Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pass in initial admin password and remove admin:admin references #631

Merged
merged 16 commits into from
Jun 18, 2024
Merged

Pass in initial admin password and remove admin:admin references #631

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
5a70790
Update to pass in initial admin password
derek-ho Dec 14, 2023
065e1bc
Add changelog and logic to distinguish between versions
derek-ho Dec 28, 2023
b91a8ec
fix syntax
derek-ho Dec 28, 2023
db0e15a
Revert tests
derek-ho Dec 28, 2023
50970d8
Merge branch 'main' into main
derek-ho Feb 27, 2024
02a0d70
Add 2.12 to the matrix and fix testing logic
derek-ho Feb 27, 2024
8d6fcbb
Merge branch 'main' of github.com:derek-ho/opensearch-py
derek-ho Feb 27, 2024
9d2c999
Fix version logic
derek-ho Feb 27, 2024
05eaded
Merge branch 'main' of github.com:opensearch-project/opensearch-py
derek-ho Jun 17, 2024
7892fdc
Try to split job into two batches
derek-ho Jun 17, 2024
2639850
Fix lint
derek-ho Jun 17, 2024
85b923c
Change name
derek-ho Jun 17, 2024
38a676f
Remove period
derek-ho Jun 17, 2024
cf5602f
Pull password dynamically
derek-ho Jun 17, 2024
ac76aae
Change to proper env var
derek-ho Jun 18, 2024
e5cd848
Try passing through
derek-ho Jun 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion .ci/run-opensearch.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ environment=($(cat <<-END
--env path.repo=/tmp
--env repositories.url.allowed_urls=http://snapshot.test*
--env action.destructive_requires_name=false
--env OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!
END
))

Expand Down Expand Up @@ -54,14 +55,23 @@ END
END
))

OPENSEARCH_REQUIRED_VERSION="2.12.0"
# Starting in 2.12.0, security demo configuration script requires an initial admin password
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
CREDENTIAL="admin:admin"
else
CREDENTIAL="admin:myStrongPassword123!"
fi

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't work for 2.13, will it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should since admin credentials changes were released in 2.12. If you are referencing script execution in general, it works as expected returning admin:admin for versions <2.12 and admin:myStronPassword123! for those >= 2.12

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, but wouldn't it be simpler to just set OPENSEARCH_USERNAME and OPENSEARCH_PASSWORD in env: in the workflow?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it should be, however on line 64 we make a status check call that would require the correct credentials to be passed.

# make sure we detach for all but the last node if DETACH=false (default) so all nodes are started
local_detach="true"
if [[ "$i" == "$((NUMBER_OF_NODES-1))" ]]; then local_detach=$DETACH; fi

set -x
healthcmd="curl -vvv -s --fail http://localhost:9200/_cluster/health || exit 1"
if [[ "$SECURE_INTEGRATION" == "true" ]]; then
healthcmd="curl -vvv -s --insecure -u admin:admin --fail https://localhost:9200/_cluster/health || exit 1"
healthcmd="curl -vvv -s --insecure -u $CREDENTIAL --fail https://localhost:9200/_cluster/health || exit 1"
fi

CLUSTER_TAG=$CLUSTER
Expand Down
1 change: 1 addition & 0 deletions .ci/run-repository.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ docker run \
--env "PYTHON_CONNECTION_CLASS=${PYTHON_CONNECTION_CLASS}" \
--env "TEST_TYPE=server" \
--env "TEST_PATTERN=${TEST_PATTERN}" \
--env "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could avoid the entire if, versions < 2.12 don't care if you set this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, we can skip it but I was having trouble reading the env correctly within the testing code itself to determine which credentials to use when setting up the connection. It seems that I needed to set the env. in the sh file right before the tests ran for it to work. Not sure if there is a simpler way.

--name opensearch-py \
--rm \
opensearch-project/opensearch-py \
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
strategy:
fail-fast: false
matrix:
opensearch_version: [ '1.0.1', '1.1.0', '1.2.4', '1.3.7', '2.0.1', '2.1.0', '2.2.1', '2.3.0', '2.4.0', '2.5.0', '2.6.0', '2.7.0', '2.8.0', '2.9.0', '2.10.0', '2.11.1' ]
opensearch_version: [ '1.0.1', '1.1.0', '1.2.4', '1.3.7', '2.0.1', '2.1.0', '2.2.1', '2.3.0', '2.4.0', '2.5.0', '2.6.0', '2.7.0', '2.8.0', '2.9.0', '2.10.0', '2.11.1', '2.12.0' ]
secured: [ "true", "false" ]
exclude:
# https://github.com/opensearch-project/opensearch-py/issues/612
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Enhance generator to update changelog only if generated code differs from existing ([#684](https://github.com/opensearch-project/opensearch-py/pull/684))
- Added guide for configuring ssl_assert_hostname ([#694](https://github.com/opensearch-project/opensearch-py/pull/694))
### Changed
- Pass in initial admin password in setup and remove default `admin` password ([#631](https://github.com/opensearch-project/opensearch-py/pull/631))
- Updated the `get_policy` API in the index_management plugin to allow the policy_id argument as optional ([#633](https://github.com/opensearch-project/opensearch-py/pull/633))
- Updated the `point_in_time.md` guide with examples demonstrating the usage of the new APIs as alternatives to the deprecated ones. ([#661](https://github.com/opensearch-project/opensearch-py/pull/661))
### Deprecated
Expand Down
4 changes: 2 additions & 2 deletions guides/index_lifecycle.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ This guide covers OpenSearch Python Client API actions for Index Lifecycle. You'

## Setup

In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:admin`.
In this guide, we will need an OpenSearch cluster with more than one node. Let's use the sample [docker-compose.yml](https://opensearch.org/samples/docker-compose.yml) to start a cluster with two nodes. The cluster's API will be available at `localhost:9200` with basic authentication enabled with default username and password of `admin:<admin password>`.

To start the cluster, run the following command:

Expand All @@ -28,7 +28,7 @@ Let's create a client instance to access this cluster:
from opensearchpy import OpenSearch

client = OpenSearch(
hosts=['https://admin:admin@localhost:9200'],
hosts=['https://admin:<admin password>@localhost:9200'],
use_ssl=True,
verify_certs=False
)
Expand Down
6 changes: 3 additions & 3 deletions guides/log_collection.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,19 +36,19 @@ docker pull opensearchproject/opensearch:latest
```

```
docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "discovery.type=single-node" opensearchproject/opensearch:latest
docker run -d -p 9200:9200 -p 9600:9600 --name opensearch_opensearch_1 -e "discovery.type=single-node" -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=<admin password>" opensearchproject/opensearch:latest
```

## Setup Connection with OpenSearch

Create a client instance:
```python
opensearch_client: Any = OpenSearch(
"https://admin:admin@localhost:9200",
"https://admin:<admin password>@localhost:9200",
use_ssl=True,
verify_certs=False,
ssl_show_warn=False,
http_auth=("admin", "admin"),
http_auth=("admin", "<admin password>"),
)
```

Expand Down
Loading