Skip to content

Commit

Permalink
Require password as an argument on 2.12 and higher
Browse files Browse the repository at this point in the history
For earlier versions, emit a warning if an admin password is specified
on the command line, since it will be ignored.

Signed-off-by: Michael Froh <[email protected]>
  • Loading branch information
msfroh committed Jan 18, 2024
1 parent 901887e commit a5da908
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 22 deletions.
38 changes: 27 additions & 11 deletions helpers/personalized_search_ranking_quickstart.sh
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ fi
function print_help() {
cat << EOF
Usage: $0 [-r <region>] [--profile <AWS profile name>]
[--volume-name <docker_volume_name>]
[--volume-name <docker_volume_name>] [--admin-password <admin_password>]
-r | --region The AWS region for the Personalize Intelligent Ranking
service endpoint. If not specified, will read from the
AWS CLI for the default profile.
Expand All @@ -39,6 +39,11 @@ Usage: $0 [-r <region>] [--profile <AWS profile name>]
named Docker volume to \$OPENSEARCH_ROOT/data, so index data
will persist across executions. If the named volume does not
exist, it will be created.
--admin-password For OpenSearch 2.12 and higher, we no longer use a default
password of "admin" for the admin user. Instead, the value
passed to this parameter will be used as the admin password.
For OpenSearch versions prior to 2.12, this argument will be
ignored with a warning.
NOTE: If the --profile option is not specified, the script will attempt to read AWS
credentials (access/secret key, optional session token) from environment variables,
Expand Down Expand Up @@ -76,9 +81,27 @@ while [ "$#" -gt 0 ]; do
VOLUME_NAME=$1
shift
;;
esac
--admin-password )
shift
OPENSEARCH_INITIAL_ADMIN_PASSWORD="$1"
shift
;;
esac
done

# Starting in 2.12.0, security demo configuration script requires an initial admin password
OPENSEARCH_REQUIRED_VERSION="2.12.0"
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
if [ -n "${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-}" ]; then
echo "WARNING: The --admin-password setting has no effect on OpenSearch ${OPENSEARCH_VERSION}. The admin password will be 'admin'."
fi
OPENSEARCH_INITIAL_ADMIN_PASSWORD="admin"
elif [ -z "${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-}" ]; then
echo "Starting with OpenSearch 2.12, you must specify the admin password with the --admin-password parameter."
exit 1
fi

#
# Determine which credentials and region to use. By the end of this block, all specified
# credentials will be loaded into environment variables (or we fail with an explanatory
Expand Down Expand Up @@ -253,14 +276,7 @@ if [ -n "${VOLUME_NAME:-}" ]; then
fi
echo "Volume created"

# Starting in 2.12.0, security demo configuration script requires an initial admin password
OPENSEARCH_REQUIRED_VERSION="2.12.0"
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
OPENSEARCH_INITIAL_ADMIN_PASSWORD="admin"
else
OPENSEARCH_INITIAL_ADMIN_PASSWORD="myStrongPassword123!"
fi


#
# Create a docker-compose.yml file that will launch an OpenSearch node with the image we
Expand Down Expand Up @@ -395,4 +411,4 @@ applicable) by running
The full text of this message is also available at
$(pwd)/README
EOF
cat README
cat README
35 changes: 24 additions & 11 deletions helpers/search_processing_kendra_quickstart.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ function print_help() {
cat << EOF
Usage: $0 [-p <execution_plan_id>] [-r <region>] [-e <kendra_ranking_endpoint>]
[--profile <AWS profile name>] [--create-execution-plan]
[--volume-name <docker_volume_name>]
[--volume-name <docker_volume_name>] [--admin-password <admin_password>]
-p | --execution-plan-id The ID returned from Kendra Intelligent Ranking service
from the call to CreateRescoreExecutionPlan. Required if
--create-execution-plan is not set.
Expand All @@ -50,6 +50,11 @@ Usage: $0 [-p <execution_plan_id>] [-r <region>] [-e <kendra_ranking_endpoint>]
named Docker volume to \$OPENSEARCH_ROOT/data, so index data
will persist across executions. If the named volume does not
exist, it will be created.
--admin-password For OpenSearch 2.12 and higher, we no longer use a default
password of "admin" for the admin user. Instead, the value
passed to this parameter will be used as the admin password.
For OpenSearch versions prior to 2.12, this argument will be
ignored with a warning.
NOTE: If the --profile option is not specified, the script will attempt to read AWS
credentials (access/secret key, optional session token) from environment variables,
Expand Down Expand Up @@ -101,6 +106,11 @@ while [ "$#" -gt 0 ]; do
VOLUME_NAME=$1
shift
;;
--admin-password )
shift
OPENSEARCH_INITIAL_ADMIN_PASSWORD="$1"
shift
;;
esac
done

Expand All @@ -121,6 +131,19 @@ if [ "${FAILED_VALIDATION}" == "1" ]; then
exit 1
fi

# Starting in 2.12.0, security demo configuration script requires an initial admin password
OPENSEARCH_REQUIRED_VERSION="2.12.0"
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
if [ -n "${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-}" ]; then
echo "WARNING: The --admin-password setting has no effect on OpenSearch ${OPENSEARCH_VERSION}. The admin password will be 'admin'."
fi
OPENSEARCH_INITIAL_ADMIN_PASSWORD="admin"
elif [ -z "${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-}" ]; then
echo "Starting with OpenSearch 2.12, you must specify the admin password with the --admin-password parameter."
exit 1
fi

#
# Determine which credentials and region to use. By the end of this block, all specified
# credentials will be loaded into environment variables (or we fail with an explanatory
Expand Down Expand Up @@ -359,16 +382,6 @@ if [ -n "${VOLUME_NAME:-}" ]; then
external: true"
fi

# Starting in 2.12.0, security demo configuration script requires an initial admin password
OPENSEARCH_REQUIRED_VERSION="2.12.0"
COMPARE_VERSION=`echo $OPENSEARCH_REQUIRED_VERSION $OPENSEARCH_VERSION | tr ' ' '\n' | sort -V | uniq | head -n 1`
if [ "$COMPARE_VERSION" != "$OPENSEARCH_REQUIRED_VERSION" ]; then
OPENSEARCH_INITIAL_ADMIN_PASSWORD="admin"
else
OPENSEARCH_INITIAL_ADMIN_PASSWORD="myStrongPassword123!"
fi


#
# Create a docker-compose.yml file that will launch an OpenSearch node with the image we
# just built and an OpenSearch Dashboards node that points to the OpenSearch node.
Expand Down

0 comments on commit a5da908

Please sign in to comment.