Fix/jenkins credentials #1029
Fix/jenkins credentials #1029
Conversation
| Puppet.debug("#{sname} stdin:\n#{input}") | ||
| # This Puppet.debug shows the JSON with changed credentials in plain text. | ||
| # ToDo: Remove this debug output OR mask the credentials | ||
| # Puppet.debug("#{sname} stdin:\n#{input}") |
There was a problem hiding this comment.
If this contains credentials, you should note that it's written to a file just below and there's a chmod 644 rescue block, which makes those credentials world readable.
It looks like that is designed for the case where the jenkins user is not yet available. I wonder if that workaround should be removed and instead hard fail.
It should also be noted that there's no way to ensure the file really is removed. If execute_with_retry raises an exception it's not removed. That means in some cases the credentials could remain world readable until $TMPDIR is cleaned.
There was a problem hiding this comment.
At least this would stay on the server and not be shipped off to something like The Foreman where many more can see the credentials.
|
Hello, I'm not a fan of this solution, that places a lot of code in the provider to fix a issue that there's already a solution for it. If, for some reason, the module doesn't support Sensitive data types that's something that needs to be added instead of using workarounds. |
|
We looked into solving this via the sensitive datatype. Because of the multiple implementation types and the many different credentials we use in Jenkins this is very impractical. This 'solution' is works for everyone & always, also for people who forget about or don't know the sensitive data type. I understand your objection and would agree if this was just 1 password. Regards, Stefan Goethals. |
|
@zipkid you can use regexp in the |
|
@kenyon We have tried, believe me. The problem is that sensitive does not work in hiera on members of a hash. |
Pull Request (PR) description
When updating credentials or using the puppet debug flag credentials leak to the puppet log.
This PR is an attempt to avoid this without requiring the user to apply the Sensitive data type to all parameters.