1694861 – build log output includes credentials

Bug 1694861 - build log output includes credentials

Summary: build log output includes credentials

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Build
Sub Component:
Version:	4.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.1.0
Assignee:	Alexey Gladkov
QA Contact:	wewang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-04-01 21:21 UTC by Ben Parees
Modified:	2019-06-04 10:46 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: One of the log messages included a dump of the structure that contained the credentials. Consequence: credentials are visible in the log. Fix: Don't dump whole structure. Result: credentials are not visible in the log.
Clone Of:
Environment:
Last Closed:	2019-06-04 10:46:44 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:0758	0	None	None	None	2019-06-04 10:46:53 UTC

Description Ben Parees 2019-04-01 21:21:07 UTC

Description of problem:
Build log output shows docker credentials being used


How reproducible:
always


Steps to Reproduce:
1. run a build
2. look at the build output

Actual results:
build output includes docker creds:

Setting authentication for registry "image-registry.openshift-image-registry.svc:5000" using docker.AuthConfiguration{Username:"serviceaccount", Password:"eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJjaS1vcC00Y2hnd3NjciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJidWlsZGVyLXRva2VuLWIyeDk2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImJ1aWxkZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwYmEzZTM1OS01NGMwLTExZTktYTMwZC0wMjVmYjU4NmQ0NGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6Y2ktb3AtNGNoZ3dzY3I6YnVpbGRlciJ9.Dj-vGq-ESY559jlHLlE0wE_Udw2fvcVyj7gK7_sydt4O0xONCCmemB7nePbz2AeVW_el8BHw8MiDpJ7hqg4ryfDvYkukCJhteYz1ob8uv84DqryGW0QH09PIG_3EtoWOSN8cGH_VxL02LNjxxTan1GcoozypZYRUuHT3ptPPcftDynPaGSPhnSjtvy3UKjIszPt5XkJydPHn0XCJpPBjHryKFfFMmRikftjXrYCUokbxozjElqPLqmvegwGiVM2c92KNBFFFpL1Y-pvObftIogKa2qnGwnbV7M5l1xg_7p9xKlOeLE-NLgSSsCYnI9jaNw87mQa80bA9hPDwhAj0Zw", Email:"serviceaccount", ServerAddress:"image-registry.openshift-image-registry.svc:5000"}




Expected results:
should not be dumping the docker auth block.

Comment 3 wewang 2019-04-12 08:11:47 UTC

Runned a build and check the log, no issue now
Verified in
4.0.0-0.ci-2019-04-11-185255
payload:
registry.svc.ci.openshift.org/ocp/release@sha256:fdeeee0c19bd7b5873744dacf5859ac8adf0850961b7a449db839068f5ce7aef

Comment 5 errata-xmlrpc 2019-06-04 10:46:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758

Note You need to log in before you can comment on or make changes to this bug.