Bug 1571349
Summary: | Container ENV proxy vars getting redacted when BUILD_LOGLEVEL=5 used in build | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Luke Stanton <lstanton> |
Component: | Build | Assignee: | Adam Kaplan <adam.kaplan> |
Status: | CLOSED ERRATA | QA Contact: | wewang <wewang> |
Severity: | low | Docs Contact: | Brandi Munilla <bmcelvee> |
Priority: | unspecified | ||
Version: | 3.6.0 | CC: | aos-bugs, bparees, wzheng |
Target Milestone: | --- | ||
Target Release: | 3.10.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: Some build container environment variables were modified when redacted in the container log.
Consequence: URL proxy settings (such as HTTP/S proxies) were modified, breaking these settings.
Fix: A copy of these environment variables are made prior to redaction in the logs.
Result: Proxy URLs with user credentials are redacted in the container log, but are not modified when used in the build.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-07-30 19:13:48 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Luke Stanton
2018-04-24 14:59:38 UTC
Created attachment 1426104 [details]
Build template
Created attachment 1426105 [details]
Master config containing proxy settings
Origin PR: https://github.com/openshift/origin/pull/19532 s2i PR: https://github.com/openshift/source-to-image/pull/874 Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/51b3047636ac7bebadd1114bc8a0d1e21d1f1c87 Ensure environment variables and URLs are not modified for safe logging. Bug 1571349 Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/4650086d67bdf4a38213575245a04029a350d2fa bump(*): github.com/openshift/source-to-image 27f0729 github.com/emicklei/go-restful-swagger12 5e28dc7 github.com/skynetservices/skydns 775ef406 k8s.io forks * fixes bug 1571349 * Support for ConfigMap Build Sources ** Trello Card https://trello.com/c/RMKJxJUm/1020-5-allow-using-a-configmap-as-an-input-to-a-build-builds ** RFE/bug 1540978 verified in openshift v3.10.0-0.47.0 steps: 1. modify master-config.yaml as below,and restart master: admissionConfig: pluginConfig: BuildDefaults: configuration: apiVersion: v1 env: - name: HTTP_PROXY value: http://file.xxx.redhat.com:xxxx - name: HTTPS_PROXY value: https://file.xxx.redhat.com:xxx - name: CUSTOM_VAR value: custom_value kind: BuildDefaultsConfig gitHTTPProxy: http://file.xxx.redhat.com:xxx gitHTTPSProxy: https://file.xxx.redhat.com:xxx gitNoProxy: cluster.local,otherdomain.com 2. Create apps $oc new-app -f https://raw.githubusercontent.com/openshift/origin/master/examples/sample-app/application-template-stibuild.json 3. Add BUILD_LOGLEVEL=5 to the build-config 4. Check the env in container [wewang@wen-local ~]$ oc rsh frontend-2-rzd7s sh-4.2$ env |grep HTTP HTTPS_PROXY=https://file.xxx.redhat.com:xxx HTTP_PROXY=http://file.xxx.redhat.com:xxxx Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1816 |