-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Separate secrets in openshift.json #4763
Comments
@tkmonson thanks for making pull request #4809 I moved this issue to code review at https://waffle.io/IQSS/dataverse |
@tkmonson hi! We discussed this issue and pull request #4809 at standup this morning. It looks like @danmcp asked you to update |
@tkmonson thanks for adding those doc changes. I move this issue to QA. |
Oh, while doing QA we should bear in mind that @pameyer noted at #4809 (comment) that Solr wasn't working for him:
|
Pull request #4809 was merged prematurely and the change was backed out from the "develop" branch with pull request #4820. New pull request #4827 was just made and contains the same commit I approved for QA in the old pull request so I'm moving this issue to QA. @tkmonson if you could write a bit here about how to test, it would be much appreciated. |
I wrote some pointers in containers.rst, but I'll paste the code here. You can log in to psql from the command line of the Glassfish pod using environment variables as parameters like so:
This is the command for a regular user. For the admin user, the username is The secret information is now hidden within the code, but within the Glassfish pod it is still readable via echoing the environment variables. This could be a problem, depending on how susceptible the pod is to attack. If it is not secure enough as is, the secret information could be stored in the environment as a cryptographic hash instead. |
@tkmonson thanks! I often do the same, adding the new information to the guides. |
openshift.json today uses hardcoded values for usernames and passwords. Ex:
https://github.com/IQSS/dataverse/blob/develop/conf/openshift/openshift.json#L182
This is obviously a bad security practice. OpenShift templates have the ability to generate values. Ex:
https://github.com/openshift/origin/blob/master/examples/sample-app/application-template-dockerbuild.json#L20
https://github.com/openshift/origin/blob/master/examples/sample-app/application-template-dockerbuild.json#L417
That's the easy part. What is also necessary is to make the usernames/passwords and other secret information configurable to be passed (through the secrets) to the install script(s).
The text was updated successfully, but these errors were encountered: