Extracts demo configuration script to a java tool

[DarshitChanpura]

Description

This change extracts the core demo configuration install script to java tool to allow re-usability while leveraging that OpenSearch itself is JAVA process. All other tools shipped by security are java tools, and now with this PR, demo configuration setup will also be a java tool.

• Category : Enhancement, Refactoring

• Why these changes are required?
  The need to implement these changes arose from the requirement to replace default admin credentials with a custom provided admin password.

• What is the old behavior before changes and new behavior after changes?
  The script execution behavior has changed slightly. Here's how:

1. Script now also validates custom provided password, and fails if it doesn't meet minimum requirements
2. Script now accepts a new option -t to skip password validation for test environments.
3. Previously, the script would fail if no password was provided. Now, the script would generate and set a random password instead.

Issues Resolved

• Resolves Extracting install_demo_configuration script to a standalone Java Tool #3633

Testing

Automated testing will be implemented in a follow-up PR.

Manual testing.

Tests:

1. Works without any options:

➜  tools ./install_demo_configuration.sh
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: I:0―₽″h9¢
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
➜  tools

2. Works as before with existing options supplied

a. `-h`

➜  tools ./install_demo_configuration.sh -h
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
install_demo_configuration.sh [-y] [-i] [-c]
  -h show help
  -y confirm all installation dialogues automatically
  -i initialize Security plugin with default configuration (default is to ask if -y is not given)
  -c enable cluster mode by binding to all network interfaces (default is to ask if -y is not given)
  -s skip updates if config is already applied to opensearch.yml
  -t set the execution environment to `test` to skip password validation. Should be used only for testing. (default is set to `demo`)

b. `-y`

➜  tools ./install_demo_configuration.sh -y
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: ‛5ij¼₢₣Wvcq
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### After the whole cluster is up execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### After that you can also use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)

c. `-i`

➜  tools ./install_demo_configuration.sh -i
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] y
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: ½1S\‰…†²°9lI¿‡b
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
➜  tools

d. `-c`

➜  tools ./install_demo_configuration.sh -c
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: 2»jb'”1″BK
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
➜  tools

e. `-s`

➜  tools ./install_demo_configuration.sh -s
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml seems to be already configured for Security. Quit.

3. Sets the custom admin password, if one is supplied

➜  tools export initialAdminPassword=43a5knwZKGmv
➜  tools ./install_demo_configuration.sh
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
	***************************************************
		ADMIN PASSWORD SET TO: 43a5knwZKGmv
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
➜  tools export initialAdminPassword=admin
➜  tools
➜  tools
➜  tools
➜  tools
➜  tools
➜  tools
➜  tools export initialAdminPassword=admin
➜  tools ./install_demo_configuration.sh
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
Password admin is weak. Please re-try with a stronger password.

4. Generates a random password, if one is not supplied

➜  tools ./install_demo_configuration.sh
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Security Modules? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] N
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
No custom admin password found. Generating a new password now.
	***************************************************
		ADMIN PASSWORD SET TO: YW¢+(7₦a₸
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### OpenSearch Security will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../../../config/opensearch-security and execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
➜  tools

5. Accepts a new option `-t` to disable password validation for test environment

➜  tools export initialAdminPassword=admin
➜  tools ./install_demo_configuration.sh -y
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
Password admin is weak. Please re-try with a stronger password.
➜  tools ./install_demo_configuration.sh -y -t
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: .tar.gz on Mac OS X 13.6 aarch64
OpenSearch config dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: x-content-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
	***************************************************
		ADMIN PASSWORD SET TO: admin
	***************************************************
### Success
### Execute this script now on all your nodes and then start all nodes
### After the whole cluster is up execute:
sudo "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/opensearch-security" -icl -key "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/dchanp/Documents/amazon/testing-playground/test/binaries/opensearch-3.0.0-SNAPSHOT/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### After that you can also use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
➜  tools

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[DarshitChanpura]

CI plugin-install failed with:

**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************


OpenSearch Security Demo Installer
** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] Initialize Security Modules? [y/N] Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)

Enable cluster mode? [y/N] OpenSearch install type: .tar.gz on Linux 6.2.0-1015-azure amd64
OpenSearch config dir: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/config/
OpenSearch config file: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/config/opensearch.yml
OpenSearch bin dir: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/bin/
OpenSearch plugins dir: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/plugins/
OpenSearch lib dir: /home/runner/work/security/security/opensearch-3.0.0-SNAPSHOT/lib/
Detected OpenSearch Version: compress-3.0.0-SNAPSHOT
Detected OpenSearch Security Version: 3.0.0.0-SNAPSHOT
Password continuous-silver is weak. Please re-try with a stronger password.

