fix(opensearch): set siem user to lowercase

opensearch/README.md

@@ -349,7 +349,7 @@ This guide provides a quick and straightforward way to use **OpenSearch** as a G
 | siem.serviceAccount.name | string | `""` | Service Account name. Set `general.serviceAccount` to use this Service Account for the Opensearch cluster |
 | siem.tenants | list | `[]` | List of additional tenants. Check values.yaml file for examples. |
 | siem.users | list | <pre>users:<br>  - name: "siem-logs"<br>    secretName: "siem-logs-credentials"<br>    secretKey: "password"<br>    backendRoles: []</pre> | List of OpenSearch user configurations for SIEM cluster. |
-| siem.usersCredentials | object | <pre>usersCredentials:<br>  siemAdmin:<br>    username: "siem-admin"<br>    password: "admin"<br>    hash: ""</pre> | List of OpenSearch user credentials for SIEM cluster. These credentials are used for authenticating users with OpenSearch. See values.yaml file for a full example. |
+| siem.usersCredentials | object | <pre>usersCredentials:<br>  siemadmin:<br>    username: "siemadmin"<br>    password: "admin"<br>    hash: ""</pre> | List of OpenSearch user credentials for SIEM cluster. These credentials are used for authenticating users with OpenSearch. See values.yaml file for a full example. |
 | siem.usersRoleBinding | list | <pre>usersRoleBinding:<br>  - name: "siem-write"<br>    users:<br>      - "siem-logs"<br>      - "siem-logs2"<br>    roles:<br>      - "siem-write-role"</pre> | Allows to link any number of users, backend roles and roles with a OpensearchUserRoleBinding for SIEM cluster. Each user in the binding will be granted each role |
 | testFramework.enabled | bool | `true` | Activates the Helm chart testing framework. |
 | testFramework.image.registry | string | `"ghcr.io"` | Defines the image registry for the test framework. |

opensearch/chart/Chart.lock

@@ -8,5 +8,5 @@ dependencies:
 - name: opensearch-cluster
   repository: https://opensearch-project.github.io/opensearch-k8s-operator/
   version: 3.1.0
-digest: sha256:30cbc1c4bfd3dec0ab9273e1ed30de017e79c7aaca42a96f776aa555243967ed
-generated: "2025-10-29T18:37:01.295653+01:00"
+digest: sha256:dbead79a62087f4302e3f285bfdb5fccfde7aaad56ecfaed92b6cb5ab7380df5
+generated: "2025-12-01T15:00:23.812306+01:00"

opensearch/chart/Chart.yaml

@@ -3,7 +3,7 @@
 
 apiVersion: v2
 name: opensearch
-version: 0.0.39
+version: 0.0.40
 description: A Helm chart for the OpenSearch operator
 type: application
 maintainers:

opensearch/chart/ci/test-values.yaml

@@ -67,19 +67,20 @@ cluster:
 siem:
   enabled: true
   usersCredentials:
-    siemAdmin:
-      username: "siem-admin"
+    siemadmin:
+      username: "siemadmin"
       password: "admin"
       hash: "$2y$12$0OYo7uyzgytbPat9qpklL.4PsvvuU0.HX1ZkK7Lq1js/YHXf37VCK"  # bcrypt hash for "admin"
-    siemLogs:
-      username: "siem-logs"
+    siemlogs:
+      username: "siemlogs"
       password: "CHANGE_ME_SIEMUser2025!@#"
-    siemLogs2:
-      username: "siem-logs2"
+    siemlogs2:
+      username: "siemlogs2"
       password: "CHANGE_ME_SIEMFailoverUser2025$%"
-    siemDashboards:
-      username: "siem-dashboards"
+    siemdashboards:
+      username: "siemdashboards"
       password: "CHANGE_ME_SIEMDashboards2025!@#"
+      hash: "$2y$12$0OYo7uyzgytbPat9qpklL.4PsvvuU0.HX1ZkK7Lq1js/YHXf37VCK"  # bcrypt hash for "admin" (for testing only)
   cluster:
     # Disable monitoring for test environment
     general:

