diff --git a/.github/workflows/release-e2e-workflow-template-windows.yml b/.github/workflows/release-e2e-workflow-template-windows.yml index 3f8553a84..f5b9a8873 100644 --- a/.github/workflows/release-e2e-workflow-template-windows.yml +++ b/.github/workflows/release-e2e-workflow-template-windows.yml @@ -22,6 +22,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Set up JDK uses: actions/setup-java@v1 @@ -62,8 +64,8 @@ jobs: else echo "Keep OpenSearch Security" nohup ./opensearch-windows-install.bat & - timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do echo sleeping 5; sleep 5; done' - curl -sk https://localhost:9200/_cluster/health?pretty -u admin:admin + timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do echo sleeping 5; sleep 5; done' + curl -sk https://localhost:9200/_cluster/health?pretty -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} fi netstat -anP tcp | grep LISTEN | grep 9200 || netstat -ntlp | grep 9200 shell: bash @@ -104,8 +106,8 @@ jobs: else echo "Keep Dashboards Security" bin/opensearch-dashboards.bat & - timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin:admin | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done' - curl -sk localhost:5601/api/status -u admin:admin | jq + timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done' + curl -sk localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} | jq fi netstat -anP tcp | grep LISTEN | grep 5601 || netstat -ntlp | grep 5601 shell: bash diff --git a/.github/workflows/release-e2e-workflow-template.yml b/.github/workflows/release-e2e-workflow-template.yml index 20fe3fa4d..bc0788427 100644 --- a/.github/workflows/release-e2e-workflow-template.yml +++ b/.github/workflows/release-e2e-workflow-template.yml @@ -25,6 +25,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Set up JDK uses: actions/setup-java@v1 @@ -61,8 +63,8 @@ jobs: else echo "Keep OpenSearch Security" ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - curl https://localhost:9200 -u admin:admin --insecure + timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + curl https://localhost:9200 -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} --insecure fi - name: Get OpenSearch-Dashboards run: | @@ -92,8 +94,8 @@ jobs: else echo "Keep Dashboards Security" bin/opensearch-dashboards serve ${{ inputs.osd-serve-args }} & - timeout 300 bash -c 'while [[ "$(curl -u admin:admin -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done' - curl http://localhost:5601/api/status -u admin:admin --insecure + timeout 300 bash -c 'while [[ "$(curl -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done' + curl http://localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} --insecure fi - name: Get Cypress version id: cypress_version diff --git a/.github/workflows/release-signoff-chrome.yml b/.github/workflows/release-signoff-chrome.yml index 9dc47ddb4..8c8bfd0fa 100644 --- a/.github/workflows/release-signoff-chrome.yml +++ b/.github/workflows/release-signoff-chrome.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/.github/workflows/release-signoff-chromium-ad-only.yml b/.github/workflows/release-signoff-chromium-ad-only.yml index 96cf1bc8e..4fe8bd70c 100644 --- a/.github/workflows/release-signoff-chromium-ad-only.yml +++ b/.github/workflows/release-signoff-chromium-ad-only.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/.github/workflows/release-signoff-chromium-ism-only.yml b/.github/workflows/release-signoff-chromium-ism-only.yml index 08aa34055..ef26b7fe0 100644 --- a/.github/workflows/release-signoff-chromium-ism-only.yml +++ b/.github/workflows/release-signoff-chromium-ism-only.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/.github/workflows/release-signoff-chromium-tests-in-memory-0.yml b/.github/workflows/release-signoff-chromium-tests-in-memory-0.yml index 8e4604747..853787808 100644 --- a/.github/workflows/release-signoff-chromium-tests-in-memory-0.yml +++ b/.github/workflows/release-signoff-chromium-tests-in-memory-0.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/.github/workflows/release-signoff-chromium-tests-in-memory-10.yml b/.github/workflows/release-signoff-chromium-tests-in-memory-10.yml index 599054bb4..d8e7f3600 100644 --- a/.github/workflows/release-signoff-chromium-tests-in-memory-10.yml +++ b/.github/workflows/release-signoff-chromium-tests-in-memory-10.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/.github/workflows/release-signoff-chromium-tests-in-memory-20.yml b/.github/workflows/release-signoff-chromium-tests-in-memory-20.yml index 3a32342cf..756bf5bd9 100644 --- a/.github/workflows/release-signoff-chromium-tests-in-memory-20.yml +++ b/.github/workflows/release-signoff-chromium-tests-in-memory-20.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/.github/workflows/release-signoff-chromium-tests-in-memory-5.yml b/.github/workflows/release-signoff-chromium-tests-in-memory-5.yml index 8b2b6faf7..7550416b1 100644 --- a/.github/workflows/release-signoff-chromium-tests-in-memory-5.yml +++ b/.github/workflows/release-signoff-chromium-tests-in-memory-5.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/.github/workflows/release-signoff-chromium.yml b/.github/workflows/release-signoff-chromium.yml index 15015ef74..c7f422b8f 100644 --- a/.github/workflows/release-signoff-chromium.yml +++ b/.github/workflows/release-signoff-chromium.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/.github/workflows/release-signoff-electron.yml b/.github/workflows/release-signoff-electron.yml index 140c69b52..b9dfd022c 100644 --- a/.github/workflows/release-signoff-electron.yml +++ b/.github/workflows/release-signoff-electron.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/.github/workflows/release-signoff-firefox.yml b/.github/workflows/release-signoff-firefox.yml index 0f99fa5ed..1cd110729 100644 --- a/.github/workflows/release-signoff-firefox.yml +++ b/.github/workflows/release-signoff-firefox.yml @@ -13,6 +13,8 @@ jobs: TERM: xterm # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' + # 2.12 onwards security demo configuration require a custom admin password + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!' steps: - name: Checkout functional-test uses: actions/checkout@v2 @@ -29,7 +31,7 @@ jobs: tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz cd opensearch-${{ env.VERSION }}/ ./opensearch-tar-install.sh & - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done' + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done' - name: Get OpenSearch-Dashboards run: | wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz diff --git a/cypress.json b/cypress.json index f79ebf340..9de868129 100644 --- a/cypress.json +++ b/cypress.json @@ -14,7 +14,7 @@ "SECURITY_ENABLED": false, "AGGREGATION_VIEW": false, "username": "admin", - "password": "admin", + "password": "myStrongPassword123!", "ENDPOINT_WITH_PROXY": false, "MANAGED_SERVICE_ENDPOINT": false, "VISBUILDER_ENABLED": true, diff --git a/integtest.sh b/integtest.sh old mode 100755 new mode 100644 index 3adcb0436..cd97c1da7 --- a/integtest.sh +++ b/integtest.sh @@ -80,11 +80,13 @@ fi if [ -z "$CREDENTIAL" ] then - CREDENTIAL="admin:admin" - USERNAME=`echo $CREDENTIAL | awk -F ':' '{print $1}'` - PASSWORD=`echo $CREDENTIAL | awk -F ':' '{print $2}'` + # Starting in 2.12.0, security demo configuration script requires an initial admin password + CREDENTIAL="admin:myStrongPassword123!" fi +USERNAME=`echo $CREDENTIAL | awk -F ':' '{print $1}'` +PASSWORD=`echo $CREDENTIAL | awk -F ':' '{print $2}'` + # User can send custom browser path through env variable if [ -z "$BROWSER_PATH" ] then @@ -113,4 +115,4 @@ then else echo "run security disabled tests" yarn cypress:run-without-security --browser "$BROWSER_PATH" --spec "$TEST_FILES" -fi +fi \ No newline at end of file