-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support of secure OpenSearch clusters in integration tests #50
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving to non-block. One small comment just to raise awareness around the use of insecure strings.
throw new RuntimeException("user name is missing"); | ||
} | ||
|
||
final String password = System.getProperty("password"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe a non issue here since this is a simple test but my senses tingle when I see a password that doesn't use the closeable SecureString
in a try-with-resources. I'm not sure there's a way to avoid returning the property as a String
instead of char[]
anyway so the String object allocation is likely unavoidable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @nknize , this is sadly platform wide issue since the password is passed from CI to the tests (for all core and all pugins) using environment variables [1].
[1] https://github.com/opensearch-project/opensearch-build/blob/main/scripts/default/integtest.sh#L98
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In a separate PR we should work to change that to use the KeyStore
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 no objection, could you please open an issue https://github.com/opensearch-project/opensearch-build here, I will provide more details if needed, thank you
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
3c45c46
to
cb19825
Compare
Signed-off-by: Andriy Redko <andriy.redko@aiven.io> (cherry picked from commit c0aa957) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Signed-off-by: Andriy Redko <andriy.redko@aiven.io> (cherry picked from commit c0aa957) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Signed-off-by: Andriy Redko <andriy.redko@aiven.io> (cherry picked from commit c0aa957) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
Signed-off-by: Andriy Redko <andriy.redko@aiven.io> (cherry picked from commit c0aa957) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
Description
Add support of secure OpenSearch clusters in integration tests
Issues Resolved
Closes #49
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.