Bug 1169099
| Summary: | [RFE] secrets should be marked so near their definition | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Yedidyah Bar David <didi> |
| Component: | RFEs | Assignee: | Yedidyah Bar David <didi> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jiri Belka <jbelka> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | --- | CC: | bugs, lsurette, lsvaty, pstehlik, rbalakri, srevivo, ykaul, ylavi |
| Target Milestone: | ovirt-4.2.0 | Keywords: | FutureFeature, Reopened |
| Target Release: | 4.2.0 | Flags: | sbonazzo:
ovirt-4.2?
pstehlik: testing_plan_complete- ylavi: planning_ack? sbonazzo: devel_ack+ lsvaty: testing_ack+ |
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-12-20 10:51:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1472325 | ||
| Bug Blocks: | |||
|
Description
Yedidyah Bar David
2014-11-30 10:04:25 UTC
Closing old RFEs. I'd rather fix it. Not sure it's easy to do for both engine-setup and log-collector at once, but doing for engine-setup-only should be easy, and would have helped prevent e.g. bug 1371613 and bug 1363816. Once we do that, I also thought it will be useful to automatically filter in otopi every env key whose name includes 'password', 'secret', 'private', etc., unless proactively un-filtered (which will require a bit more work, but not much). (In reply to Yedidyah Bar David from comment #2) > I'd rather fix it. Not sure it's easy to do for both engine-setup and > log-collector at once, but doing for engine-setup-only should be easy, and > would have helped prevent e.g. bug 1371613 and bug 1363816. Once we do that, > I also thought it will be useful to automatically filter in otopi every env > key whose name includes 'password', 'secret', 'private', etc., unless > proactively un-filtered (which will require a bit more work, but not much). If you have the resources, I'm fine with fixing it. Only user-visible change is that OVESETUP_CONFIG/remoteEngineHostRootPassword should now be added to CORE/logFilterKeys a tiny bit earlier (as can be seen in the engine-setup log file). ok, ovirt-engine-setup-4.2.0-0.0.master.20171012160334.git6fb4578.el7.centos.noarch 4.2 2017-10-13 15:08:45,060+0200 DEBUG otopi.plugins.otopi.core.log log._validation:384 _filtered_keys_at_setup: ['OVESETUP_DWH_DB/password', 'OVESETUP_DB/password', 'OVESETUP_CONFIG/remoteEngineHostRootPassword', 'OVESETUP_DB/password', 'OVESETUP_PKI/storePassword', 'OVESETUP_CONFIG/adminPassword', 'OVESET UP_OVN/ovirtProviderOvnSecret'] vs 4.1 2016-08-20 00:08:58 DEBUG otopi.context context.dumpEnvironment:770 ENV CORE/logFilterKeys=list:'['OVESETUP_DB/password', 'OVESETUP_DWH_DB/password', 'OVESETUP_DB/password', 'OVESETUP_CONFIG/adminPassword', 'OVESETUP_PKI/storePassword', 'OVESETUP_CONFIG/remoteEngineHostRootPassword']' This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017. Since the problem described in this bug report should be resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |