diff --git a/.ci/opensearch/action.yml b/.ci/opensearch/action.yml index bb516d35..f917a612 100644 --- a/.ci/opensearch/action.yml +++ b/.ci/opensearch/action.yml @@ -17,10 +17,10 @@ inputs: description: 'Port where you want to run OpenSearch' required: false default: 9200 - opensearch_password: + opensearch-initial-admin-password: description: 'The password for the user admin in your cluster' required: false - default: 'admin' + default: 'myStrongPassword123!' runs: using: 'docker' @@ -30,3 +30,4 @@ runs: NODES: ${{ inputs.nodes }} PORT: ${{ inputs.port }} SECURITY_ENABLED: ${{ inputs.security-enabled }} + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${{ inputs.opensearch-initial-admin-password }} diff --git a/.ci/opensearch/run-opensearch.sh b/.ci/opensearch/run-opensearch.sh index 22adc630..9c380a2f 100755 --- a/.ci/opensearch/run-opensearch.sh +++ b/.ci/opensearch/run-opensearch.sh @@ -7,12 +7,20 @@ if [[ -z $OPENSEARCH_VERSION ]]; then exit 1 fi +OPENSEARCH_REQUIRED_VERSION="latest" +# Starting in 2.12.0, security demo configuration script requires an initial admin password +COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1` +if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then + OPENSEARCH_INITIAL_ADMIN_PASSWORD="admin" +fi + + for (( node=1; node<=${NODES-1}; node++ )) do port=$((PORT + $node - 1)) if [[ "$SECURITY_ENABLED" == "true" ]]; then - healthcmd="curl -vvv -s --insecure -u admin:admin --fail https://localhost:$port/_cluster/health || exit 1" + healthcmd="curl -vvv -s --insecure -u admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD --fail https://localhost:$port/_cluster/health || exit 1" security=($(cat <<-END END @@ -34,6 +42,7 @@ END --env discovery.type=single-node \ --env bootstrap.memory_lock=true \ --env "OPENSEARCH_JAVA_OPTS=-Xms4g -Xmx4g" \ + --env OPENSEARCH_INITIAL_ADMIN_PASSWORD=$OPENSEARCH_INITIAL_ADMIN_PASSWORD \ "${security[@]}" \ --publish "${port}:${port}" \ --ulimit nofile=65536:65536 \ diff --git a/.github/workflows/opensearch.yml b/.github/workflows/opensearch.yml index 57acee44..cb164601 100644 --- a/.github/workflows/opensearch.yml +++ b/.github/workflows/opensearch.yml @@ -44,4 +44,5 @@ jobs: poetry run python -m unittest -v tests env: port: 9250 + opensearch-version: ${{ matrix.opensearch }} security_enabled: ${{ matrix.security-enabled }} diff --git a/tests/cli.py b/tests/cli.py index 40820251..b534f782 100644 --- a/tests/cli.py +++ b/tests/cli.py @@ -20,10 +20,14 @@ def setUpClass(cls): cls.security_enabled = os.getenv("security_enabled") == "true" cls.port = int(os.environ["port"]) cls.host = "localhost" + if os.environ["opensearch-version"] == "latest": + cls.credential = "admin:myStrongPassword123!" + else: + cls.credential = "admin:admin" logging.basicConfig(level=logging.INFO) - url = f"opensearch://admin:admin@{cls.host}:{cls.port}" + url = f"opensearch://{cls.credential}@{cls.host}:{cls.port}" if not cls.security_enabled: url += " --disable_ssl" try: diff --git a/tests/opensearch.py b/tests/opensearch.py index e7abc41f..1bb8eb3b 100644 --- a/tests/opensearch.py +++ b/tests/opensearch.py @@ -27,10 +27,14 @@ def setUpClass(cls): cls.security_enabled = os.getenv("security_enabled") == "true" cls.port = int(os.environ["port"]) cls.host = "localhost" + if os.environ["opensearch-version"] == "latest": + cls.credential = "admin:myStrongPassword123!" + else: + cls.credential = "admin:admin" logging.basicConfig(level=logging.INFO) - url = f"opensearch://admin:admin@{cls.host}:{cls.port}" + url = f"opensearch://{cls.credential}@{cls.host}:{cls.port}" try: abcd = ABCD.from_url( url,