#24 Enabling OpenSearch security.

docker-compose-security.yaml

@@ -0,0 +1,54 @@
+version: '3'
+
+services:
+  ubi-dev-os:
+    build: ./
+    container_name: ubi-dev-os 
+    environment:
+      discovery.type: single-node
+      node.name: opensearch
+      #plugins.security.disabled: "true"
+#      See https://forum.opensearch.org/t/how-to-enable-cors-cross-origin-resource-sharing/426/3 for more
+      http.cors.enabled: true 
+#      Warning: this is opening it up to all cross domains
+#      http.cors.allow-origin: "http://localhost"...
+      http.cors.allow-origin: "*"
+      http.cors.allow-methods: OPTIONS,TRACE,HEAD,GET,POST,PUT,DELETE
+      http.cors.allow-credentials: true
+      http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization,X-ubi-store,X-ubi-query-id,X-ubi-user-id,X-ubi-session-id
+      logger.level: info
+      OPENSEARCH_INITIAL_ADMIN_PASSWORD: SuperSecretPassword_123
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    ports:
+      - 9200:9200
+      - 9600:9600
+    expose:
+      - 9200
+      - 9600
+    networks:
+      - ubi-dev-os-net
+
+  ubi-dev-os-dashboards:
+    image: opensearchproject/opensearch-dashboards:2.13.0
+    container_name: ubi-dev-os-dashboards
+    ports:
+      - 5601:5601
+    expose:
+      - 5601
+    environment:
+      OPENSEARCH_HOSTS: '["https://ubi-dev-os:9200"]'
+      #DISABLE_SECURITY_DASHBOARDS_PLUGIN: "true"
+    depends_on:
+      - ubi-dev-os
+    networks:
+      - ubi-dev-os-net      
+
+networks:
+  ubi-dev-os-net:
+    driver: bridge

docker-compose.yaml

@@ -7,7 +7,7 @@ services:
     environment:
       discovery.type: single-node
       node.name: opensearch
-      plugins.security.disabled: "true"
+      #plugins.security.disabled: "true"
 #      See https://forum.opensearch.org/t/how-to-enable-cors-cross-origin-resource-sharing/426/3 for more
       http.cors.enabled: true 
 #      Warning: this is opening it up to all cross domains
@@ -42,7 +42,7 @@ services:
     expose:
       - 5601
     environment:
-      OPENSEARCH_HOSTS: '["http://ubi-dev-os:9200"]'
+      OPENSEARCH_HOSTS: '["https://ubi-dev-os:9200"]'
       DISABLE_SECURITY_DASHBOARDS_PLUGIN: "true"
     depends_on:
       - ubi-dev-os

documentation/documentation.md

@@ -6,11 +6,11 @@ to improve search relevance and user experience.
 
 ## Quick Start
 
-Build the plugin.  Note that you will have to match up the JDK 11 on your system to java home in the `gradle.properties` file:
+Build the plugin:
 
 `./gradlew build`
 
-Build the OpenSearch docker image and add the plugin, then start the containers:
+Next, build the OpenSearch docker image and add the plugin, then start the containers:
 
 ```
 docker compose build
@@ -24,16 +24,16 @@ docker compose build
 docker compose -f docker-compose-cluster.yaml up
 ```
 
-Initialize the `awesome` UBI store:
+Initialize a UBI store named `awesome`:
 
 ```
-curl -X PUT "http://localhost:9200/_plugins/ubi/awesome?index=ecommerce&key_field=id"
+curl -k -X PUT "https://localhost:9200/_plugins/ubi/awesome?index=ecommerce&key_field=id" -u "admin:SuperSecretPassword_123"
 ```
 
-Send an event to the `awesome` store:
+Send an event to the `awesome` UBI store:
 
 ```
-curl -X POST http://localhost:9200/_plugins/ubi/awesome -H "Content-Type: application/json" -d '
+curl -k -X POST https://localhost:9200/_plugins/ubi/awesome -H "Content-Type: application/json" -u "admin:SuperSecretPassword_123" -d '
 {
   "action_name": "search",
   "user_id": "98fcf189-4fa8-4322-b6f5-63fbb6b556c9",
@@ -44,25 +44,25 @@ curl -X POST http://localhost:9200/_plugins/ubi/awesome -H "Content-Type: applic
 Get events:
 
 ```
-curl -s http://localhost:9200/ubi_awesome_events/_search | jq
+curl -k -s https://localhost:9200/ubi_awesome_events/_search -u "admin:SuperSecretPassword_123" | jq
 ```
 
 Do a search of the `ecommerce` index:
 
 ```
-curl -s http://localhost:9200/ecommerce/_search -H "X-ubi-store: awesome" | jq
+curl -k -s "https://localhost:9200/ecommerce/_search" -u "admin:SuperSecretPassword_123" -H "X-ubi-store: awesome" | jq
 ```
 
 Get queries:
 
 ```
-curl -s http://localhost:9200/ubi_awesome_queries/_search | jq
+curl -k -s https://localhost:9200/ubi_awesome_queries/_search -u "admin:SuperSecretPassword_123" | jq
 ```
 
 Delete the store:
 
 ```
-curl -X DELETE http://localhost:9200/_plugins/ubi/awesome
+curl -k -X DELETE https://localhost:9200/_plugins/ubi/awesome -u "admin:SuperSecretPassword_123"
 ```
 
 ## What does the OpenSearch UBI plugin do?

index-chorus-data.sh

@@ -7,11 +7,11 @@ TEMP_FILE=`mktemp`
 head -n 50 ${CHORUS_HOME}/transformed_data.json > ${TEMP_FILE}
 
 echo "Deleting index"
-curl -s -X DELETE "localhost:9200/ecommerce"
+curl -k -X DELETE "https://localhost:9200/ecommerce"
 
 echo "Creating index"
-curl -s -X PUT "localhost:9200/ecommerce" -H "Content-Type: application/json" --data-binary @${CHORUS_HOME}/opensearch/schema.json
-curl -s -X PUT "localhost:9200/ecommerce/_settings"  -H "Content-Type: application/json" -d '{"index.mapping.total_fields.limit": 20000}'
+curl -k -X PUT "https://localhost:9200/ecommerce" -u "admin:SuperSecretPassword_123" -H "Content-Type: application/json" --data-binary @${CHORUS_HOME}/opensearch/schema.json
+curl -k -X PUT "https://localhost:9200/ecommerce/_settings" -u "admin:SuperSecretPassword_123" -H "Content-Type: application/json" -d '{"index.mapping.total_fields.limit": 20000}'
 
 echo "Indexing data"
-curl -s -X POST "localhost:9200/ecommerce/_bulk?pretty" -H "Content-Type: application/json" --data-binary @${TEMP_FILE}
+curl -k -X POST "https://localhost:9200/ecommerce/_bulk?pretty" -u "admin:SuperSecretPassword_123" -H "Content-Type: application/json" --data-binary @${TEMP_FILE}