Bug 1032525

Summary: vdsClient should accept passwords using means safer than a command line option
Product: [oVirt] vdsm Reporter: Yedidyah Bar David <didi>
Component: GeneralAssignee: Piotr Kliczewski <pkliczew>
Status: CLOSED CURRENTRELEASE QA Contact: Petr Kubica <pkubica>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.16.0CC: bazulay, bugs, emesika, gklein, mgoldboi, oourfali, pkubica, rbalakri, sbonazzo, ybronhei, yeylon
Target Milestone: ovirt-3.6.3Flags: rule-engine: ovirt-3.6.z+
ylavi: planning_ack+
rule-engine: devel_ack+
rule-engine: testing_ack+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-18 11:12:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Yedidyah Bar David 2013-11-20 10:56:54 UTC 
Description of problem:

Every action that accepts a password on the command line should be able to accept it also using safer means: Interactively, using an environment variable, reading from a file.

I am currently opening this bug for setVmTicket in bug #1021902 but it's applicable elsewhere in vdsClient.
Comment 1 Itamar Heim 2014-01-12 08:43:34 UTC 
setting target release to current version for consideration and review. please do not push non-RFE bugs to an undefined target release to make sure bugs are reviewed for relevancy, fix, closure, etc.
Comment 3 Barak 2014-02-11 12:49:25 UTC 
What vdsCli commands accepts password ?
Comment 4 Yaniv Bronhaim 2014-02-18 11:25:24 UTC 
discoverST connectStorageServer setVmTicket validateStorageServerConnection disconnectStorageServer desktopLogin  are the commands that get password as part of theirs parameters
Comment 5 Piotr Kliczewski 2014-02-19 13:05:39 UTC 
oVirt gerrit 24733
Comment 6 Sandro Bonazzola 2014-03-04 09:24:02 UTC 
This is an automated message.
Re-targeting all non-blocker bugs still open on 3.4.0 to 3.4.1.
Comment 8 Red Hat Bugzilla Rules Engine 2015-10-18 08:34:24 UTC 
Bug tickets that are moved to testing must have target release set to make sure tester knows what to test. Please set the correct target release before moving to ON_QA.
Comment 9 Petr Kubica 2016-01-07 15:05:49 UTC 
tested with vdsm-4.17.15-0.el7ev.noarch
failed with use auth=file:/root/file

#echo "password" > /root/file
#vdsClient -s 0 setVmTicket <vmID> - 120 -- auth=file:/root/file

after that it's not possible login to display via vncviewer with password "password". There is a problem with reading a file, readed file has one more character (end of line).

'env' and 'pass' working properly.
Comment 10 Red Hat Bugzilla Rules Engine 2016-01-07 15:05:52 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 11 Piotr Kliczewski 2016-01-11 14:07:40 UTC 
I checked the code and this scenario is covered by unit tests so I attempted to reproduce the issue using latest master (there were no changes for this functionality). 

I host deployed vdsm, configured nfs storage and created a vm. After that I run commands as described in comment #9 and I got following output:

[root@f20 hosted]# vdsClient -s 0 setVmTicket 8e2456e6-cdf6-418f-893b-c714068e2fc8 - 120 -- auth=file:/root/file
	code = 0
	message = 'Done'

Please note that I run the commands as root. Please make sure that you have correct permissions and if you still see the issue please provide steps to reproduce. Otherwise I am going to close this BZ.
Comment 12 Petr Kubica 2016-01-14 15:20:37 UTC 
I did an update engine & host to vdsm-4.17.17-0.el7ev.noarch and now everything is working.

So I move it to verified

Verified in vdsm-4.17.17-0.el7ev.noarch