Bug 2096327
| Summary: | [RFE] To be able to return the bmc password as part of the interface api when enabling it via the settings. | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Kobi Hakimi <khakimi> |
| Component: | API | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | CLOSED WONTFIX | QA Contact: | Satellite QE Team <sat-qe-bz-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.10.1 | CC: | apatel, aruzicka |
| Target Milestone: | Unspecified | Keywords: | FutureFeature |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-09-01 21:00:04 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
> To be able to return the bmc password as part of the interface api What is the use case for this? > To be able to get the password in special cases when we add in the setting a special flag that allows it. So there would be a setting that would enable or disable this globally? Hi Adam, please read my answers inline: (In reply to Adam Ruzicka from comment #1) > > To be able to return the bmc password as part of the interface api > > What is the use case for this? In the previous Foreman version, we used the API to get the BMC interface details including the password and run cli operations on the host(reboot, power down/up) currently, we use another automation infrastructure to get the bmc password. so if no one else asked for it you can ignore this request. > > > To be able to get the password in special cases when we add in the setting a special flag that allows it. > > So there would be a setting that would enable or disable this globally? It could be global but to reduce the risk maybe it would be better to do it per host. Thanks in advance, Kobi Upon review of our valid but aging backlog the Satellite Team has concluded that this Bugzilla does not meet the criteria for a resolution in the near term, and are planning to close in a month. This message may be a repeat of a previous update and the bug is again being considered to be closed. If you have any concerns about this, please contact your Red Hat Account team. Thank you. Thank you for your interest in Red Hat Satellite. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this feel free to contact your Red Hat Account Team. Thank you. |
Description of problem: RFE: To be able to return the bmc password as part of the interface api when enabling it via the settings. Version-Release number of selected component (if applicable): Red Hat Satellite (build: 6.10.1.1) Version 6.10 © 2022 Red Hat Inc. How reproducible: 100% Steps to Reproduce: 1. Run the api request /api/hosts/<host_id_name>/interfaces Actual results: return json with all interfaces. but the bmc interface is without the password. something like: {..."type":"bmc","execution":false,"username":"root","provider":"IPMI",...} Expected results: To be able to get the password in special cases when we add in the setting a special flag that allows it. Additional info: In the previous versions the password field was exposed as clear text by default until the following CVE: https://github.com/advisories/GHSA-7h9m-xcfj-p257 Thanks to orabin who helped me with this issue.