-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Outputs from linch-pin need better sanitization #79
Comments
#141 fixes the issue . |
The following is the output of provisioning 1 instance on each of the cloud providers. We can observe the credentials are ommited in the output. |
Can you put the output directly into the issue? The internal pastebin expires, plus is not viewable externally. Also, what about the outputs from ansible itself? I'm more concerned about that data as it generally appears on the screen during demonstrations and the like. |
@samvarankashyap see comment above |
output is as follows : {
"os_keypair_res": [],
"duffy_res": [],
"aws_ec2_res": [{
"instances": [{
"kernel": null,
"root_device_type": "ebs",
"private_dns_name": "ip-172-31-16-92.ec2.internal",
"public_ip": "54.221.13.75",
"private_ip": "172.31.16.92",
"id": "i-0b2b0f9ed294d8f08",
"ebs_optimized": false,
"state": "running",
"virtualization_type": "hvm",
"architecture": "x86_64",
"ramdisk": null,
"block_device_mapping": {
"/dev/sda1": {
"status": "attached",
"delete_on_termination": true,
"volume_id": "vol-0c1dd104ceae50102"
}
},
"key_name": "sk_key",
"image_id": "ami-6edd3078",
"tenancy": "default",
"groups": {
"sg-69751e15": "default"
},
"public_dns_name": "ec2-54-221-13-75.compute-1.amazonaws.com",
"state_code": 16,
"tags": {
"resource_group_name": "testgroup1",
"test_var1": "test_var1 msg is grp1 hello",
"Name": "TestInstanceGroup1"
},
"placement": "us-east-1a",
"ami_launch_index": "0",
"dns_name": "ec2-54-221-13-75.compute-1.amazonaws.com",
"region": "us-east-1",
"launch_time": "2017-02-08T15:44:00.000Z",
"instance_type": "t2.micro",
"root_device_name": "/dev/sda1",
"hypervisor": "xen"
}],
"changed": true,
"tagged_instances": [],
"instance_ids": ["i-0b2b0f9ed294d8f08"]
}],
"os_server_res": [{
"openstack": [{
"vm_state": "active",
"OS-EXT-STS:task_state": null,
"addresses": {
"atomic-e2e-jenkins-test2": [{
"OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:8e:61:e1",
"version": 4,
"addr": "172.16.172.222",
"OS-EXT-IPS:type": "fixed"
}, {
"OS-EXT-IPS-MAC:mac_addr": "de:ad:be:ef:be:ef",
"version": 4,
"addr": "10.8.174.176",
"OS-EXT-IPS:type": "floating"
}],
"atomic-e2e-jenkins-test": [{
"OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:34:47:d4",
"version": 4,
"addr": "172.16.171.246",
"OS-EXT-IPS:type": "fixed"
}]
},
"terminated_at": null,
"image": {
"id": "e14d0aa8-17fb-45c3-b842-056d987acec9",
"name": "rhel-7.2-server-x86_64-released"
},
"OS-EXT-STS:vm_state": "active",
"OS-SRV-USG:launched_at": "2017-02-08T15:43:40.000000",
"flavor": {
"id": "2",
"name": "m1.small"
},
"az": "nova",
"networks": {
"atomic-e2e-jenkins-test2": ["172.16.172.222"],
"atomic-e2e-jenkins-test": ["172.16.171.246"]
},
"cloud": "defaults",
"has_config_drive": false,
"user_id": "6fdaef18f58e40bfb4d10f17a54554f3",
"disk_config": "MANUAL",
"OS-DCF:diskConfig": "MANUAL",
"id": "cb566441-5102-4379-b1e0-07e3365d1eb9",
"accessIPv4": "10.8.174.176",
"accessIPv6": "",
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": "nova",
"region_name": "",
"cloud": "defaults"
},
"power_state": 1,
"public_v4": "10.8.174.176",
"progress": 0,
"OS-EXT-STS:power_state": 1,
"OS-EXT-AZ:availability_zone": "nova",
"launched_at": "2017-02-08T15:43:40.000000",
"metadata": {},
"status": "ACTIVE",
"updated": "2017-02-08T15:43:41Z",
"hostId": "61c253831cad0b369b827d248c682857fb2bff1ba44e8fd3f760d2c2",
"OS-SRV-USG:terminated_at": null,
"key_name": "ci-factory",
"public_v6": "",
"request_ids": [],
"private_v4": "172.16.171.246",
"host_id": "61c253831cad0b369b827d248c682857fb2bff1ba44e8fd3f760d2c2",
"task_state": null,
"properties": {
"OS-EXT-STS:task_state": null,
"OS-SRV-USG:terminated_at": null,
"OS-DCF:diskConfig": "MANUAL",
"request_ids": [],
"os-extended-volumes:volumes_attached": [],
"OS-EXT-STS:vm_state": "active",
"OS-SRV-USG:launched_at": "2017-02-08T15:43:40.000000",
"OS-EXT-STS:power_state": 1,
"OS-EXT-AZ:availability_zone": "nova"
},
"security_groups": [{
"NAME_ATTR": "name",
"description": "Default security group",
