Allow setting KEYSTORE_PASSWORD through env variable

[cwperks]

Description

When using an opensearch keystore for secure settings, its not possible to pass the keystores password through an env variable when starting the OpenSearch process with ./bin/opensearch. The user is always prompted to enter the keystore password before the process starts up.

This PR allows KEYSTORE_PASSWORD to be set in the environment to skip being prompted to enter the password on startup.

Related Issues

• [BUG] KEYSTORE_PASSWORD Failed to read keystore password on console #12312

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
• Commits are signed per the DCO using --signoff
• Commit changes are listed out in CHANGELOG.md file (See: Changelog)
• Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

❌ Gradle check result for 55b5cfd: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

Compatibility status:

Checks if related components are compatible with change e8b2a8e

Incompatible components

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/flow-framework.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/performance-analyzer.git]

[github-actions]

❌ Gradle check result for 05494ff: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❕ Gradle check result for 2423a5d: UNSTABLE

• TEST FAILURES:

      1 org.opensearch.indices.replication.RemoteStoreReplicationSourceTests.testGetSegmentFilesReturnEmptyResponse

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[reta]

@peterzhuamazon may you (or someone fro infra / ops) take a look if there are any potential concerns with this change, thank you

[peternied]

Looks good to me, I don't have any concerns about using env variables for these purposes.

[github-actions]

✅ Gradle check result for d645a3e: SUCCESS

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.35%. Comparing base (b15cb0c) to head (e8b2a8e).
Report is 100 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #12865      +/-   ##
============================================
- Coverage     71.42%   71.35%   -0.08%     
- Complexity    59978    60239     +261     
============================================
  Files          4985     5015      +30     
  Lines        282275   283859    +1584     
  Branches      40946    41144     +198     
============================================
+ Hits         201603   202534     +931     
- Misses        63999    64498     +499     
- Partials      16673    16827     +154     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[peternied]

@cwperks Could you please check off the Create Public documentation issue/PR that would accompany this change?

[github-actions]

✅ Gradle check result for e8b2a8e: SUCCESS

[cwperks]

@peternied Here's the accompanying change for the documentation website: opensearch-project/documentation-website#6795

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-2.x
# Create a new branch
git switch --create backport/backport-12865-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 5db84d16a96932e4530ff1303bdd6edde52f4caf
# Push it to GitHub
git push --set-upstream origin backport/backport-12865-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-12865-to-2.x.

[reta]

@cwperks mind please backporting to 2.x manually? thank you

[cwperks]

I will open a backport.

[cwperks]

@reta Here is the backport: #12949