Bug 1566854
Summary: | paramertes in serviceinstance.automationbroker.io shouldn't be in plaintext | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Zihan Tang <zitang> |
Component: | Service Broker | Assignee: | Jesus M. Rodriguez <jesusr> |
Status: | CLOSED WONTFIX | QA Contact: | Zihan Tang <zitang> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.10.0 | CC: | aos-bugs, chezhang, jiazha, jmatthew, rszumski, zhsun |
Target Milestone: | --- | ||
Target Release: | 4.2.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-17 21:23:26 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Zihan Tang
2018-04-13 06:00:30 UTC
While it may be surprising to see the data in plain text in this representation, for practical purposes the security of this data is not substantially different than if it were in a secret. RBAC guarantees that this data can only be seen by the users and groups listed below. We do intend to move these parameters into secrets in the future to gain a slight incremental advantage, but we do not believe there is a problem today, nor is there an opportunity to substantially improve the security of how this data is stored. #### $ oc adm policy who-can describe serviceinstance.automationbroker.io -n ansible-service-broker Namespace: ansible-service-broker Verb: describe Resource: serviceinstances.automationbroker.io Users: admin system:admin system:serviceaccount:ansible-service-broker:asb system:serviceaccount:default:pvinstaller system:serviceaccount:kube-service-catalog:service-catalog-controller system:serviceaccount:kube-system:clusterrole-aggregation-controller Groups: system:cluster-admins system:masters Due to reduced investment in Service Brokers/Ansible Service Broker, this feature request will not move forward at this time. |