Closed DarshitChanpura closed 8 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
ba24f86
) 74.91% compared to head (be40dc9
) 74.93%.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Hi, @DarshitChanpura. QQ: As per #1064, there an effort to reduce usage of "admin" or other custom strings for providing password inputs and it's recommended to use OPENSEARCH_INITIAL_ADMIN_PASSWORD
env/system variable. Should we incorporate that here as well? I'm unsure how this flow works. Please, provide clarification.
Moreover, I see that logs for jenkins/index-management/with-security is filled with following errors:
[2024-02-05T13:31:20,070][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node_name_9200] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f636c75737465722f6865616c74683f776169745f666f725f6e6f6465733d3e3d3126776169745f666f725f7374617475733d79656c6c6f7720485454502f312e310d0a417574686f72697a6174696f6e3a20426173696320595752746157343662586c5464484a76626d645159584e7a643239795a4445794d79453d0d0a557365722d4167656e743a204a6176612f32312e302e310d0a486f73743a206c6f63616c686f73743a393230300d0a4163636570743a202a2f2a0d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a
Could this be the issue affecting test setup?
Thanks.
Hi, @DarshitChanpura. QQ: As per https://github.com/opensearch-project/index-management/issues/1064, there an effort to reduce usage of "admin" or other custom strings for providing password inputs and it's recommended to use OPENSEARCH_INITIAL_ADMIN_PASSWORD env/system variable. Should we incorporate that here as well? I'm unsure how this flow works. Please, provide clarification.
This is because the previous PR: https://github.com/opensearch-project/index-management/pull/1076 assumed that the password will always be admin for integTest task since a custom configuration is applied for setup. However, that is not the case when integTest is triggered via opensearch-build it uses a remote-cluster. OPENSEARCH_INITIAL_ADMIN_PASSWORD
is irrelevant here since the demo configuration is not used to setup security. Instead, a custom configuration is applied.
Hence, this PR defaults integTest task user password to admin for local cluster and conditionally accepts the password if running against remote cluster. I have mentioned the same in PR description as well
Moreover, I see that logs for jenkins/index-management/with-security is filled with following errors: Could this be the issue affecting test setup?
Its because SSL verification failed. -k
option bypasses SSL verification when using cURL
. Yes, this has to do with test setup, however it is not a deal-breaker.
Please note, I'm not a maintainer here so I have limited knowledge about workflows. I'm helping out to ensure that CI is unblocked due to changes in default admin credentials that were introduced in security plugin. If you have any questions about workflow setup, the maintainers would be able to help answer them the best.
Thanks for detailing my understanding. LGTM 👍 @DarshitChanpura ty
Recent CI build failed with:
This is because the previous PR: https://github.com/opensearch-project/index-management/pull/1076/ assumed that the password will always be
admin
forintegTest
task since a custom configuration is applied for setup. However, that is not the case whenintegTest
is triggered via opensearch-build as it uses a remote-cluster. Hence, this PR defaultsintegTest
task user password toadmin
for local cluster and conditionally accepts the password if running against remote cluster.CheckList:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.