Bug 1694861 - build log output includes credentials
Summary: build log output includes credentials
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.1.0
Assignee: Alexey Gladkov
QA Contact: wewang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-04-01 21:21 UTC by Ben Parees
Modified: 2019-06-04 10:46 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: One of the log messages included a dump of the structure that contained the credentials. Consequence: credentials are visible in the log. Fix: Don't dump whole structure. Result: credentials are not visible in the log.
Clone Of:
Environment:
Last Closed: 2019-06-04 10:46:44 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 None None None 2019-06-04 10:46:53 UTC

Description Ben Parees 2019-04-01 21:21:07 UTC
Description of problem:
Build log output shows docker credentials being used


How reproducible:
always


Steps to Reproduce:
1. run a build
2. look at the build output

Actual results:
build output includes docker creds:

Setting authentication for registry "image-registry.openshift-image-registry.svc:5000" using docker.AuthConfiguration{Username:"serviceaccount", Password:"eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJjaS1vcC00Y2hnd3NjciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJidWlsZGVyLXRva2VuLWIyeDk2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImJ1aWxkZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwYmEzZTM1OS01NGMwLTExZTktYTMwZC0wMjVmYjU4NmQ0NGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6Y2ktb3AtNGNoZ3dzY3I6YnVpbGRlciJ9.Dj-vGq-ESY559jlHLlE0wE_Udw2fvcVyj7gK7_sydt4O0xONCCmemB7nePbz2AeVW_el8BHw8MiDpJ7hqg4ryfDvYkukCJhteYz1ob8uv84DqryGW0QH09PIG_3EtoWOSN8cGH_VxL02LNjxxTan1GcoozypZYRUuHT3ptPPcftDynPaGSPhnSjtvy3UKjIszPt5XkJydPHn0XCJpPBjHryKFfFMmRikftjXrYCUokbxozjElqPLqmvegwGiVM2c92KNBFFFpL1Y-pvObftIogKa2qnGwnbV7M5l1xg_7p9xKlOeLE-NLgSSsCYnI9jaNw87mQa80bA9hPDwhAj0Zw", Email:"serviceaccount@example.org", ServerAddress:"image-registry.openshift-image-registry.svc:5000"}




Expected results:
should not be dumping the docker auth block.

Comment 3 wewang 2019-04-12 08:11:47 UTC
Runned a build and check the log, no issue now
Verified in
4.0.0-0.ci-2019-04-11-185255
payload:
registry.svc.ci.openshift.org/ocp/release@sha256:fdeeee0c19bd7b5873744dacf5859ac8adf0850961b7a449db839068f5ce7aef

Comment 5 errata-xmlrpc 2019-06-04 10:46:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758


Note You need to log in before you can comment on or make changes to this bug.