Kayobe output can leak sensitive information

Bug #2087938 reported by Pierre Riteau
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kayobe
New
Undecided
Unassigned
Antelope
New
Undecided
Unassigned
Bobcat
New
Undecided
Unassigned
Caracal
New
Undecided
Unassigned
Dalmatian
New
Undecided
Unassigned

Bug Description

Due to the way Ansible is used by Kayobe, sensitive information such as credentials can sometimes be included in the Kayobe output, either during successful operation or when handling failed tasks.

This is generally not a problem for operators using Kayobe directly, but could be an issue if Kayobe access is granted to less trusted users through CI/CD for example.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to kayobe (master)

Reviewed: https://review.opendev.org/c/openstack/kayobe/+/933761
Committed: https://opendev.org/openstack/kayobe/commit/a36bb614c092c147da11c20334dff6839d3c29b2
Submitter: "Zuul (22348)"
Branch: master

commit a36bb614c092c147da11c20334dff6839d3c29b2
Author: Jake Hutchinson <email address hidden>
Date: Wed Oct 30 16:34:29 2024 +0000

    Add loop control to custom DNF repos

    This avoids leaking repository credentials by suppressing the dict
    output to only print the key.

    Change-Id: Ic7aa0e4c4f625908aeb30de65edac8bce96af761
    Related-Bug: #2087938

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.