Bug 2099991 - pass the "--quiet" option via the buildconfig for s2i
Summary: pass the "--quiet" option via the buildconfig for s2i
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 4.7
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: 4.12.0
Assignee: Corey Daley
QA Contact: Jitendar Singh
URL:
Whiteboard:
Depends On:
Blocks: 2118375
TreeView+ depends on / blocked
 
Reported: 2022-06-22 06:52 UTC by taxu
Modified: 2023-01-17 19:50 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
* By default, Buildah prints steps to the log file, including the contents of environment variables, which might include xref:../cicd/builds/creating-build-inputs.adoc#builds-input-secrets-configmaps_creating-build-inputs[build input secrets]. Although you can use the `--quiet` build argument to suppress printing of those environment variables, this argument isn't available if you use the source-to-image (S2I) build strategy. The current release fixes this issue. To suppress printing of environment variables, set the `BUILDAH_QUIET` environment variable in your build configuration: + [source,yaml] ---- sourceStrategy: ... env: - name: "BUILDAH_QUIET" value: "true" ----
Clone Of:
Environment:
Last Closed: 2023-01-17 19:50:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift builder pull 303 0 None Merged Bug 2099991: Add support for BUILDAH_QUIET environment variable 2022-07-14 06:41:01 UTC
Red Hat Issue Tracker OCPBUGS-205 0 None None None 2022-09-12 10:12:48 UTC
Red Hat Product Errata RHSA-2022:7399 0 None None None 2023-01-17 19:50:25 UTC

Description taxu 2022-06-22 06:52:37 UTC 
Description of problem:
Previously we had a bug opened for "Reduce buildah log level for default build log level [NEEDINFO]":

https://bugzilla.redhat.com/show_bug.cgi?id=1996883

We suggested customer using secrets, however, customer confirmed that they are using secrets as per:
https://docs.openshift.com/container-platform/4.8/cicd/builds/creating-build-inputs.html#builds-input-secrets-configmaps_creating-build-inputs

But not able to use "--quiet" build argument since they are using openshift s2i config:

strategy:
    type: Source
    sourceStrategy:
      from:
        kind: ImageStreamTag
        namespace: xxxxxxx
        name: 's2i-xxxxxx-xxxxxxx:v1.0.0'


Actual results:
Under this setting, the secret as well as every other openshift secret are printed.


Expected results:
Sensitive information (ENV) should not appear in build logs


Additional info:
Maybe pass the --quiet option via the buildconfig fir s2i?
Comment 1 taxu 2022-07-01 03:42:46 UTC 
Hi Build team,

I see that the target release for this bug is 4.11.0

Please let us know where to add the LOG_LEVEL for s2i and/or passing "--quiet" options once the fix is deployed.

Kind regards,

Tao Xu
Comment 5 Jitendar Singh 2022-07-27 04:48:18 UTC 
verified
Comment 17 errata-xmlrpc 2023-01-17 19:50:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399
Note You need to log in before you can comment on or make changes to this bug.