From 6e5334a90a9f8b41f6dc9fcea8fdf6ce5667ba75 Mon Sep 17 00:00:00 2001 From: Jackie Han Date: Mon, 22 Jan 2024 16:28:52 -0800 Subject: [PATCH 1/2] Remove default admin credentials Signed-off-by: Jackie Han --- .github/workflows/test_security.yml | 4 ++-- DEVELOPER_GUIDE.md | 2 +- dataGeneration/README.md | 2 +- dataGeneration/generate-cosine-data-multi-entity.py | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test_security.yml b/.github/workflows/test_security.yml index 177035381..2338b61ad 100644 --- a/.github/workflows/test_security.yml +++ b/.github/workflows/test_security.yml @@ -72,11 +72,11 @@ jobs: - name: Run AD Test if: env.imagePresent == 'true' run: | - security=`curl -XGET https://localhost:9200/_cat/plugins?v -u admin:admin --insecure |grep opensearch-security|wc -l` + security=`curl -XGET https://localhost:9200/_cat/plugins?v -u admin:myStrongPassword123! --insecure |grep opensearch-security|wc -l` if [ $security -gt 0 ] then echo "Security plugin is available" - ./gradlew integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="docker-cluster" -Dhttps=true -Duser=admin -Dpassword=admin + ./gradlew integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="docker-cluster" -Dhttps=true -Duser=admin -Dpassword=myStrongPassword123! else echo "Security plugin is NOT available, skipping integration tests" fi diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index e4c66e8f0..209f3ad22 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -42,7 +42,7 @@ Currently we just put RCF jar in lib as dependency. Plan to publish to Maven and 2. `./gradlew :run` launches a single node cluster with anomaly-detection (and job-scheduler) plugin installed 3. `./gradlew :integTest` launches a single node cluster with anomaly-detection (and job-scheduler) plugin installed and runs all integration tests except security 4. ` ./gradlew :integTest --tests="**.test execute foo"` runs a single integration test class or method -5. `./gradlew integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="docker-cluster" -Dhttps=true -Duser=admin -Dpassword=admin` launches integration tests against a local cluster and run tests with security +5. `./gradlew integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="docker-cluster" -Dhttps=true -Duser=admin -Dpassword=myStrongPassword123!` launches integration tests against a local cluster and run tests with security 6. `./gradlew spotlessApply` formats code. And/or import formatting rules in `.eclipseformat.xml` with IDE. 7. `./gradlew adBwcCluster#mixedClusterTask -Dtests.security.manager=false` launches a cluster with three nodes of bwc version of OpenSearch with anomaly-detection and job-scheduler and tests backwards compatibility by upgrading one of the nodes with the current version of OpenSearch with anomaly-detection and job-scheduler creating a mixed cluster. 8. `./gradlew adBwcCluster#rollingUpgradeClusterTask -Dtests.security.manager=false` launches a cluster with three nodes of bwc version of OpenSearch with anomaly-detection and job-scheduler and tests backwards compatibility by performing rolling upgrade of each node with the current version of OpenSearch with anomaly-detection and job-scheduler. diff --git a/dataGeneration/README.md b/dataGeneration/README.md index ecefb0b78..5a726db72 100644 --- a/dataGeneration/README.md +++ b/dataGeneration/README.md @@ -51,7 +51,7 @@ The dataset created will have two categorical fields to test a multi-entity AD ( | --number-of-process | number of 'process' entities (process is one of the categorical field that an entity is defined by)| 1000 | No | --number-of-historical-days | number of day of historical data to ingest | 2 | No | --username | username for authentication if security is true | admin | No -| --password | password for authentication if security is true | admin | No +| --password | password for authentication if security is true | myStrongPassword123! | No ### Ingestion Commands diff --git a/dataGeneration/generate-cosine-data-multi-entity.py b/dataGeneration/generate-cosine-data-multi-entity.py index c849a9d8b..13a4ab8f2 100644 --- a/dataGeneration/generate-cosine-data-multi-entity.py +++ b/dataGeneration/generate-cosine-data-multi-entity.py @@ -42,7 +42,7 @@ parser.add_argument("-np", "--number-of-process", type=int, default=1000, help="number of 'process' entities, deafult is set to 1000, there will be two keyword categories in this index (must be at least 1)" ) parser.add_argument("-hd", "--number-of-historical-days", type=int, default=2, help="number