[Backport 2.x] Remove instances of hard admin credentials

.github/workflows/release-e2e-workflow-template-windows.yml

@@ -22,6 +22,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Set up JDK
         uses: actions/setup-java@v1
@@ -62,8 +64,8 @@ jobs:
           else
               echo "Keep OpenSearch Security"
               nohup ./opensearch-windows-install.bat &
-              timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do echo sleeping 5; sleep 5; done'
-              curl -sk https://localhost:9200/_cluster/health?pretty -u admin:admin
+              timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do echo sleeping 5; sleep 5; done'
+              curl -sk https://localhost:9200/_cluster/health?pretty -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
           fi
           netstat -anP tcp | grep LISTEN | grep 9200 || netstat -ntlp | grep 9200
         shell: bash
@@ -104,8 +106,8 @@ jobs:
           else
               echo "Keep Dashboards Security"
               bin/opensearch-dashboards.bat &
-              timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin:admin | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done'
-              curl -sk localhost:5601/api/status -u admin:admin | jq
+              timeout 300 bash -c 'while [[ "$(curl -k http://localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} | jq -r '.status.overall.state')" != "green" ]]; do echo sleeping 5; sleep 5; done'
+              curl -sk localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} | jq
           fi
           netstat -anP tcp | grep LISTEN | grep 5601 || netstat -ntlp | grep 5601
         shell: bash

.github/workflows/release-e2e-workflow-template.yml

@@ -25,6 +25,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Set up JDK
         uses: actions/setup-java@v1
@@ -61,8 +63,8 @@ jobs:
           else
               echo "Keep OpenSearch Security"
               ./opensearch-tar-install.sh &
-              timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
-              curl https://localhost:9200 -u admin:admin --insecure
+              timeout 900 bash -c 'while [[ "$(curl -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+              curl https://localhost:9200 -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} --insecure
           fi
       - name: Get OpenSearch-Dashboards
         run: |
@@ -92,8 +94,8 @@ jobs:
           else
               echo "Keep Dashboards Security"
               bin/opensearch-dashboards serve ${{ inputs.osd-serve-args }} &
-              timeout 300 bash -c 'while [[ "$(curl -u admin:admin -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done'
-              curl http://localhost:5601/api/status -u admin:admin --insecure
+              timeout 300 bash -c 'while [[ "$(curl -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done'
+              curl http://localhost:5601/api/status -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} --insecure
           fi
       - name: Get Cypress version
         id: cypress_version

.github/workflows/release-signoff-chrome.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

.github/workflows/release-signoff-chromium-ad-only.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

.github/workflows/release-signoff-chromium-ism-only.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

.github/workflows/release-signoff-chromium-tests-in-memory-0.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

.github/workflows/release-signoff-chromium-tests-in-memory-10.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

.github/workflows/release-signoff-chromium-tests-in-memory-20.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

.github/workflows/release-signoff-chromium-tests-in-memory-5.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

.github/workflows/release-signoff-chromium.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

.github/workflows/release-signoff-electron.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

.github/workflows/release-signoff-firefox.yml

@@ -13,6 +13,8 @@ jobs:
       TERM: xterm
       # make Node run in ipv4 first so that cypress can detect 5601 port in CI environment
       NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first'
+      # 2.12 onwards security demo configuration require a custom admin password
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'myStrongPassword123!'
     steps:
       - name: Checkout functional-test
         uses: actions/checkout@v2
@@ -29,7 +31,7 @@ jobs:
           tar -xzf opensearch-${{ env.VERSION }}-linux-x64.tar.gz
           cd opensearch-${{ env.VERSION }}/
           ./opensearch-tar-install.sh &
-          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:admin -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
+          timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k https://localhost:9200)" != "200" ]]; do sleep 5; done'
       - name: Get OpenSearch-Dashboards
         run: |
           wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{ env.VERSION }}/latest/linux/x64/tar/dist/opensearch-dashboards/opensearch-dashboards-${{ env.VERSION }}-linux-x64.tar.gz

cypress.json

@@ -14,7 +14,7 @@
     "SECURITY_ENABLED": false,
     "AGGREGATION_VIEW": false,
     "username": "admin",
-    "password": "admin",
+    "password": "myStrongPassword123!",
     "ENDPOINT_WITH_PROXY": false,
     "MANAGED_SERVICE_ENDPOINT": false,
     "VISBUILDER_ENABLED": true,

integtest.sh

@@ -80,11 +80,13 @@ fi
 
 if [ -z "$CREDENTIAL" ]
 then
-  CREDENTIAL="admin:admin"
-  USERNAME=`echo $CREDENTIAL | awk -F ':' '{print $1}'`
-  PASSWORD=`echo $CREDENTIAL | awk -F ':' '{print $2}'`
+  # Starting in 2.12.0, security demo configuration script requires an initial admin password
+  CREDENTIAL="admin:myStrongPassword123!"
 fi
 
+USERNAME=`echo $CREDENTIAL | awk -F ':' '{print $1}'`
+PASSWORD=`echo $CREDENTIAL | awk -F ':' '{print $2}'`
+
 # User can send custom browser path through env variable
 if [ -z "$BROWSER_PATH" ]
 then
@@ -113,4 +115,4 @@ then
 else
    echo "run security disabled tests"
    yarn cypress:run-without-security --browser "$BROWSER_PATH" --spec "$TEST_FILES"
-fi
+fi