Bug 1879911
| Summary: | (security) dont use the hardcoded passwords | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Tomas Jelinek <tjelinek> |
| Component: | Console Kubevirt Plugin | Assignee: | Gilad Lekner <glekner> |
| Status: | CLOSED ERRATA | QA Contact: | Guohua Ouyang <gouyang> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.6 | CC: | aos-bugs, glekner, gouyang |
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 16:41:54 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |
Description of problem: common templates are using hardcoded passwords. Since 2.5 they will contain a parameter to generate them, but that relies on the "oc process" functionality. After an offline discussion it has been decided to generate the password on the UI as well. The specific behavior: If the common-templates contains the cloud-init config, e.g. like: #cloud-config user: admin password: <whatever> chpasswd: {expire: False} ssh_pwauth: True than the UI needs to modify it before adding it to the cloud init section. It needs to take everything what is on the line after the "password: " and generate a password. The format needs to be <four random characters>-<four random characters>-<four random characters>. So, something like this: #cloud-config user: admin password: abcd-a41s-2342 chpasswd: {expire: False} ssh_pwauth: True