| Summary: | ec2 credentials printed to log file | ||
|---|---|---|---|
| Product: | [Retired] CloudForms Cloud Engine | Reporter: | Dave Johnson <dajohnso> |
| Component: | imagefactory | Assignee: | Ian McLeod <imcleod> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Aziza Karol <akarol> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 0.3.1 | CC: | dajohnso, deltacloud-maint, sloranz, ssachdev, whayutin |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-08 13:46:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Dave Johnson
2011-04-26 21:51:06 UTC
need status on this I have removed all printing of credentials in the log messages within the Fedora builder (which is also used for RHEL builds). I have replaced them with generic references to "access_key" or "secret_key". This is pushed and available as the 0.2.3 interim release here: http://repos.fedorapeople.org/repos/aeolus/image-factory/0.2.3/ i see the ec2 credentials still printing to imagefactory.log while building image Except for secret key all other things are printed : Accesskey , account number , private key, cert key . I've changed the debug statement for QMF method calls to redact the credentials. You'll see something like the following now:
args = {'credentials': '*** REDACTED ***', 'image': '99b93b28-f50a-442d-9845-a02044bc23b5', 'build': '6e7db8a4-0932-4b54-98eb-db98b9f2506f', 'providers': ['mock-provider1']}
I'm prepared to push this out as 0.2.4 unless there are other items from comment 3 above that need action.
(In reply to comment #4) > I've changed the debug statement for QMF method calls to redact the > credentials. You'll see something like the following now: > > args = {'credentials': '*** REDACTED ***', 'image': > '99b93b28-f50a-442d-9845-a02044bc23b5', 'build': > '6e7db8a4-0932-4b54-98eb-db98b9f2506f', 'providers': ['mock-provider1']} > > I'm prepared to push this out as 0.2.4 unless there are other items from > comment 3 above that need action. This will actually go out in 0.3.0 this weekend. rpm -q imagefactory before testing removing from tracker [root@dell-pe1950-01 ~]# rpm -qa | grep imagefactory imagefactory-0.2.3-1.el6.noarch ec2 credentials still printing to imagefactory.log while pushing image. [root@dell-pe1950-01 ~]# rpm -qa | grep aeolus aeolus-conductor-0.3.0-0.el6.20110712223242git096643e.noarch rubygem-aeolus-cli-0.0.1-1.el6.20110711131044git5bc7abf.noarch aeolus-conductor-daemons-0.3.0-0.el6.20110712223242git096643e.noarch aeolus-configure-2.0.1-0.el6.20110712153243gite2c11da.noarch aeolus-all-0.3.0-0.el6.20110712223242git096643e.noarch aeolus-conductor-doc-0.3.0-0.el6.20110712223242git096643e.noarch From comment 5,0.2.4 is yet to come. 2011-07-14 14:30:43,443 DEBUG imagefactory.builders.BaseBuilder.FedoraBuilder pid(18031) Message: Executing register command: euca-register -U http://ec2.us-west-1.amazonaws.com/ -A "access_key" -S "secret_key" imagefactory-ec2-us-west-1-6735-0069-5950/23beb33b-fe68-443c-9f68-eb47b16cf313.manifest.xml fixed in [root@hp-z200-06 ~]# rpm -qa | grep aeolus aeolus-configure-2.0.1-0.el6.20110712153243gite2c11da.noarch aeolus-conductor-doc-0.3.0-0.el6.20110712223242git096643e.noarch aeolus-conductor-daemons-0.3.0-0.el6.20110712223242git096643e.noarch aeolus-all-0.3.0-0.el6.20110712223242git096643e.noarch rubygem-aeolus-cli-0.0.1-1.el6.20110712223242git096643e.noarch aeolus-conductor-0.3.0-0.el6.20110712223242git096643e.noarch [root@hp-z200-06 ~]# release pending... release pending... perm close |