2028268 – Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings

Bug 2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings

Summary: Password parameters are listed in FirmwareSchema in spite that cannot and sho...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Bare Metal Hardware Provisioning
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.10.0
Assignee:	Bob Fournier
QA Contact:	Lubov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-12-01 20:42 UTC by Lubov
Modified:	2022-03-10 16:31 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-10 16:31:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Dell FirmwareSchema (65.43 KB, text/plain) 2021-12-01 20:42 UTC, Lubov	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	metal3-io baremetal-operator pull 1050	0	None	open	Remove BIOS config password related settings from schema	2021-12-11 15:05:22 UTC
Red Hat Product Errata	RHSA-2022:0056	0	None	None	None	2022-03-10 16:31:55 UTC

Description Lubov 2021-12-01 20:42:47 UTC

Created attachment 1844401 [details]
Dell FirmwareSchema

Description of problem:
According to requirements the values of Password AttributeType should not be stored in the status section and they should not be allowed to be set via the spec section.

In FirmwareSchema they are listed as read-only: false (e.g. for Dell 'SHA256SystemPasswordSalt', 'SetupPassword', 'SHA256SetupPassword', 'SHA256SetupPasswordSalt', 'SysPassword', 'PasswordStatus', 'SHA256SystemPassword' are listed in schema).

It's very confusing and can give an impression that this parameters are settable via HostFirmwareSettings CRDs

I'd recommend to remove them from schema as well

Comment 1 Bob Fournier 2021-12-01 20:53:06 UTC

Yeah, that's a good point, we can take the password fields out of the schema too.

Comment 2 Bob Fournier 2021-12-18 14:10:16 UTC

Fix has merged downstream on 12/17. Just waiting for a new 4.10 build

Comment 4 Lubov 2021-12-28 10:02:21 UTC

verified on 4.10.0-0.nightly-2021-12-23-153012 on HPE setup

Comment 7 errata-xmlrpc 2022-03-10 16:31:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.