Remove default admin credential references in DEVELOPER_GUIDE

[ryanbogan]

Description

Remove references to admin:admin default security credentials in the developer guide.

Issues Resolved

#1359

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Commits are signed as per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (89fc267) 84.92% compared to head (76de267) 84.82%.

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #1415      +/-   ##
============================================
- Coverage     84.92%   84.82%   -0.10%     
  Complexity     1274     1274              
============================================
  Files           167      167              
  Lines          5186     5186              
  Branches        491      491              
============================================
- Hits           4404     4399       -5     
- Misses          573      578       +5     
  Partials        209      209              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ryanbogan]

k-NN does not use the demo install security script for integration tests, so modifying the integration test setup is not necessary, per opensearch-project/neural-search#551 (comment)

[junqiu-lei]

Do we need update here? Since I saw 2.12 k-NN build is failed with:

Suite: Test class org.opensearch.knn.index.AdvancedFilteringUseCasesIT
  2> REPRODUCE WITH: ./gradlew ':integTest' --tests "org.opensearch.knn.index.AdvancedFilteringUseCasesIT.testFiltering_whenNonNestedKNNAndNestedFilterAndNonNestedFieldWithNestedAndNonNestedFilterQuery_thenSuccess" -Dtests.seed=30AE712710CE3FFB -Dtests.security.manager=false -Dtests.locale=zh-TW -Dtests.timezone=Asia/Almaty -Druntime.java=21
  2> org.opensearch.client.ResponseException: method [DELETE], host [https://localhost:9200], URI [/.plugins-ml-config], status line [HTTP/1.1 403 Forbidden]
    {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"},"status":403}

https://build.ci.opensearch.org/blue/rest/organizations/jenkins/pipelines/integ-test/runs/7131/nodes/96/steps/456/log/?start=0

https://build.ci.opensearch.org/blue/organizations/jenkins/integ-test/detail/integ-test/7131/pipeline/96

[ryanbogan]

I had that change implemented but based on the comment I linked above the change isn't necessary

[DarshitChanpura]

From what I understand k-NN doesn't use demo configuration to setup security. Instead it manually configures the required files/settings. Hence the internal_users.yml is never modified and the old password of admin is picked when cluster is spun-up and the config is written to security index.

[DarshitChanpura]

Ty @ryanbogan . I have left a few comments around using place-holder instead of myStrongPassword123!

[DarshitChanpura]

From what I understand k-NN doesn't use demo configuration to setup security. Instead it manually configures the required files/settings. Hence the internal_users.yml is never modified and the old password of admin is picked when cluster is spun-up and the config is written to security index.

[DarshitChanpura]

LGTM!