Project

General

Profile

Actions

action #166439

closed

openQA Project (public) - coordination #105624: [saga][epic] Reconsider how openQA handles secrets

action #160334: [qe-core] Add CI/CD check to avoid uses of nots3cr3t or other hardcoded password in pull requests

[qe-core] Remove hardcode password on the data directory

Added by tinawang123 4 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Refactor/Code Improvements
Start date:
2024-09-06
Due date:
% Done:

0%

Estimated time:
Difficulty:
Sprint:
QE-Core: November Sprint 24 (Nov 06 - Dec 04)

Description

Motivation
In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments"
This will not stop somebody from adding a different password though, so we need to think a bit before working on this, however we can start with using it on the data directory first.
So we need remove password on data directory first.


Related issues 1 (0 open1 closed)

Related to qe-yam - action #168853: Remove hardcode password for first user and the root passwords in Agama unattended jsonnet profilesResolvedleli2024-10-24

Actions
Actions #1

Updated by szarate 2 months ago

  • Tags set to qe-core-october-sprint
  • Status changed from New to Workable
Actions #2

Updated by tinawang123 2 months ago

  • Status changed from Workable to In Progress
  • Assignee set to tinawang123
Actions #3

Updated by JERiveraMoya about 2 months ago

  • Related to action #168853: Remove hardcode password for first user and the root passwords in Agama unattended jsonnet profiles added
Actions #6

Updated by szarate about 2 months ago

  • Sprint set to QE-Core: November Sprint 24 (Nov 06 - Dec 04)
  • Tags changed from qe-core-october-sprint to qe-core-october-sprint, qe-core-november-sprint
  • Category set to Refactor/Code Improvements

I think this has already been merged

Actions #7

Updated by tinawang123 about 1 month ago

  • Status changed from In Progress to Resolved

Only those files have passwords:
data/wsl/Autounattend_BIOS.xml:
data/wsl/Autounattend_UEFI.xml:
data/yam/agama/auto/leap16.json:
data/yam/agama/auto/leap16.json:
data/yam/agama/auto/leap16.sh
data/yam/agama/auto/leap16.sh
data/yam/agama/auto/default_tumbleweed.sh:
data/yam/agama/auto/default_tumbleweed.sh
data/yam/agama/auto/alp_tumbleweed.jsonnet:

data/yam/agama/auto/alp_tumbleweed.jsonnet:

data/yam/agama/auto/default_tumbleweed.json:

data/yam/agama/auto/default_tumbleweed.json:

data/yam/agama/auto/default_leap.json:

data/yam/agama/auto/default_leap.json:

data/yam/agama/auto/default_sle.json:

data/yam/agama/auto/default_sle.json:

data/yam/agama/auto/gnome_tumbleweed.json:

data/yam/agama/auto/gnome_tumbleweed.json:

data/yam/agama/auto/gnome_leap.json:

data/yam/agama/auto/gnome_leap.json:

Others have removed hardcode password. Have opened related ticket.

Actions

Also available in: Atom PDF