Description of problem: When we add a secret for Webhook, we should show a link to the secret in Webhooks table "SECRET" column, at least for cluster-admin Version-Release number of selected component (if applicable): registry.svc.ci.openshift.org/openshift/origin-v4.0-2019-01-10-044754@sha256 ab9cd0df895b7ab74594d33a68c87443609bd8b1a1327f0de2044f470318f4d7 a71164a46db0 3 hours ago 268 MB with commit afbc04657d94682d5ec15a0146ac4a8e7da692da How reproducible: Always Steps to Reproduce: 1. Create test secret, test application $ oc create secret generic mysecret --from-literal=WebHookSecretKey=1234qwer $ oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git 2. Add GitLab Webhook and secret $ oc get bc ruby-ex -o yaml | grep -i secret -A 1 secret: GrlGs1T2_gOeu8DDppJF type: GitHub -- secret: wcBbK1vITZV6X_lJoI5w type: Generic -- secret: mysecret type: GitLab 3. Cluster admin visit Build Configs -> ruby-ex -> Overview, Webhooks table Actual results: 3. GitLab Webhook URL shows https://172.30.0.1:443/apis/build.openshift.io/v1/namespaces/yapei/buildconfigs/ruby-ex/webhooks/<secret>/gitlab and no data in "SECRET" column Expected results: 3. We should give a link to secret/mysecret in "SECRET" column because GitLab Webhooks use this secret Additional info: Do we need show exact secret name/value for cluster-admin? That's how we expose for 3.x version
We made a deliberate choice not to show the secret value on the details page to avoid users exposing it through shoulder surfing, accidentally in screenshots, etc. The value is sensitive. While this is a worse user experience, it is a compromise to improve security. The secret column is a link to a secret if we webhook uses a secret reference and should not have a value in this case. We recommend using secret references for webhook secrets.
Reopening this as it is a regression from 3.11. I can understand not displaying it in plain text like we did in 3.x but we need at least to have the copy button added in like we had in 3.x that includes the full API URL. With the current implementation, a user will need to copy and paste from various places in order to construct a webhook.
A copy link or button is a good compromise.
Created attachment 1593755 [details] design Attached is the design recommendation for this bug.
Fixing PR: https://github.com/openshift/console/pull/2214
Changes are not included in 4.2.0-0.nightly-2019-07-31-162901, will check on newer builds
Now we have a 'Copy URL with Secret' button for users have the edit/admin permission. Clicking on 'Copy URL with Secret', the webhook URL will be constructed When we reference a secret in webhook like: triggers: - github: secret: flurzSiPgajj7xJPDGua type: GitHub - generic: secret: 25hzqgLm8PCgugCUGDEV type: Generic - gitlab: secretReference: name: mysecret type: GitLab Console will render a link to the secret. Verified on registry.svc.ci.openshift.org/ocp/release:4.2.0-0.nightly-2019-08-01-113533
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922