Bug 1363816

Summary: password DWH_DB_PASSWORD not hidden
Product: [oVirt] ovirt-engine Reporter: Fabrice Bacchella <fabrice.bacchella>
Component: ServicesAssignee: Yedidyah Bar David <didi>
Status: CLOSED CURRENTRELEASE QA Contact: Lukas Svaty <lsvaty>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.0.0CC: bugs, fabrice.bacchella, lsvaty, sbonazzo, ylavi
Target Milestone: ovirt-4.0.3Keywords: ZStream
Target Release: 4.0.3Flags: rule-engine: ovirt-4.0.z+
ylavi: planning_ack+
sbonazzo: devel_ack+
lsvaty: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: DWH database is used by the engine for the new 4.0 dashboard feature, so credentials were added to its configuration, but not to the list of keys to filter in the logs. Consequence: DWH database password appears in the logs as-is. Fix: DWH_DB_PASSWORD was added to SENSITIVE_KEYS Result: The password is replaces with '***'
 Story Points: ---
Clone Of:
: 1369695 (view as bug list) Environment:
Last Closed: 2016-08-29 14:51:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1369695, 1369793    

Description Fabrice Bacchella 2016-08-03 16:04:31 UTC 
I the log files, I can see :
Value of property 'DWH_DB_PASSWORD' is 'myrealpassword'.

But at the same time:
Value of property 'ENGINE_SSO_CLIENT_SECRET' is '***'.

DWH_DB_PASSWORD should be hidden too
Comment 3 Yedidyah Bar David 2016-08-24 06:58:30 UTC 
AFAICT this refers to engine log files, not dwh (or engine-setup). Changing product/component.
Comment 4 Red Hat Bugzilla Rules Engine 2016-08-24 06:59:31 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 5 Yedidyah Bar David 2016-08-24 07:27:43 UTC 
Steps for reproduction/verification:

setup engine 4.0 with dwh
grep -R DWH_DB_PASSWORD /var/log/ovirt-engine/*

With broken version:

/var/log/ovirt-engine/engine.log:2016-08-24 10:10:20,764 INFO  [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService Thread Pool -- 45) [] Value of property 'DWH_DB_PASSWORD' is 'zJQ11m3Cl4tJIrXJ0sdKEj'.

With fixed version:

/var/log/ovirt-engine/engine.log:2016-08-24 10:14:20,444 INFO  [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService Thread Pool -- 46) [] Value of property 'DWH_DB_PASSWORD' is '***'.

Fabrice, please confirm. Did you see it elsewhere? And thanks for the report!
Comment 10 Fabrice Bacchella 2016-08-24 08:10:58 UTC 
I don't remember seeing it elsewhere.
Comment 11 Lukas Svaty 2016-08-26 12:29:43 UTC 
verified in ovirt-engine-setup-4.0.3-0.1.el7ev.noarch