Bug 1498203
| Summary: | Extracted Credentials were leaking to new bindings | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Shawn Hurley <shurley> |
| Component: | Service Broker | Assignee: | Shawn Hurley <shurley> |
| Status: | CLOSED ERRATA | QA Contact: | Weihua Meng <wmeng> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 3.7.0 | CC: | aos-bugs, jmatthew, shurley, wmeng |
| Target Milestone: | --- | ||
| Target Release: | 3.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-28 22:14:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Shawn Hurley
2017-10-03 17:56:23 UTC
Bug fixes with PR: https://github.com/openshift/ansible-service-broker/pull/469 Hi, Shawn I did not see secret contains the credentials for itself and others. I tried that Provision PostgreSQL APB and MySQL APB in defferent projects and in same project. # oc describe secret dh-rhscl-mysql-apb-8243t-credentials-lhem7 Name: dh-rhscl-mysql-apb-8243t-credentials-lhem7 Namespace: test1 Labels: <none> Annotations: <none> Type: Opaque Data ==== MYSQL_PASSWORD: 5 bytes MYSQL_PORT: 4 bytes MYSQL_USER: 5 bytes MYSQL_DATABASE: 5 bytes # oc describe secret dh-rhscl-postgresql-apb-fldxt-credentials-0diao Name: dh-rhscl-postgresql-apb-fldxt-credentials-0diao Namespace: test1 Labels: <none> Annotations: <none> Type: Opaque Data ==== DB_NAME: 5 bytes DB_PASSWORD: 4 bytes DB_PORT: 4 bytes DB_TYPE: 8 bytes DB_USER: 5 bytes DB_HOST: 10 bytes asb image used # docker images REPOSITORY TAG IMAGE ID CREATED SIZE brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/ose-ansible-service-broker v3.7 58314270b158 3 days ago 622.2 MB asbd --version 1.0.7 Does the above prove that the issue is fixed? Which version has the fix for this bug? If the version has bug fix, and test steps are right, then we are confident that the bug is fixed. Verified. Fixed. # oc describe secret dh-rhscl-postgresql-apb-ntsn2-credentials-95act Name: dh-rhscl-postgresql-apb-ntsn2-credentials-95act Namespace: wmeng1 Labels: <none> Annotations: <none> Type: Opaque Data ==== DB_TYPE: 8 bytes DB_USER: 5 bytes DB_HOST: 10 bytes DB_NAME: 5 bytes DB_PASSWORD: 20 bytes DB_PORT: 4 bytes [root@preserve-wmeng18-master-etcd-1 ~]# oc describe secret dh-rhscl-mysql-apb-69mjt-credentials-f55dv Name: dh-rhscl-mysql-apb-69mjt-credentials-f55dv Namespace: wmeng1 Labels: <none> Annotations: <none> Type: Opaque Data ==== MYSQL_DATABASE: 5 bytes MYSQL_HOST: 13 bytes MYSQL_PASSWORD: 20 bytes MYSQL_PORT: 4 bytes MYSQL_USER: 5 bytes [root@preserve-wmeng18-master-etcd-1 ~]# sh-4.2$ asbd --version 1.0.10 ansible-service-broker-1.0.10-1.el7.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188 |