of day of historical data to ingest, defaults to 2") parser.add_argument("-u", "--username", type=str, default="admin", help="username for authentication if security is true") -parser.add_argument("-pass", "--password", type=str, default="admin", help="password for authentication if security is true") +parser.add_argument("-pass", "--password", type=str, default="myStrongPassword123!", help="password for authentication if security is true") args = parser.parse_args() From a25ba4e0cca263077e27d13e796b48aeea36a453 Mon Sep 17 00:00:00 2001 From: Jackie Han Date: Wed, 24 Jan 2024 11:20:24 -0800 Subject: [PATCH 2/2] Replace default password with a placeholder in README files Signed-off-by: Jackie Han --- .github/workflows/test_security.yml | 2 +- DEVELOPER_GUIDE.md | 2 +- dataGeneration/README.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test_security.yml b/.github/workflows/test_security.yml index 2338b61ad..7254a9b43 100644 --- a/.github/workflows/test_security.yml +++ b/.github/workflows/test_security.yml @@ -67,7 +67,7 @@ jobs: if: env.imagePresent == 'true' run: | cd .. - docker run -p 9200:9200 -d -p 9600:9600 -e "discovery.type=single-node" opensearch-ad:test + docker run -p 9200:9200 -d -p 9600:9600 -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" -e "discovery.type=single-node" opensearch-ad:test sleep 90 - name: Run AD Test if: env.imagePresent == 'true' diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index 209f3ad22..6143100bd 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -42,7 +42,7 @@ Currently we just put RCF jar in lib as dependency. Plan to publish to Maven and 2. `./gradlew :run` launches a single node cluster with anomaly-detection (and job-scheduler) plugin installed 3. `./gradlew :integTest` launches a single node cluster with anomaly-detection (and job-scheduler) plugin installed and runs all integration tests except security 4. ` ./gradlew :integTest --tests="**.test execute foo"` runs a single integration test class or method -5. `./gradlew integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="docker-cluster" -Dhttps=true -Duser=admin -Dpassword=myStrongPassword123!` launches integration tests against a local cluster and run tests with security +5. `./gradlew integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="docker-cluster" -Dhttps=true -Duser=admin -Dpassword=` launches integration tests against a local cluster and run tests with security 6. `./gradlew spotlessApply` formats code. And/or import formatting rules in `.eclipseformat.xml` with IDE. 7. `./gradlew adBwcCluster#mixedClusterTask -Dtests.security.manager=false` launches a cluster with three nodes of bwc version of OpenSearch with anomaly-detection and job-scheduler and tests backwards compatibility by upgrading one of the nodes with the current version of OpenSearch with anomaly-detection and job-scheduler creating a mixed cluster. 8. `./gradlew adBwcCluster#rollingUpgradeClusterTask -Dtests.security.manager=false` launches a cluster with three nodes of bwc version of OpenSearch with anomaly-detection and job-scheduler and tests backwards compatibility by performing rolling upgrade of each node with the current version of OpenSearch with anomaly-detection and job-scheduler. diff --git a/dataGeneration/README.md b/dataGeneration/README.md index 5a726db72..60a1844a7 100644 --- a/dataGeneration/README.md +++ b/dataGeneration/README.md @@ -39,7 +39,7 @@ The dataset created will have two categorical fields to test a multi-entity AD ( ### Ingestion Parameters | Parameter Name | Description | Default | Required -| ----------- | ----------- | ----------- | ----------- | +| ----------- | ----------- | ---------- | ----------- | | --endpoint | Endpoint OpenSearch cluster is running on | No default | Yes | --index-name | Name of index that will be created and ingested too | No default | Yes | --threads | Number of threads to be used for data ingestion | No deafult | Yes @@ -51,7 +51,7 @@ The dataset created will have two categorical fields to test a multi-entity AD ( | --number-of-process | number of 'process' entities (process is one of the categorical field that an entity is defined by)| 1000 | No | --number-of-historical-days | number of day of historical data to ingest | 2 | No | --username | username for authentication if security is true | admin | No -| --password | password for authentication if security is true | myStrongPassword123! | No +| --password | password for authentication if security is true | | No ### Ingestion Commands