Script is doing what it is supposed to. I will update the CI task to pass option -t and that should skip password-validation

[DarshitChanpura]

Spotbugs CI check will be fixed once #3676 is merged

[DarshitChanpura]

@cwperks @RyanL1997 @scrawfor99 @peternied Could I get some reviews on this ?

[codecov]

Codecov Report

Merging #3669 (f9fb8b3) into main (ee66199) will increase coverage by 0.36%.
Report is 2 commits behind head on main.
The diff coverage is 10.10%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3669      +/-   ##
==========================================
+ Coverage   64.88%   65.25%   +0.36%     
==========================================
  Files         292      297       +5     
  Lines       20776    21127     +351     
  Branches     3409     3451      +42     
==========================================
+ Hits        13481    13786     +305     
- Misses       5606     5643      +37     
- Partials     1689     1698       +9     

Files	Coverage Δ
.../org/opensearch/security/auth/BackendRegistry.java	77.92% <100.00%> (+15.38%)	⬆️
...g/opensearch/security/filter/SecurityResponse.java	96.29% <100.00%> (+3.43%)	⬆️
...org/opensearch/security/httpclient/HttpClient.java	86.13% <ø> (ø)
...curity/securityconf/impl/AllowlistingSettings.java	75.00% <100.00%> (ø)
...curity/securityconf/impl/WhitelistingSettings.java	75.00% <100.00%> (ø)
...dlic/auth/http/saml/AuthTokenProcessorHandler.java	50.28% <50.00%> (ø)
...opensearch/security/filter/SecurityRestFilter.java	83.84% <50.00%> (+14.61%)	⬆️
...ecurity/tools/democonfig/ExecutionEnvironment.java	0.00% <0.00%> (ø)
...ic/auth/http/kerberos/HTTPSpnegoAuthenticator.java	0.00% <0.00%> (ø)
...search/security/tools/democonfig/Certificates.java	0.00% <0.00%> (ø)
... and 3 more

... and 33 files with indirect coverage changes

[RyanL1997]

Hi @DarshitChanpura , thanks for putting this together. In generally, this is java tool is well structured and clear, and I just left some comments.

[cwperks]

Took a first pass. This change looks good to me.

What tests should be added for this PR? I'd love to have a bwc test where the old script is run in 2.11 w/ the bash script and another with the Java version of the script and show that the output is identical.

[stephen-crawford]

Looks very good to me, just a few comments but overall great job with this.

Can we also unit tests each of these parts now?

[DarshitChanpura]

Can we also unit tests each of these parts now?

I have a follow-up PR that I'm working on to specifically add tests for this.

[DarshitChanpura]

@RyanL1997 @cwperks @scrawfor99 Thank you for the detailed feedback!!
I've addressed all comments and pushed the changes. Feel free to re-review/resolve the conversations.

[stephen-crawford]

Looks good to me ! Thanks DC :)

[RyanL1997]

LGTM! Nice work @DarshitChanpura !

[RyanL1997]

I think we have unit tests which require the old default password be valid. If there is someway to replace this or this is not the case, I agree with Ryan.

Hi @scrawfor99 and @DarshitChanpura. Since I previously resolved the comment, I will reply it here for future reference. I think the unit tests has its own test configuration and that will be fine, but it does impact the integration test. But we can have a workaround in CI. You can reference to the experimental work I did here:
https://github.com/opensearch-project/security/pull/3449/files#diff-b803fcb7f17ed9235f1e5cb1fcd2f5d3b2838429d4368ae4c57ce4436577f03fR65

And the impact tests is in this comment: https://github.com/opensearch-project/security/pull/3449/files#r1346368658