Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extracts demo configuration script to a java tool #3669

Merged

Conversation

DarshitChanpura
Copy link
Member

@DarshitChanpura DarshitChanpura commented Nov 8, 2023

Description

This change extracts the core demo configuration install script to java tool to allow re-usability while leveraging that OpenSearch itself is JAVA process. All other tools shipped by security are java tools, and now with this PR, demo configuration setup will also be a java tool.

  • Category : Enhancement, Refactoring

  • Why these changes are required?
    The need to implement these changes arose from the requirement to replace default admin credentials with a custom provided admin password.

  • What is the old behavior before changes and new behavior after changes?
    The script execution behavior has changed slightly. Here's how:

  1. Script now also validates custom provided password, and fails if it doesn't meet minimum requirements
  2. Script now accepts a new option -t to skip password validation for test environments.
  3. Previously, the script would fail if no password was provided. Now, the script would generate and set a random password instead.

Issues Resolved

Testing

Automated testing will be implemented in a follow-up PR.

Manual testing.

Tests:

1. Works without any options:
tools ./install_demo_configuration.sh
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: I:0―₽″h9¢
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)tools
  1. Works as before with existing options supplied
a. `-h`
tools ./install_demo_configuration.sh -h
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
install_demo_configuration.sh [-y] [-i] [-c]
  -h show help
  -y confirm all installation dialogues automatically
  -i initialize Security plugin with default configuration (default is to ask if -y is not given)
  -c enable cluster mode by binding to all network interfaces (default is to ask if -y is not given)
  -s skip updates if config is already applied to opensearch.yml
  -t set the execution environment to `test` to skip password validation. Should be used only for testing. (default is set to `demo`)
b. `-y`
tools ./install_demo_configuration.sh -y
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: ‛5ij¼₢₣Wvcq
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### After the whole cluster is up execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### After that you can also use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
c. `-i`
tools ./install_demo_configuration.sh -i
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] y
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: ½1S\‰…†²°9lI¿‡b
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)tools
d. `-c`
tools ./install_demo_configuration.sh -c
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: 2»jb'”1″BK
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)tools
e. `-s`
tools ./install_demo_configuration.sh -s
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml seems to be already configured for Security. Quit.
3. Sets the custom admin password, if one is supplied
tools export initialAdminPassword=43a5knwZKGmvtools ./install_demo_configuration.sh
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
	***************************************************
		ADMIN PASSWORD SET TO: 43a5knwZKGmv
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)tools export initialAdminPassword=admintoolstoolstoolstoolstoolstoolstools export initialAdminPassword=admintools ./install_demo_configuration.sh
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
Password admin is weak. Please re-try with a stronger password.
4. Generates a random password, if one is not supplied
tools ./install_demo_configuration.sh
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: YW¢+(7₦a₸
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)tools
5. Accepts a new option `-t` to disable password validation for test environment
tools export initialAdminPassword=admintools ./install_demo_configuration.sh -y
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
Password admin is weak. Please re-try with a stronger password.tools ./install_demo_configuration.sh -y -t
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
	***************************************************
		ADMIN PASSWORD SET TO: admin
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### After the whole cluster is up execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### After that you can also use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)tools

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
…tion and removes temp scripts

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
…e directory path

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
…t as execution environment

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Copy link
Member Author

CI plugin-install failed with:

**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************


OpenSearch Security Demo Installer
** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] Initialize Security Modules? [y/N] Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] OpenSearch install type: .tar.gz on Linux 6.2.0-1015-azure amd64
OpenSearch config dir: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: compress-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
Password continuous-silver is weak. Please re-try with a stronger password.

Script is doing what it is supposed to. I will update the CI task to pass option -t and that should skip password-validation

…-validation

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
…uction to demo

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Copy link
Member Author

DarshitChanpura commented Nov 10, 2023

Spotbugs CI check will be fixed once #3676 is merged

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Copy link
Member Author

@cwperks @RyanL1997 @scrawfor99 @peternied Could I get some reviews on this ?