opensearch/chart/templates/siem-security-config.yaml

@@ -16,7 +16,7 @@ stringData:
     config:
       dynamic:
         kibana:
-          server_username: {{ .Values.siem.usersCredentials.siemDashboards.username | default "siem-dashboards" }}
+          server_username: {{ .Values.siem.usersCredentials.siemdashboards.username | default "siemdashboards" }}
         http:
           anonymous_auth_enabled: false
           xff:
@@ -53,8 +53,8 @@ stringData:
     _meta:
       type: "internalusers"
       config_version: 2
-    admin:
-      hash: {{ (index .Values.siem.usersCredentials "siemAdmin").hash | quote }}
+    {{ .Values.siem.usersCredentials.siemadmin.username | default "siemadmin" }}:
+      hash: {{ .Values.siem.usersCredentials.siemadmin.hash | quote }}
       reserved: true
       backend_roles:
         - "admin"
@@ -73,7 +73,7 @@ stringData:
       backend_roles:
         - "admin"
       users:
-        - "admin"
+        - {{ .Values.siem.usersCredentials.siemadmin.username | default "siemadmin" | quote }}
 
   tenants.yml: |-
     _meta:

opensearch/chart/values.yaml

@@ -1260,48 +1260,49 @@ siem:
   # -- List of OpenSearch user configurations for SIEM cluster.
   # @default -- <pre>users:<br>  - name: "siem-logs"<br>    secretName: "siem-logs-credentials"<br>    secretKey: "password"<br>    backendRoles: []</pre>
   users:
-    - name: "siem-logs"
-      secretName: "siem-logs-credentials"
+    - name: "siemlogs"
+      secretName: "siemlogs-credentials"
       secretKey: "password"
       backendRoles: []
-    - name: "siem-logs2"
-      secretName: "siem-logs2-credentials"
+    - name: "siemlogs2"
+      secretName: "siemlogs2-credentials"
       secretKey: "password"
       backendRoles: []
-    - name: "siem-dashboards"
-      secretName: "siem-dashboards-credentials"
+    - name: "siemdashboards"
+      secretName: "siemdashboards-credentials"
       secretKey: "password"
       backendRoles: []
 
   # -- List of OpenSearch user credentials for SIEM cluster. These credentials are used for authenticating users with OpenSearch. See values.yaml file for a full example.
-  # @default -- <pre>usersCredentials:<br>  siemAdmin:<br>    username: "siem-admin"<br>    password: "admin"<br>    hash: ""</pre>
+  # @default -- <pre>usersCredentials:<br>  siemadmin:<br>    username: "siemadmin"<br>    password: "admin"<br>    hash: ""</pre>
   usersCredentials:
-    siemAdmin:
-      username: ""  # Specify the username for the "siem-admin" user. If left empty, defaults to "siem-admin".
+    siemadmin:
+      username: ""  # Specify the username for the admin user. If left empty, defaults to "siemadmin".
       password: ""  # Replace password with a secure value before deploying to production. A dummy password is set in ci/test-values.yaml for testing purposes.
       hash: ""      # Optional bcrypt hash of the password.
-    siemLogs:
-      username: ""  # Specify the username for the "siem-logs" user. If left empty, defaults to "siem-logs".
+    siemlogs:
+      username: ""  # Specify the username for the logs user. If left empty, defaults to "siemlogs".
       password: ""  # Replace password with a secure value before deploying to production. A dummy password is set in ci/test-values.yaml for testing purposes.
-    siemLogs2:
-      username: ""  # Specify the username for the failover user for "siem-logs". If left empty, defaults to "siem-logs2".
+    siemlogs2:
+      username: ""  # Specify the username for the failover logs user. If left empty, defaults to "siemlogs2".
       password: ""  # Replace password with a secure value before deploying to production. A dummy password is set in ci/test-values.yaml for testing purposes.
-    siemDashboards:
-      username: ""  # Specify the username for the "siem-dashboards" user. If left empty, defaults to "siem-dashboards".
+    siemdashboards:
+      username: ""  # Specify the username for the dashboards user. If left empty, defaults to "siemdashboards".
       password: ""  # Replace password with a secure value before deploying to production. A dummy password is set in ci/test-values.yaml for testing purposes.
+      hash: ""      # Optional bcrypt hash of the password.
 
