Update admin default password in CI

ElliottKasoar · Mar 11, 2024 · f73b3c2 · f73b3c2
1 parent 1c4014b
commit f73b3c2
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 5 deletions.
diff --git a/.ci/opensearch/action.yml b/.ci/opensearch/action.yml
@@ -17,10 +17,10 @@ inputs:
     description: 'Port where you want to run OpenSearch'
     required: false
     default: 9200
-  opensearch_password:
+  opensearch-initial-admin-password:
     description: 'The password for the user admin in your cluster'
     required: false
-    default: 'admin'
+    default: 'myStrongPassword123!'
 
 runs:
   using: 'docker'
@@ -30,3 +30,4 @@ runs:
     NODES: ${{ inputs.nodes }}
     PORT: ${{ inputs.port }}
     SECURITY_ENABLED: ${{ inputs.security-enabled }}
+    OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${{ inputs.opensearch-initial-admin-password }}
diff --git a/.ci/opensearch/run-opensearch.sh b/.ci/opensearch/run-opensearch.sh
@@ -7,12 +7,20 @@ if [[ -z $OPENSEARCH_VERSION ]]; then
   exit 1
 fi
 
+OPENSEARCH_REQUIRED_VERSION="latest"
+# Starting in 2.12.0, security demo configuration script requires an initial admin password
+COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
+if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
+  OPENSEARCH_INITIAL_ADMIN_PASSWORD="admin"
+fi
+
+
 for (( node=1; node<=${NODES-1}; node++ ))
 do
   port=$((PORT + $node - 1))
 
   if [[ "$SECURITY_ENABLED" == "true" ]]; then
-    healthcmd="curl -vvv -s --insecure -u admin:admin --fail https://localhost:$port/_cluster/health || exit 1"
+    healthcmd="curl -vvv -s --insecure -u admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD --fail https://localhost:$port/_cluster/health || exit 1"
     security=($(cat <<-END
 
 END
@@ -34,6 +42,7 @@ END
     --env discovery.type=single-node \
     --env bootstrap.memory_lock=true \
     --env "OPENSEARCH_JAVA_OPTS=-Xms4g -Xmx4g" \
+    --env OPENSEARCH_INITIAL_ADMIN_PASSWORD=$OPENSEARCH_INITIAL_ADMIN_PASSWORD \
     "${security[@]}" \
     --publish "${port}:${port}" \
     --ulimit nofile=65536:65536 \

diff --git a/.github/workflows/opensearch.yml b/.github/workflows/opensearch.yml
@@ -44,4 +44,5 @@ jobs:
           poetry run python -m unittest -v tests
         env:
           port: 9250
+          opensearch-version: ${{ matrix.opensearch }}
           security_enabled: ${{ matrix.security-enabled }}
diff --git a/tests/cli.py b/tests/cli.py
@@ -20,10 +20,14 @@ def setUpClass(cls):
         cls.security_enabled = os.getenv("security_enabled") == "true"
         cls.port = int(os.environ["port"])
         cls.host = "localhost"
+        if os.environ["opensearch-version"] == "latest":
+            cls.credential = "admin:myStrongPassword123!"
+        else:
+            cls.credential = "admin:admin"
 
         logging.basicConfig(level=logging.INFO)
 
-        url = f"opensearch://admin:admin@{cls.host}:{cls.port}"
+        url = f"opensearch://{cls.credential}@{cls.host}:{cls.port}"
         if not cls.security_enabled:
             url += " --disable_ssl"
         try:

diff --git a/tests/opensearch.py b/tests/opensearch.py
@@ -27,10 +27,14 @@ def setUpClass(cls):
         cls.security_enabled = os.getenv("security_enabled") == "true"
         cls.port = int(os.environ["port"])
         cls.host = "localhost"
+        if os.environ["opensearch-version"] == "latest":
+            cls.credential = "admin:myStrongPassword123!"
+        else:
+            cls.credential = "admin:admin"
 
         logging.basicConfig(level=logging.INFO)
 
-        url = f"opensearch://admin:admin@{cls.host}:{cls.port}"
+        url = f"opensearch://{cls.credential}@{cls.host}:{cls.port}"
         try:
             abcd = ABCD.from_url(
                 url,