VERSION }}/
./opensearch-tar-install.sh &
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
- name: Get OpenSearch-Dashboards
run: |
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz
Expand Down
2 changes: 1 addition & 1 deletion cypress.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"SECURITY_ENABLED": false,
"AGGREGATION_VIEW": false,
"username": "admin",
"password": "admin",
"password": "myStrongPassword123!",
"ENDPOINT_WITH_PROXY": false,
"MANAGED_SERVICE_ENDPOINT": false,
"VISBUILDER_ENABLED": true,
Expand Down
10 changes: 6 additions & 4 deletions integtest.sh
100755 → 100644
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,13 @@ fi

if [ -z "$CREDENTIAL" ]
then
CREDENTIAL="admin:admin"
USERNAME=`echo $CREDENTIAL | awk -F ':' '{print $1}'`
PASSWORD=`echo $CREDENTIAL | awk -F ':' '{print $2}'`
# Starting in 2.12.0, security demo configuration script requires an initial admin password
CREDENTIAL="admin:myStrongPassword123!"
fi

USERNAME=`echo $CREDENTIAL | awk -F ':' '{print $1}'`
PASSWORD=`echo $CREDENTIAL | awk -F ':' '{print $2}'`

# User can send custom browser path through env variable
if [ -z "$BROWSER_PATH" ]
then
Expand Down Expand Up @@ -113,4 +115,4 @@ then
else
echo "run security disabled tests"
yarn cypress:run-without-security --browser "$BROWSER_PATH" --spec "$TEST_FILES"
fi
fi

0 comments on commit 8391566

Please sign in to comment.