Bug 1019983

Summary: Password entered into installer is written to dtgov-sramp-repo-seed-cli-commands.txt in plain text
Product: [JBoss] JBoss Fuse Service Works 6 Reporter: Len DiMaggio <ldimaggi>
Component: InstallerAssignee: Thomas Hauser <thauser>
Status: CLOSED CURRENTRELEASE QA Contact: Len DiMaggio <ldimaggi>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.0.0 GACC: atangrin, soa-p-jira
Target Milestone: ER7   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Len DiMaggio 2013-10-16 17:56:27 UTC 
Description of problem:

dtgov-sramp-repo-seed-cli-commands.txt
    connect http://localhost:8080/s-ramp-server admin password1#

Version-Release number of selected component (if applicable):
ER4

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Thomas Hauser 2013-10-21 18:17:09 UTC 
Being able to mask this password is dependent upon some configuration / rework of S-RAMP and DT Gov
Comment 3 Eric Wittmann 2013-10-29 13:04:59 UTC 
Alas we don't have anything in place to mask this password.  Instead I think the installer should:

1) make a copy of the file
2) update the copy with the admin credentials entered by the user in the installer
3) execute the copy
4) delete the copy

This will leave the original file in place in case the user ever needs to manually execute it.

The S-RAMP CLI has been updated so that if the username/password are missing from the command file, the CLI will prompt the user for the username/password.  This should make executing this file manually a little bit easier.
Comment 5 Thomas Hauser 2013-11-14 15:26:07 UTC 
Changes should be present in ER7. Need the full build for confirmation.
Comment 6 Thomas Hauser 2013-12-13 18:00:13 UTC 
The ER7-2 installer has the following procedure implemented:

a) Create a copy of the original file with plaintext credentials
Successfully wrote /home/thauser/FSW/jboss-eap-6.1/dtgov-sramp-repo-seed-cli-commands.txtTEMP

b) Run the seeding command with this file:
Running command:[java, -Xmx1024m, -jar, bin/s-ramp-shell-0.3.1.Final-redhat-4.jar, -f, dtgov-sramp-repo-seed-cli-commands.txtTEMP]

c) Remove this file after installation.

End results: Original file contains no credentials, SRAMP seeding succeeds.
Comment 7 Len DiMaggio 2013-12-13 20:35:30 UTC 
Verified in ER7-2:

cat dtgov-sramp-repo-seed-cli-commands.txt 
connect http://localhost:8080/s-ramp-server
ontology:upload dtgov-data/deployment-status.owl
ontology:upload dtgov-data/project-review-status.owl