Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[META] Admin user should have a custom non-hardcoded password #3622

Closed
6 tasks done
DarshitChanpura opened this issue Oct 30, 2023 · 2 comments
Closed
6 tasks done

[META] Admin user should have a custom non-hardcoded password #3622

DarshitChanpura opened this issue Oct 30, 2023 · 2 comments
Assignees
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. v2.12.0 Items targeting 2.12.0

Comments

@DarshitChanpura
Copy link
Member

DarshitChanpura commented Oct 30, 2023

High-level Idea

As one of the outcome of this spike, this feature-request is to replace admin password, which is currently hard coded in demo configuration, with a custom password. If none is provided, a random password should be generated and set for admin user. Here is the intended design:

sequenceDiagram
    participant User
    participant Cluster
    participant Script

    User->>Cluster: Start cluster setup with security plugin
    Cluster->>Script: Execute demo script
    alt User provided password
        Script->>Script: Search for user provided password
    else No password provided
        Script->>User: Script execution fails as no password provided
    end
    Script->>Cluster: Continue with demo script execution
    alt Demo script execution successful
        Script->>Cluster: Notify demo script execution complete
    end
    Cluster->>Cluster: Continue with security plugin configuration

Loading

Acceptance Criteria

  • Update the demo configuration install script to accept a custom password for admin user
    - [ ] If no custom password is provided, the script should generate a new one, set it for admin and let the end user know (no longer considered)
  • This change works with at-least one of the supported OpenSearch distributions

Exit Criteria

Would like

  • Implement a password validation logic to ensure that a weak password is not supplied as custom password.
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label Oct 30, 2023
@DarshitChanpura DarshitChanpura self-assigned this Oct 30, 2023
@stephen-crawford
Copy link
Contributor

[Triage] This is the last of the meta issues tracking progress removing the use of default credentials in the cluster. Marking as triaged given clear action items and exit criteria.

@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Oct 30, 2023
@DarshitChanpura DarshitChanpura added the v2.12.0 Items targeting 2.12.0 label Dec 11, 2023
@DarshitChanpura
Copy link
Member Author

Closing this as all sub-tasks are now complete.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. v2.12.0 Items targeting 2.12.0
Projects
None yet
Development

No branches or pull requests

2 participants