tools/install_demo_configuration.sh Outdated Show resolved Hide resolved
tools/install_demo_configuration.sh Outdated Show resolved Hide resolved
Copy link

codecov bot commented Nov 15, 2023

Codecov Report

Merging #3669 (f9fb8b3) into main (ee66199) will increase coverage by 0.36%.
Report is 2 commits behind head on main.
The diff coverage is 10.10%.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #3669      +/-   ##
==========================================
+ Coverage   64.88%   65.25%   +0.36%     
==========================================
  Files         292      297       +5     
  Lines       20776    21127     +351     
  Branches     3409     3451      +42     
==========================================
+ Hits        13481    13786     +305     
- Misses       5606     5643      +37     
- Partials     1689     1698       +9     
Files Coverage Δ
.../org/opensearch/security/auth/BackendRegistry.java 77.92% <100.00%> (+15.38%) ⬆️
...g/opensearch/security/filter/SecurityResponse.java 96.29% <100.00%> (+3.43%) ⬆️
...org/opensearch/security/httpclient/HttpClient.java 86.13% <ø> (ø)
...curity/securityconf/impl/AllowlistingSettings.java 75.00% <100.00%> (ø)
...curity/securityconf/impl/WhitelistingSettings.java 75.00% <100.00%> (ø)
...dlic/auth/http/saml/AuthTokenProcessorHandler.java 50.28% <50.00%> (ø)
...opensearch/security/filter/SecurityRestFilter.java 83.84% <50.00%> (+14.61%) ⬆️
...ecurity/tools/democonfig/ExecutionEnvironment.java 0.00% <0.00%> (ø)
...ic/auth/http/kerberos/HTTPSpnegoAuthenticator.java 0.00% <0.00%> (ø)
...search/security/tools/democonfig/Certificates.java 0.00% <0.00%> (ø)
... and 3 more

... and 33 files with indirect coverage changes

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Copy link
Collaborator

@RyanL1997 RyanL1997 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @DarshitChanpura , thanks for putting this together. In generally, this is java tool is well structured and clear, and I just left some comments.

Copy link
Member

@cwperks cwperks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Took a first pass. This change looks good to me.

What tests should be added for this PR? I'd love to have a bwc test where the old script is run in 2.11 w/ the bash script and another with the Java version of the script and show that the output is identical.

Copy link
Contributor

@stephen-crawford stephen-crawford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very good to me, just a few comments but overall great job with this.

Can we also unit tests each of these parts now?

@DarshitChanpura
Copy link
Member Author

Can we also unit tests each of these parts now?

I have a follow-up PR that I'm working on to specifically add tests for this.

@DarshitChanpura
Copy link
Member Author

@RyanL1997 @cwperks @scrawfor99 Thank you for the detailed feedback!!
I've addressed all comments and pushed the changes. Feel free to re-review/resolve the conversations.

Copy link
Contributor

@stephen-crawford stephen-crawford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me ! Thanks DC :)

Copy link
Collaborator

@RyanL1997 RyanL1997 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Nice work @DarshitChanpura !

@RyanL1997
Copy link
Collaborator

I think we have unit tests which require the old default password be valid. If there is someway to replace this or this is not the case, I agree with Ryan.

Hi @scrawfor99 and @DarshitChanpura. Since I previously resolved the comment, I will reply it here for future reference. I think the unit tests has its own test configuration and that will be fine, but it does impact the integration test. But we can have a workaround in CI. You can reference to the experimental work I did here:
https://github.com/opensearch-project/security/pull/3449/files#diff-b803fcb7f17ed9235f1e5cb1fcd2f5d3b2838429d4368ae4c57ce4436577f03fR65

And the impact tests is in this comment: https://github.com/opensearch-project/security/pull/3449/files#r1346368658

@DarshitChanpura DarshitChanpura merged commit 17748b9 into opensearch-project:main Nov 17, 2023
78 of 79 checks passed
DarshitChanpura added a commit to DarshitChanpura/security that referenced this pull request Dec 13, 2023
…#3669)

This change extracts the core demo configuration install script to java
tool to allow re-usability while leveraging that OpenSearch itself is
JAVA process. All other tools shipped by security are java tools, and
now with this PR, demo configuration setup will also be a java tool.

---------

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
cwperks pushed a commit that referenced this pull request Dec 18, 2023
…t for Bundled JDK for this tool and updates DEVELOPER_GUIDE.md (#3845)

### Description
Backports following commits related to demo configuration tool from main
to 2.x:

- [x]
[17748b9](17748b9)
from #3669
- [x]
[4496440](4496440)
from #3734
- [x]
[06d8c29](06d8c29)
from #3777
- [x]
[e698315](e698315)
from #3807
- [x]
[9d11524](9d11524)
from #3843
- [x]
[62aed21](62aed21)
from #3850
- [x]
[ceabe13](ceabe13)
from #3844

### Issues Resolved
- Related to #3827


### Testing
- automated tests

### Check List
- [x] New functionality includes testing
- [x] New functionality has been documented
- [x] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com>
@cwperks cwperks mentioned this pull request Oct 1, 2024
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Extracting install_demo_configuration script to a standalone Java Tool
7 participants