-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate setup-passwords tool #76902
Merged
jkakavas
merged 10 commits into
elastic:master
from
jkakavas:deprecate-setup-passwords-tool
Oct 21, 2021
Merged
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
6e9a196
Deprecate setup-passwords tool
jkakavas 6c05202
Apply suggestions from code review
jkakavas d72c5f6
feedback
jkakavas 0ab6b41
Merge remote-tracking branch 'origin/master' into deprecate-setup-pas…
jkakavas 3e950b9
Fix formatting for deprecation notice
b038bce
Merge branch 'master' into deprecate-setup-passwords-tool
elasticmachine 176c86a
Merge branch 'master' into deprecate-setup-passwords-tool
elasticmachine 5e688c8
fix compilation
jkakavas 8e7fd2f
rename reference
jkakavas 0d6fe9d
fix wording
jkakavas File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -65,7 +65,11 @@ | |||||
* mode prompts for each individual user's password. This tool only runs once, | ||||||
* if successful. After the elastic user password is set you have to use the | ||||||
* `security` API to manipulate passwords. | ||||||
* | ||||||
* @deprecated Use {@link ResetElasticPasswordTool} for setting the password of the elastic user and the ChangePassword API | ||||||
* for setting the password of the rest of the built-in users when needed. | ||||||
*/ | ||||||
@Deprecated | ||||||
public class SetupPasswordTool extends LoggingAwareMultiCommand { | ||||||
|
||||||
private static final char[] CHARS = ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789").toCharArray(); | ||||||
|
@@ -134,6 +138,12 @@ protected void execute(Terminal terminal, OptionSet options, Environment env) th | |||||
checkClusterHealth(terminal); | ||||||
|
||||||
if (shouldPrompt) { | ||||||
terminal.println("******************************************************************************"); | ||||||
terminal.println("Note: The 'elasticsearch-setup-passwords' tool has been deprecated in favour"); | ||||||
terminal.println(" of the 'elasticsearch-reset-elastic-password' tool. This command will"); | ||||||
terminal.println(" possibly be removed in a future release."); | ||||||
jkakavas marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
terminal.println("******************************************************************************"); | ||||||
terminal.println(""); | ||||||
terminal.println("Initiating the setup of passwords for reserved users " + String.join(",", USERS) + "."); | ||||||
terminal.println("The passwords will be randomly generated and printed to the console."); | ||||||
boolean shouldContinue = terminal.promptYesNo("Please confirm that you would like to continue", false); | ||||||
|
@@ -180,6 +190,12 @@ protected void execute(Terminal terminal, OptionSet options, Environment env) th | |||||
checkClusterHealth(terminal); | ||||||
|
||||||
if (shouldPrompt) { | ||||||
terminal.println("******************************************************************************"); | ||||||
terminal.println("Note: The 'elasticsearch-setup-passwords' tool has been deprecated in favour"); | ||||||
terminal.println(" of the 'elasticsearch-reset-elastic-password' tool. This command will"); | ||||||
terminal.println(" possibly be removed in a future release."); | ||||||
jkakavas marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
terminal.println("******************************************************************************"); | ||||||
terminal.println(""); | ||||||
terminal.println("Initiating the setup of passwords for reserved users " + String.join(",", USERS) + "."); | ||||||
terminal.println("You will be prompted to enter passwords as the process progresses."); | ||||||
boolean shouldContinue = terminal.promptYesNo("Please confirm that you would like to continue", false); | ||||||
|
@@ -314,6 +330,11 @@ void checkElasticKeystorePasswordValid(Terminal terminal, Environment env) throw | |||||
terminal.errorPrintln(" * Your elasticsearch node is running against a different keystore"); | ||||||
terminal.errorPrintln(" This tool used the keystore at " + KeyStoreWrapper.keystorePath(env.configFile())); | ||||||
terminal.errorPrintln(""); | ||||||
terminal.errorPrintln( | ||||||
"You can use `elasticsearch-reset-elastic-password` CLI tool to reset the password of the '" + elasticUser | ||||||
lockewritesdocs marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
+ "' user" | ||||||
); | ||||||
terminal.errorPrintln(""); | ||||||
throw new UserException(ExitCodes.CONFIG, "Failed to verify bootstrap password"); | ||||||
} else if (httpCode != HttpURLConnection.HTTP_OK) { | ||||||
terminal.errorPrintln(""); | ||||||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to deprecate in 7.16 now?
We haven't backported
elasticsearch-reset-elastic-password
to 7.x yet have we?It seems premature to indicate that it's deprecated as of 7.16 when we aren't ready to actually deprecate it in 7.x
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is the ideal terminology (though I don't have a better set of words).
There's 3 points:
elasticsearch-reset-elastic-password
is a replacement, but not in mostI don't know how we capture that, but I worry that simply pointing to
elasticsearch-reset-elastic-password
will confuse some people.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tvernum, I appreciate your insights, as always. I'd like to avoid version-specific language in this message if possible to avoid pinning to a particular version if we need to change when we're deprecating the tool. Perhaps we can cover the two main scenarios that this tool was used for (changing passwords for built-in users and created users) and offer users the alternative options.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the suggestions both, I'll add Adam's text here and remove the version