Bug 1014115

Summary: engine-setup sometimes logs passwords
Product: [Retired] oVirt Reporter: Yedidyah Bar David <didi>
Component: ovirt-engine-installerAssignee: Yedidyah Bar David <didi>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Belka <jbelka>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 3.3CC: acathrow, alonbl, alourie, iheim, oschreib, pstehlik, sbonazzo, yeylon
Target Milestone: ---   
Target Release: 3.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: integration
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1016012 (view as bug list) Environment:
Last Closed: 2013-11-07 08:26:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1014552    
Bug Blocks: 1011800, 1016012    

Description Yedidyah Bar David 2013-10-01 12:44:09 UTC 
Description of problem:

engine-setup sometimes logs passwords to its log file, although most of the code is intended to not do that. We should make sure this never happens.

Version-Release number of selected component (if applicable):


How reproducible:

E.g. while upgrading from legacy, the database-access password used by legacy is logged.

Steps to Reproduce:
1. Install ovirt 3.2, run setup, input some password for the database
2. Upgrade to 3.3
3.

Actual results:

The db password appears in the log

Expected results:

All passwords should be replaced by '**FILTERED**'

Additional info:
Comment 1 Sandro Bonazzola 2013-10-14 09:57:49 UTC 
included in 3.3.0.1 now in updates-testing.
Comment 2 Jiri Belka 2013-10-25 10:47:15 UTC 
ok, sf21.1 -> is20.
Comment 3 Sandro Bonazzola 2013-11-07 08:26:38 UTC 
oVirt 3.3.0.1 has been released.