Bug 2099991

Summary: pass the "--quiet" option via the buildconfig for s2i
Product: OpenShift Container Platform Reporter: taxu
Component: BuildAssignee: Corey Daley <cdaley>
Status: CLOSED ERRATA QA Contact: Jitendar Singh <jitsingh>
Severity: low Docs Contact:
Priority: medium    
Version: 4.7CC: cdaley, nsu, oarribas, spandura, taxu
Target Milestone: ---   
Target Release: 4.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
* By default, Buildah prints steps to the log file, including the contents of environment variables, which might include xref:../cicd/builds/creating-build-inputs.adoc#builds-input-secrets-configmaps_creating-build-inputs[build input secrets]. Although you can use the `--quiet` build argument to suppress printing of those environment variables, this argument isn't available if you use the source-to-image (S2I) build strategy. The current release fixes this issue. To suppress printing of environment variables, set the `BUILDAH_QUIET` environment variable in your build configuration: + [source,yaml] ---- sourceStrategy: ... env: - name: "BUILDAH_QUIET" value: "true" ----
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-17 19:50:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2118375    

Description taxu 2022-06-22 06:52:37 UTC 
Description of problem:
Previously we had a bug opened for "Reduce buildah log level for default build log level [NEEDINFO]":

https://bugzilla.redhat.com/show_bug.cgi?id=1996883

We suggested customer using secrets, however, customer confirmed that they are using secrets as per:
https://docs.openshift.com/container-platform/4.8/cicd/builds/creating-build-inputs.html#builds-input-secrets-configmaps_creating-build-inputs

But not able to use "--quiet" build argument since they are using openshift s2i config:

strategy:
    type: Source
    sourceStrategy:
      from:
        kind: ImageStreamTag
        namespace: xxxxxxx
        name: 's2i-xxxxxx-xxxxxxx:v1.0.0'


Actual results:
Under this setting, the secret as well as every other openshift secret are printed.


Expected results:
Sensitive information (ENV) should not appear in build logs


Additional info:
Maybe pass the --quiet option via the buildconfig fir s2i?
Comment 1 taxu 2022-07-01 03:42:46 UTC 
Hi Build team,

I see that the target release for this bug is 4.11.0

Please let us know where to add the LOG_LEVEL for s2i and/or passing "--quiet" options once the fix is deployed.

Kind regards,

Tao Xu
Comment 5 Jitendar Singh 2022-07-27 04:48:18 UTC 
verified
Comment 17 errata-xmlrpc 2023-01-17 19:50:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399