brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aled Sage (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (BROOKLYN-405) Passwords in environment variables logged by brooklyn.SSH debug
Date Tue, 06 Dec 2016 11:55:59 GMT

     [ https://issues.apache.org/jira/browse/BROOKLYN-405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aled Sage resolved BROOKLYN-405.
--------------------------------
       Resolution: Fixed
         Assignee: Aled Sage
    Fix Version/s: 0.10.0

> Passwords in environment variables logged by brooklyn.SSH debug
> ---------------------------------------------------------------
>
>                 Key: BROOKLYN-405
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-405
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Aled Sage
>            Assignee: Aled Sage
>             Fix For: 0.10.0
>
>
> In Brooklyn 0.10.0-SNAPSHOT
> Passwords that are set in {{shell.env}} (and thus passed into {{check-running}} etc)
are being logged in plain-text.
> Admittedly I'm not using an external credential store, but I suspect that even if I was
then this would still happen.
> We should be calling {{Sanitizer.sanitize(env)}} for our logging.
> {noformat}
> 2016-11-30 11:25:43,520 DEBUG 117 b.SSH [ger-Lh7ezXs6-213] check-running VanillaSoftwareProcessImpl{id=enztuvtelc},
initiating ssh on machine SshMachineLocation[10.104.0.67:amp@10.104.0.67/10.104.0.67:22(id=l409fq0xsa)]
(env {ADMIN_PASSWORD=GoXcLbqo6Oxg, DB_USER=micro-user, ADMIN_USER=admin, DB_UR
> L=mysql://10.104.0.68:3306/, DB_PASSWORD=tZdPPP9tBSfRTrt, HOST_ADDRESS=10.104.0.67, PID_FILE=/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc/pid.txt}):
#!/bin/bash -e
>  ; export INSTALL_DIR="/home/users/amp/brooklyn-managed-processes/installs/VanillaSoftwareProcess_0.0.0_bFlJaB"
; export RUN_DIR="/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc"
; mkdir -p $RUN_DIR ; cd $RUN_DIR ; counter=`wget -T 15 -q -O- ${
> HOST_ADDRESS}:8080/health --http-user=${ADMIN_USER} --http-password=${ADMIN_PASSWORD}
| grep -c "status.:.UP"`
> if [ $counter -eq 0 ]; then 
>   exit 1;
> fi
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message