1550951 – Password of ovirt-provider-ovn is not always removed from logfile

Bug 1550951 - Password of ovirt-provider-ovn is not always removed from logfile

Summary: Password of ovirt-provider-ovn is not always removed from logfile

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	Setup.Engine
Sub Component:
Version:	4.2.1.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	ovirt-4.2.2
Target Release:	---
Assignee:	Dominik Holler
QA Contact:	Mor
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-03-02 11:30 UTC by Dominik Holler
Modified:	2018-03-29 11:13 UTC (History)
CC List:	5 users (show)
Fixed In Version:	ovirt-engine-4.2.2.4
Doc Type:	Bug Fix
Doc Text:	Cause: The provider's password was not filtered from the log file. Consequence: The provider's password written to the log file except it was removed by the engine's admin password filter. Fix: The provider's password is filtered from the log file. Result: The provider's password is not written to the log file.
Clone Of:
Environment:
Last Closed:	2018-03-29 11:13:29 UTC
oVirt Team:	Network
Embargoed:
Dependent Products:
Flags:	rule-engine: ovirt-4.2+ rule-engine: blocker+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	88384	0	'None'	'MERGED'	'packaging: setup: Filter OVIRT_PROVIDER_OVN_PASSWORD from logs'	2019-12-06 09:32:19 UTC
oVirt gerrit	88526	0	'None'	'MERGED'	'packaging: setup: Filter OVIRT_PROVIDER_OVN_PASSWORD from logs'	2019-12-06 09:32:19 UTC

Description Dominik Holler 2018-03-02 11:30:29 UTC

Description of problem: If the password is not engine's default admin password, the password is logged in engine-setup's logfile.


Version-Release number of selected component (if applicable):


How reproducible: Use other credentials than engine's default admin ones during engine-setup.


Steps to Reproduce:
1. Run egine-setup in a clean env
2. Configure ovirt-provider-ovn (Yes, No) [Yes]: Yes 
3. oVirt OVN provider user[admin@internal]: netadmin@internal
4. oVirt OVN provider password: stringEasyToFindInLogfile

Actual results: The oVirt OVN provider password, e.g. stringEasyToFindInLogfile, is written to the log file.


Expected results: The oVirt OVN provider password, e.g. stringEasyToFindInLogfile, is **not** written to the log file.


Additional info:

Comment 1 Mor 2018-03-18 11:44:18 UTC

Verified on:
RHV 4.2.2.4-0.1.el7

Comment 2 Sandro Bonazzola 2018-03-29 11:13:29 UTC

This bugzilla is included in oVirt 4.2.2 release, published on March 28th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.2 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.