   # -- Allows to link any number of users, backend roles and roles with a OpensearchUserRoleBinding for SIEM cluster. Each user in the binding will be granted each role
   # @default -- <pre>usersRoleBinding:<br>  - name: "siem-write"<br>    users:<br>      - "siem-logs"<br>      - "siem-logs2"<br>    roles:<br>      - "siem-write-role"</pre>
   usersRoleBinding:
     - name: "siem-write"
       users:
-        - "siem-logs"
-        - "siem-logs2"
+        - "siemlogs"
+        - "siemlogs2"
       roles:
         - "siem-write-role"
     - name: "siem-dashboards"
       users:
-        - "siem-dashboards"
+        - "siemdashboards"
       roles:
         - "siem-dashboards-role"
 

opensearch/plugindefinition.yaml

@@ -6,14 +6,14 @@ kind: PluginDefinition
 metadata:
   name: opensearch
 spec:
-  version: 0.0.39
+  version: 0.0.40
   displayName: OpenSearch
   description: Creates and manages an OpenSearch environment with automated deployment, provisioning, and orchestration of clusters and dashboards using the OpenSearch Operator.
   icon: 'https://raw.githubusercontent.com/cloudoperators/greenhouse-extensions/main/opensearch/logo.png'
   helmChart:
     name: opensearch
     repository: oci://ghcr.io/cloudoperators/greenhouse-extensions/charts
-    version: 0.0.39
+    version: 0.0.40
   options:
     - name: cluster.cluster.general.monitoring.pluginUrl
       description: "Defines a custom URL for the monitoring plugin. Leave blank to use the default monitoring configuration."
@@ -174,35 +174,35 @@ spec:
       description: "Specifies custom metadata labels for the dashboards service for the SIEM cluster."
       required: false
       type: map
-    - name: siem.usersCredentials.siemAdmin.password
+    - name: siem.usersCredentials.siemadmin.password
       description: "Admin password used for initial setup and management of the SIEM cluster"
       required: false
       type: secret
-    - name: siem.usersCredentials.siemAdmin.hash
+    - name: siem.usersCredentials.siemadmin.hash
       description: "Admin password hash (bcrypt format) for the SIEM cluster"
       required: false
       type: secret
-    - name: siem.usersCredentials.siemLogs.username
+    - name: siem.usersCredentials.siemlogs.username
       description: "Primary username for SIEM data ingestion in the SIEM cluster."
       required: false
       type: secret
-    - name: siem.usersCredentials.siemLogs.password
+    - name: siem.usersCredentials.siemlogs.password
       description: "Primary user password for SIEM data ingestion in the SIEM cluster."
       required: false
       type: secret
-    - name: siem.usersCredentials.siemLogs2.username
+    - name: siem.usersCredentials.siemlogs2.username
       description: "Secondary username for SIEM data ingestion to support failover authentication in the SIEM cluster."
       required: false
       type: secret
-    - name: siem.usersCredentials.siemLogs2.password
+    - name: siem.usersCredentials.siemlogs2.password
       description: "Secondary user password for SIEM data ingestion to support failover authentication in the SIEM cluster."
       required: false
       type: secret
-    - name: siem.usersCredentials.siemDashboards.username
+    - name: siem.usersCredentials.siemdashboards.username
       description: "Username for SIEM dashboards access in the SIEM cluster."
       required: false
       type: secret
-    - name: siem.usersCredentials.siemDashboards.password
+    - name: siem.usersCredentials.siemdashboards.password
       description: "Password for SIEM dashboards access in the SIEM cluster."
       required: false
       type: secret