search

Linuxfabrik / lfops

LFOps is an Ansible Collection of generic Roles, Playbooks and Plugins for managing Linux-based Cloud Infrastructures.
https://linuxfabrik.ch
The Unlicense
51 stars 13 forks source link

role:opensearch:bugfix internal user hash #149

Closed paasi6666 closed 7 months ago

paasi6666 commented 7 months ago

In version 2.5.0 of OpenSearch, the hash.sh file prints a deprication-warning message before printing the hash:

**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
$2y$12$WIHjdYc918U.JspWjwnXZO1euq2ROrgSaRMmVbHPgVqnqj2Zt2GuO

Ansible will therefore print the full string into internal_users.yml file, resulting in the following misbehavior:

# Define your internal users here

opensearch-admin:
  hash: '**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
$2y$12$WIHjdYc918U.JspWjwnXZO1euq2ROrgSaRMmVbHPgVqnqj2Zt2GuO'
  backend_roles: ['admin']
  # prevent changes via API as it is managed by ansible
  # https://opensearch.org/docs/latest/security/access-control/api/#reserved-and-hidden-resources
  reserved: true

Note: This issue has been fixed in OpenSearch version 2.11.0 (https://github.com/opensearch-project/security/pull/3454)

NavidSassan commented 7 months ago

looks good, thanks a lot :)