Hide Forgot
Noticed in /var/log/imagefactory.log that my ec2 credentials are printed out and visible. In the past on the conductor frontend logs, we have prevented printing the actual values of the access id and the secret access id fields, we should probably do that here as well. See https://bugzilla.redhat.com/show_bug.cgi?id=699883#c3, I didn't notice and accidentally posted my credentials.
need status on this
I have removed all printing of credentials in the log messages within the Fedora builder (which is also used for RHEL builds). I have replaced them with generic references to "access_key" or "secret_key". This is pushed and available as the 0.2.3 interim release here: http://repos.fedorapeople.org/repos/aeolus/image-factory/0.2.3/
i see the ec2 credentials still printing to imagefactory.log while building image Except for secret key all other things are printed : Accesskey , account number , private key, cert key .
I've changed the debug statement for QMF method calls to redact the credentials. You'll see something like the following now: args = {'credentials': '*** REDACTED ***', 'image': '99b93b28-f50a-442d-9845-a02044bc23b5', 'build': '6e7db8a4-0932-4b54-98eb-db98b9f2506f', 'providers': ['mock-provider1']} I'm prepared to push this out as 0.2.4 unless there are other items from comment 3 above that need action.
(In reply to comment #4) > I've changed the debug statement for QMF method calls to redact the > credentials. You'll see something like the following now: > > args = {'credentials': '*** REDACTED ***', 'image': > '99b93b28-f50a-442d-9845-a02044bc23b5', 'build': > '6e7db8a4-0932-4b54-98eb-db98b9f2506f', 'providers': ['mock-provider1']} > > I'm prepared to push this out as 0.2.4 unless there are other items from > comment 3 above that need action. This will actually go out in 0.3.0 this weekend.
rpm -q imagefactory before testing
removing from tracker
[root@dell-pe1950-01 ~]# rpm -qa | grep imagefactory imagefactory-0.2.3-1.el6.noarch ec2 credentials still printing to imagefactory.log while pushing image. [root@dell-pe1950-01 ~]# rpm -qa | grep aeolus aeolus-conductor-0.3.0-0.el6.20110712223242git096643e.noarch rubygem-aeolus-cli-0.0.1-1.el6.20110711131044git5bc7abf.noarch aeolus-conductor-daemons-0.3.0-0.el6.20110712223242git096643e.noarch aeolus-configure-2.0.1-0.el6.20110712153243gite2c11da.noarch aeolus-all-0.3.0-0.el6.20110712223242git096643e.noarch aeolus-conductor-doc-0.3.0-0.el6.20110712223242git096643e.noarch From comment 5,0.2.4 is yet to come.
2011-07-14 14:30:43,443 DEBUG imagefactory.builders.BaseBuilder.FedoraBuilder pid(18031) Message: Executing register command: euca-register -U http://ec2.us-west-1.amazonaws.com/ -A "access_key" -S "secret_key" imagefactory-ec2-us-west-1-6735-0069-5950/23beb33b-fe68-443c-9f68-eb47b16cf313.manifest.xml fixed in [root@hp-z200-06 ~]# rpm -qa | grep aeolus aeolus-configure-2.0.1-0.el6.20110712153243gite2c11da.noarch aeolus-conductor-doc-0.3.0-0.el6.20110712223242git096643e.noarch aeolus-conductor-daemons-0.3.0-0.el6.20110712223242git096643e.noarch aeolus-all-0.3.0-0.el6.20110712223242git096643e.noarch rubygem-aeolus-cli-0.0.1-1.el6.20110712223242git096643e.noarch aeolus-conductor-0.3.0-0.el6.20110712223242git096643e.noarch [root@hp-z200-06 ~]#
release pending...
perm close