Remove references to the default credentials of admin:admin (opensear…

…ch-project#449) * Remove references to the default creds Signed-off-by: Derek Ho <[email protected]> * Address PR comments and fix CI for 2.12.0 release Signed-off-by: Derek Ho <[email protected]> * fix syntatic issues with the dockerfile Signed-off-by: Derek Ho <[email protected]> * add fi Signed-off-by: Derek Ho <[email protected]> * Add 2.12 into matrix Signed-off-by: Derek Ho <[email protected]> * Add version check Signed-off-by: Derek Ho <[email protected]> * Fix up Signed-off-by: Derek Ho <[email protected]> * fix version imports Signed-off-by: Derek Ho <[email protected]> * ci: add version check to dockerfile Signed-off-by: Jakob Hahn <[email protected]> * fix security integ test Signed-off-by: Jakob Hahn <[email protected]> --------- Signed-off-by: Derek Ho <[email protected]> Signed-off-by: Jakob Hahn <[email protected]> Co-authored-by: Jakob Hahn <[email protected]>
Jakob3xD · Mar 12, 2024 · acce269 · acce269
1 parent ee43c33
commit acce269
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 25 deletions.
diff --git a/.ci/opensearch/Dockerfile.opensearch b/.ci/opensearch/Dockerfile.opensearch
@@ -1,13 +1,25 @@
 ARG OPENSEARCH_VERSION
 FROM opensearchproject/opensearch:${OPENSEARCH_VERSION}
 
+ARG OPENSEARCH_VERSION
 ARG opensearch_path=/usr/share/opensearch
 ARG SECURE_INTEGRATION
 ENV SECURE_INTEGRATION=$SECURE_INTEGRATION
 
-RUN if [ "$SECURE_INTEGRATION" != "true" ] ; then $opensearch_path/bin/opensearch-plugin remove opensearch-security; fi
+# Starting in 2.12.0 security demo requires an initial admin password, which is set as myStrongPassword123!
+# https://apple.stackexchange.com/a/123408/11374
+RUN if [ "$SECURE_INTEGRATION" != "true" ] ; then \
+      $opensearch_path/bin/opensearch-plugin remove opensearch-security; \
+      else \
+        function version { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }; \
+        if [ $(version $OPENSEARCH_VERSION) -ge $(version "2.12.0") ] || [ $OPENSEARCH_VERSION == "latest" ]; then \
+          echo user admin:myStrongPassword123! > curl.conf ; \
+        else \
+          echo user admin:admin > curl.conf ; \
+        fi\
+      fi
 
 HEALTHCHECK --start-period=20s --interval=30s \
   CMD curl -sf -retry 5 --max-time 5 --retry-delay 5 --retry-max-time 30 \
-  $(if $SECURE_INTEGRATION; then echo "-u admin:admin -k https://"; fi)"localhost:9200" \
+  $(if $SECURE_INTEGRATION; then echo "-K curl.conf -k https://"; fi)"localhost:9200" \
   || bash -c 'kill -s 15 -1 && (sleep 10; kill -s 9 -1)'
diff --git a/.ci/opensearch/docker-compose.yml b/.ci/opensearch/docker-compose.yml
@@ -15,6 +15,7 @@ services:
       - discovery.type=single-node
       - bootstrap.memory_lock=true
       - path.repo=/usr/share/opensearch/mnt
+      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!
     ports:
       - "9200:9200"
     user: opensearch
diff --git a/.github/workflows/test-compatibility.yml b/.github/workflows/test-compatibility.yml
@@ -25,6 +25,7 @@ jobs:
           - { opensearch_version: 2.9.0 }
           - { opensearch_version: 2.10.0 }
           - { opensearch_version: 2.11.0 }
+          - { opensearch_version: 2.12.0 }
     steps:
       - uses: actions/checkout@v3
         with: { fetch-depth: 1 }

diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml
@@ -54,6 +54,6 @@ jobs:
         run: |
           make cluster.clean cluster.build cluster.start
           for attempt in `seq 25`; do sleep 5; \
-          if curl -s -ku admin:admin https://localhost:9200; \
+          if curl -s -ku admin:myStrongPassword123! https://localhost:9200; \
           then echo '=====> ready'; break; fi; if [ $attempt == 25 ]; then exit 1; fi; echo '=====> waiting...'; done
       - run: make test-integ-secure
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bumps `github.com/aws/aws-sdk-go-v2/config` from 1.25.11 to 1.27.0
 ### Added
 - Added new struct fields introduced by opensearch 2.12 ([#482](https://github.com/opensearch-project/opensearch-go/pull/482))
+- Adds initial admin password environment variable and CI changes to support 2.12.0 release ([#449](https://github.com/opensearch-project/opensearch-go/pull/449))
 ### Changed
 - Changed field opensearch_version of type NodesInfoPlugin to json.RawMessage as opensearch 3.0.0 uses an array instead of string ([#482](https://github.com/opensearch-project/opensearch-go/pull/482))
 ### Deprecated

diff --git a/guides/index_lifecycle.md b/guides/index_lifecycle.md
@@ -4,7 +4,7 @@ This guide covers OpenSearch Golang Client API actions for Index Lifecycle. You'
 
 ## Setup
 
-In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:admin`.
+In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:< admin password >`.
 
 To start the cluster, run the following command:
 
@@ -46,7 +46,7 @@ func example() error {
 				},
 				Addresses: []string{"https://localhost:9200"},
 				Username:  "admin", // For testing only. Don't store credentials in code.
-				Password:  "admin",
+				Password:  "< admin password >",
 			},
 		},
 	)

diff --git a/opensearch_secure_integration_test.go b/opensearch_secure_integration_test.go
@@ -26,6 +26,7 @@ package opensearch_test
 import (
 	"context"
 	"crypto/tls"
+	"errors"
 	"log"
 	"net/http"
 	"testing"
@@ -37,29 +38,29 @@ import (
 )
 
 func getSecuredClient() (*opensearchapi.Client, error) {
-	return opensearchapi.NewClient(
-		opensearchapi.Config{
-			Client: opensearch.Config{
-				Username:  "admin",
-				Password:  "admin",
-				Addresses: []string{"https://localhost:9200"},
-				Transport: &http.Transport{
-					TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	errs := make([]error, 0)
+	for _, password := range []string{"admin", "myStrongPassword123!"} {
+		client, _ := opensearchapi.NewClient(
+			opensearchapi.Config{
+				Client: opensearch.Config{
+					Username:  "admin",
+					Password:  password,
+					Addresses: []string{"https://localhost:9200"},
+					Transport: &http.Transport{
+						TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+					},
 				},
 			},
-		},
-	)
-}
-
-type clusterVersion struct {
-	Number       string `json:"number"`
-	BuildFlavor  string `json:"build_flavor"`
-	Distribution string `json:"distribution"`
-}
+		)
+		_, err := client.Info(nil, nil)
+		if err != nil {
+			errs = append(errs, err)
+			continue
+		}
+		return client, nil
+	}
+	return nil, errors.Join(errs...)
 
-type Info struct {
-	Version clusterVersion `json:"version"`
-	Tagline string         `json:"tagline"`
 }
 
 func TestSecuredClientAPI(t *testing.T) {