Project

General

Profile

Actions

action #111314

open

_SECRET_ variables are exposed in vars.json when the job is not completed

Added by jlausuch over 2 years ago. Updated almost 2 years ago.

Status:
Workable
Priority:
High
Assignee:
-
Category:
Feature requests
Target version:
Start date:
2022-05-19
Due date:
% Done:

0%

Estimated time:

Description

Some workers contain sensitive information using _SECRET variables. Those variables are hidden in the settings tab and in vars.json, as expected.
However, if you restart or clone a job and cancel it while it's running, those variables are exposed in vars.json

NOTE: I don't want to provide links as I might give too many hints for a public place.


Files

vars.png (12.3 KB) vars.png jlausuch, 2022-05-19 11:02
secret.png (36.1 KB) secret.png ph03nix, 2023-03-02 15:06

Related issues 1 (0 open1 closed)

Related to openQA Project (public) - action #110518: Call job_done_hooks if requested by test setting (not only openQA config as done so far) size:MResolvedmkittler2021-09-18

Actions
Actions #1

Updated by livdywan over 2 years ago

We may want to consider #110518 here and have a hook that verifies that no passwords were stored in production with an according hook on all jobs.

Actions #2

Updated by livdywan over 2 years ago

  • Related to action #110518: Call job_done_hooks if requested by test setting (not only openQA config as done so far) size:M added
Actions #3

Updated by okurz over 2 years ago

  • Project changed from openQA Tests (public) to openQA Project (public)
  • Category set to Feature requests
  • Target version set to future

@jlausuch this is not really a problem of tests but os-autoinst so this ticket is better suited in "openQA Project", moving. But, are your plans to look into this yourself? I am putting into "future" because I don't see the feature request currently on our backlog but for now I am keeping "High" prio which means that there must be action on the ticket within the next 30 days. If not likely I will lower prio until then.

Actions #4

Updated by jlausuch over 2 years ago

okurz wrote:

@jlausuch this is not really a problem of tests but os-autoinst so this ticket is better suited in "openQA Project", moving. But, are your plans to look into this yourself? I am putting into "future" because I don't see the feature request currently on our backlog but for now I am keeping "High" prio which means that there must be action on the ticket within the next 30 days. If not likely I will lower prio until then.

No plans to work on this during the next days at least. I consider this as a bug, not as a new feature request.

Actions #5

Updated by okurz over 2 years ago

jlausuch wrote:

No plans to work on this during the next days at least. I consider this as a bug, not as a new feature request.

We don't want to argue what people see as "bug". We only distinguish between "regressions" and "feature requests". "regressions" means we should look into the git history where we broke something and learn how that could have happened. based on what mkittler stated I believe that we never had the wished behaviour in place, hence we see it as a "feature request".

Actions #6

Updated by jlausuch over 2 years ago

okurz wrote:

jlausuch wrote:

No plans to work on this during the next days at least. I consider this as a bug, not as a new feature request.

We don't want to argue what people see as "bug". We only distinguish between "regressions" and "feature requests". "regressions" means we should look into the git history where we broke something and learn how that could have happened. based on what mkittler stated I believe that we never had the wished behaviour in place, hence we see it as a "feature request".

You depict it as A or B, Black or White, but it's not that simple. This is not a regression because it has been probably always like this and I found it by chance. But this doesn't mean it's a feature either. Exposing a secret in the log is a serious product/tool bug, no matter if it's a regression or not.

Actions #7

Updated by okurz over 2 years ago

Jose, seriously, don't waste your effort. If we categorize something as feature request or concrete bug shouldn't really matter that much. If I would select "Concrete Bugs" now then this would just confuse members of the SUSE QE Tools team as they would look for the git commit that broke something which does not exist. And it already happened in the past that comments like these discussing how the ticket should be handled confused people or made them shy away from actually looking into just fixing the issue.

Actions #8

Updated by livdywan over 2 years ago

okurz wrote:

Jose, seriously, don't waste your effort. If we categorize something as feature request or concrete bug shouldn't really matter that much. If I would select "Concrete Bugs" now then this would just confuse members of the SUSE QE Tools team as they would look for the git commit that broke something which does not exist. And it already happened in the past that comments like these discussing how the ticket should be handled confused people or made them shy away from actually looking into just fixing the issue.

I didn't read José as asking about ticket categories. But this was a requirement from the original feature request. This is was always expected to work but never sufficiently tested.

And I agree with that point. It's not a new idea that we only thought of now.

Actions #9

Updated by okurz almost 2 years ago

  • Subject changed from _SECRET_ variables are exposed in vars.json when the job is not completed. to _SECRET_ variables are exposed in vars.json when the job is not completed
Actions #10

Updated by ph03nix almost 2 years ago

I'm having now the same issue with some exposed secrets from the Active Directory domain. A solution would be highly appreciated - the ticket is already rather old.

Actions #11

Updated by ph03nix almost 2 years ago

In addition, I'm wondering why the _SECRET variables show up in settings, even when a job is cloned and the variable is added there e.g. https://duck-norris.qe.suse.de/tests/12292#settings

This is clearly not the intention of _SECRET variables but I'm not sure if this was ever intended to be implemented.

Actions

Also available in: Atom PDF