Bug 2009849

Summary: BMC credentials could be logged if they change
Product: OpenShift Container Platform Reporter: Zane Bitter <zbitter>
Component: Bare Metal Hardware ProvisioningAssignee: Zane Bitter <zbitter>
Bare Metal Hardware Provisioning sub component: baremetal-operator QA Contact: Lubov <lshilin>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: augol, lshilin
Version: 4.9Keywords: Triaged
Target Milestone: ---   
Target Release: 4.9.z   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2004625 Environment:
Last Closed: 2021-11-10 21:02:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2004625    
Bug Blocks:    

Description Zane Bitter 2021-10-01 19:02:31 UTC
+++ This bug was initially created as a clone of Bug #2004625 +++

Beginning with 4.9, if the user changes the credentials for a BaremetalHost (by editing or changing the Secret that contains them), the baremetal operator may log the new credentials in the process of updating them in Ironic.

This is a very rare event as users don't generally change the BMC credentials, but it should be avoided.

Comment 4 Lubov 2021-11-02 13:25:33 UTC
verified on 4.9.0-0.nightly-2021-11-02-033840

Comment 7 errata-xmlrpc 2021-11-10 21:02:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.6 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.