1450183 – Queued item containing secrets is being dumped in plain-text in evm.log

Bug 1450183 - Queued item containing secrets is being dumped in plain-text in evm.log

Summary: Queued item containing secrets is being dumped in plain-text in evm.log

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Providers
Sub Component:
Version:	5.8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	GA
Target Release:	5.9.0
Assignee:	James Wong
QA Contact:	Pavol Kotvan
Docs Contact:
URL:
Whiteboard:	ansible
Depends On:
Blocks:	1451046
TreeView+	depends on / blocked

Reported:	2017-05-11 18:18 UTC by James Wong
Modified:	2018-03-14 09:14 UTC (History)
CC List:	5 users (show)
Fixed In Version:	5.9.0.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1451046 (view as bug list)
Environment:
Last Closed:	2018-03-06 14:58:18 UTC
Category:	---
Cloudforms Team:	CFME Core
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description James Wong 2017-05-11 18:18:20 UTC

MiqQeue is logging queue items being put on it. And it's not sanitizing secrets.


[----] I, [2017-05-11T13:42:30.645710 #15396:19d8d88]  INFO -- : MIQ(MiqQueue.put) Message id: [14016],  id: [], Zone: [default], Role: [ems_operations], Server: [], Ident: [generic], Target id: [], Instance id: [7], Task id: [], Command: [ManageIQ::Providers::EmbeddedAnsible::AutomationManager::MachineCredential.update_in_provider], Timeout: [600], Priority: [20], State: [ready], Deliver On: [], Data: [], Args: [{:id=>7, :name=>"first-cred", :type=>"ManageIQ::Providers::EmbeddedAnsible::AutomationManager::MachineCredential", :userid=>"", :become_method=>"", :become_username=>"", :password=>"secrete-pwd", :ssh_key_data=>"secrete-pkey", :become_password=>"secret-es-pwed", :vault_password=>"secret-vault", :task_id=>22}]

Comment 2 CFME Bot 2017-05-12 18:46:29 UTC

https://github.com/ManageIQ/manageiq/pull/15084

Comment 3 CFME Bot 2017-05-15 15:46:28 UTC

New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/48704ac60d138663512b924acf647af6089b7930

commit 48704ac60d138663512b924acf647af6089b7930
Author:     James Wong <jwong>
AuthorDate: Fri May 12 14:35:49 2017 -0400
Commit:     James Wong <jwong>
CommitDate: Fri May 12 15:57:49 2017 -0400

    simply add tokens to PASSWORD_FIELDS
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1450183

 .../ansible_tower/shared/automation_manager/credential.rb        | 4 ++--
 .../ansible_tower/shared/automation_manager/tower_api.rb         | 1 +
 lib/vmdb/settings/walker.rb                                      | 9 +--------
 spec/support/ansible_shared/automation_manager/credential.rb     | 4 ++++
 4 files changed, 8 insertions(+), 10 deletions(-)

Note You need to log in before you can comment on or make changes to this bug.