Bug 1450183

Summary: Queued item containing secrets is being dumped in plain-text in evm.log
Product: Red Hat CloudForms Management Engine Reporter: James Wong <jwong>
Component: ProvidersAssignee: James Wong <jwong>
Status: CLOSED CURRENTRELEASE QA Contact: Pavol Kotvan <pakotvan>
Severity: high Docs Contact:
Priority: high    
Version: 5.8.0CC: cpelland, jfrey, jhardy, obarenbo, simaishi
Target Milestone: GAKeywords: TestOnly
Target Release: 5.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: ansible
Fixed In Version: 5.9.0.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1451046 (view as bug list) Environment:
Last Closed: 2018-03-06 14:58:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1451046    

Description James Wong 2017-05-11 18:18:20 UTC 
MiqQeue is logging queue items being put on it. And it's not sanitizing secrets.


[----] I, [2017-05-11T13:42:30.645710 #15396:19d8d88]  INFO -- : MIQ(MiqQueue.put) Message id: [14016],  id: [], Zone: [default], Role: [ems_operations], Server: [], Ident: [generic], Target id: [], Instance id: [7], Task id: [], Command: [ManageIQ::Providers::EmbeddedAnsible::AutomationManager::MachineCredential.update_in_provider], Timeout: [600], Priority: [20], State: [ready], Deliver On: [], Data: [], Args: [{:id=>7, :name=>"first-cred", :type=>"ManageIQ::Providers::EmbeddedAnsible::AutomationManager::MachineCredential", :userid=>"", :become_method=>"", :become_username=>"", :password=>"secrete-pwd", :ssh_key_data=>"secrete-pkey", :become_password=>"secret-es-pwed", :vault_password=>"secret-vault", :task_id=>22}]
Comment 2 CFME Bot 2017-05-12 18:46:29 UTC 
https://github.com/ManageIQ/manageiq/pull/15084
Comment 3 CFME Bot 2017-05-15 15:46:28 UTC 
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/48704ac60d138663512b924acf647af6089b7930

commit 48704ac60d138663512b924acf647af6089b7930
Author:     James Wong <jwong>
AuthorDate: Fri May 12 14:35:49 2017 -0400
Commit:     James Wong <jwong>
CommitDate: Fri May 12 15:57:49 2017 -0400

    simply add tokens to PASSWORD_FIELDS
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1450183

 .../ansible_tower/shared/automation_manager/credential.rb        | 4 ++--
 .../ansible_tower/shared/automation_manager/tower_api.rb         | 1 +
 lib/vmdb/settings/walker.rb                                      | 9 +--------
 spec/support/ansible_shared/automation_manager/credential.rb     | 4 ++++
 4 files changed, 8 insertions(+), 10 deletions(-)