action #160334: [qe-core] Add CI/CD check to avoid uses of nots3cr3t or other hardcoded password in pull requests - openQA Tests - openSUSE Project Management Tool

Custom queries

All open Feature tests
openQA Infrastructure Project
openqa-review - Closed tickets last updated by openqa-review, last 30 days
QA roadmap long-term
QA SLE functional
QA SLE Functional - closed in last 14 days
QA SLE Functional - High, need to be refined
QA SLE Functional - over cycle time median
QA SLE u
QA SLE y
QA tools (tag not necessary in openQA and subprojects)
QA tools tag (tag not necessary in openQA and subprojects; excluding tickets in "Ready" version as they are already on the backlog)
QAC - Backlog
QAM
QE tools team - backlog (dev)
QE tools team - backlog (ready issues)
QE tools team - backlog SLA high
QE tools team - backlog SLA immediate
QE tools team - backlog SLA no immediate/urgent in feedback/blocked
QE tools team - backlog SLA normal
QE tools team - backlog SLA urgent
QE tools team - backlog SLO high
QE tools team - backlog SLO normal
QE tools team - backlog SLO urgent
QE tools team - backlog, high-level view (epics and higher)
QE tools team - backlog, non-reactive work, needs parent
QE tools team - backlog, top-level view (all sagas)
QE tools team - closed within last 14 days
QE tools team - closed within last 60 days
QE tools team - closed yesterday
QE Tools Team - Collaborative Session
QE tools team - due date forecast
QE tools team - exceeding due-date
QE tools team - infrastructure backlog
QE tools team - next - sorted by update time
QE tools team - next issues
QE tools team - non-estimated (unblocked) issues (dev)
QE tools team - non-estimated (unblocked) issues (infra)
QE tools team - ready issues - Workable
QE tools team - ready, not assigned/blocked/low
QE tools team - SLO high forecast
QE tools team - update forecast
QE tools team - updated by priority
QE tools team - what members of the team are working on - Feedback (not-low)
QE Tools Team Backlog By Assignee
SLE15 Migration Open Tickets
SLE15 SP1 Migration Open Tickets
SLE15SP3 Migration open ticket
SLE15SP3 Security open ticket
Tools Team Retrospective
Tools Team Retrospective (not estimated or assigned)

Actions

Copy link

action #160334

open

openQA Project - coordination #105624: [saga][epic] Reconsider how openQA handles secrets

[qe-core] Add CI/CD check to avoid uses of nots3cr3t or other hardcoded password in pull requests

Added by szarate 6 months ago. Updated 9 days ago.

Status:

Blocked

Priority:

Normal

Assignee:

tinawang123

Category:

Infrastructure

Target version:

QA - QE-Core: Ready

Start date:

2024-09-06

Due date:

% Done:

100%

Estimated time:

(Total: 0.00 h)

Difficulty:

Sprint:

QE-Core: November Sprint 24 (Nov 06 - Dec 04)

Tags:

security, password, qe-core-may-sprint, qe-core-august-sprint

Description

Motivation¶

In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments"

This will not stop somebody from adding a different password though, so we need to think a bit before working on this, however we can start with using it on the data directory first.

Subtasks 1 (0 open — 1 closed)

action #166439: [qe-core] Remove hardcode password on the data directory

Resolved

tinawang123

2024-09-06

Actions

Related issues 2 (1 open — 1 closed)

Related to openQA Tests - coordination #96596: [qe-core][CI] CI/CD and Coding style improvements

Blocked

szarate

2019-12-11

Actions

Related to openQA Tests - action #160325: [qe-core] Use templating system in autoyast profiles to use testapi::$password instead of nots3cr3t

Resolved

rfan1

2024-05-14

Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by szarate 6 months ago

Related to coordination #96596: [qe-core][CI] CI/CD and Coding style improvements added

Actions

Copy link

Updated by szarate 6 months ago

Related to action #160325: [qe-core] Use templating system in autoyast profiles to use testapi::$password instead of nots3cr3t added

Actions

Copy link

Updated by szarate 6 months ago

Sprint set to QE-Core: May Sprint 25 (May 07 - Jun 04)

Actions

Copy link

Updated by szarate 6 months ago

Status changed from New to In Progress

Actions

Copy link

Updated by szarate 6 months ago

Status changed from In Progress to Workable

Actions

Copy link

Updated by szarate 6 months ago

Priority changed from Normal to Low

Actions

Copy link

Updated by szarate 3 months ago

Sprint changed from QE-Core: May Sprint 24 (May 07 - Jun 04) to QE-Core: August Sprint 24 (Aug 14 - Aug 28)

Actions

Copy link

Updated by tinawang123 3 months ago

Status changed from Workable to In Progress
Assignee set to tinawang123

Actions

Copy link

Updated by szarate 3 months ago

Sprint changed from QE-Core: August Sprint 24 (Aug 14 - Aug 28) to QE-Core: September Sprint 24 (Sep 05 - Oct 03)

Actions

Copy link

#10

Updated by tinawang123 3 months ago

PR: https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/20118

Actions

Copy link

#11

Updated by tinawang123 3 months ago

Subtask #166439 added

Actions

Copy link

#12

Updated by tinawang123 3 months ago

Status changed from In Progress to Blocked

Need remove passwords on data folder first.
Blocked by ticket: https://progress.opensuse.org/issues/166439

Actions

Copy link

#14

Updated by JERiveraMoya 14 days ago

Please don't forget to provide a way to disable the check in the CI for some specific folder for example, so testing for agama will not be stopped, at the moment there is no way to set encrypted password in profiles: https://progress.opensuse.org/issues/168853 is work in progress:

Actions

Copy link

#15

Updated by szarate 14 days ago

Sprint changed from QE-Core: September Sprint 24 (Sep 05 - Oct 03) to QE-Core: November Sprint 24 (Nov 06 - Dec 04)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

QA » openQA Project » openQA Tests

Tags

Custom queries

action #160334

[qe-core] Add CI/CD check to avoid uses of nots3cr3t or other hardcoded password in pull requests

Motivation¶

Updated by szarate 6 months ago

Updated by szarate 6 months ago

Updated by szarate 6 months ago

Updated by szarate 6 months ago

Updated by szarate 6 months ago

Updated by szarate 6 months ago

Updated by szarate 3 months ago

Updated by tinawang123 3 months ago

Updated by szarate 3 months ago

Updated by tinawang123 3 months ago

Updated by tinawang123 3 months ago

Updated by tinawang123 3 months ago

Updated by JERiveraMoya 14 days ago

Updated by szarate 14 days ago