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"human_id": null,
"security_group_rules": [{
"remote_group_id": null,
"direction": "ingress",
"protocol": null,
"ethertype": "IPv4",
"port_range_max": null,
"security_group_id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"tenant_id": "",
"port_range_min": null,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"properties": {
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
}
},
"remote_ip_prefix": null,
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
},
"project_id": "",
"id": "07d9e837-23b0-47d2-93ab-89a9d6f46b21"
}, {
"remote_group_id": null,
"direction": "ingress",
"protocol": null,
"ethertype": "IPv4",
"port_range_max": null,
"security_group_id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"tenant_id": "",
"port_range_min": null,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"properties": {
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
}
},
"remote_ip_prefix": null,
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
},
"project_id": "",
"id": "4f2cb431-90a5-46a0-bc57-b98a4ea7ca97"
}],
"request_ids": [],
"HUMAN_ID": false,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"project_id": "4ace8180769a42e7b7ef2d795c555002",
"properties": {
"request_ids": [],
"NAME_ATTR": "name",
"human_id": null,
"HUMAN_ID": false
},
"name": "default"
}, {
"NAME_ATTR": "name",
"description": "Default security group",
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"human_id": null,
"security_group_rules": [{
"remote_group_id": null,
"direction": "ingress",
"protocol": null,
"ethertype": "IPv4",
"port_range_max": null,
"security_group_id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"tenant_id": "",
"port_range_min": null,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"properties": {
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
}
},
"remote_ip_prefix": null,
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
},
"project_id": "",
"id": "07d9e837-23b0-47d2-93ab-89a9d6f46b21"
}, {
"remote_group_id": null,
"direction": "ingress",
"protocol": null,
"ethertype": "IPv4",
"port_range_max": null,
"security_group_id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"tenant_id": "",
"port_range_min": null,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"properties": {
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
}
},
"remote_ip_prefix": null,
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
},
"project_id": "",
"id": "4f2cb431-90a5-46a0-bc57-b98a4ea7ca97"
}],
"request_ids": [],
"HUMAN_ID": false,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"project_id": "4ace8180769a42e7b7ef2d795c555002",
"properties": {
"request_ids": [],
"NAME_ATTR": "name",
"human_id": null,
"HUMAN_ID": false
},
"name": "default"
}],
"interface_ip": "10.8.174.176",
"name": "testgroup2_ano_inst1",
"adminPass": "C9op26gKPzaG",
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"region": "",
"created": "2017-02-08T15:43:32Z",
"os-extended-volumes:volumes_attached": [],
"project_id": "4ace8180769a42e7b7ef2d795c555002",
"volumes": [],
"config_drive": ""
}],
"changed": true,
"ids": ["cb566441-5102-4379-b1e0-07e3365d1eb9"],
"servers": [{
"vm_state": "active",
"OS-EXT-STS:task_state": null,
"addresses": {
"atomic-e2e-jenkins-test2": [{
"OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:8e:61:e1",
"version": 4,
"addr": "172.16.172.222",
"OS-EXT-IPS:type": "fixed"
}, {
"OS-EXT-IPS-MAC:mac_addr": "de:ad:be:ef:be:ef",
"version": 4,
"addr": "10.8.174.176",
"OS-EXT-IPS:type": "floating"
}],
"atomic-e2e-jenkins-test": [{
"OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:34:47:d4",
"version": 4,
"addr": "172.16.171.246",
"OS-EXT-IPS:type": "fixed"
}]
},
"terminated_at": null,
"image": {
"id": "e14d0aa8-17fb-45c3-b842-056d987acec9",
"name": "rhel-7.2-server-x86_64-released"
},
"OS-EXT-STS:vm_state": "active",
"OS-SRV-USG:launched_at": "2017-02-08T15:43:40.000000",
"flavor": {
"id": "2",
"name": "m1.small"
},
"az": "nova",
"networks": {
"atomic-e2e-jenkins-test2": ["172.16.172.222"],
"atomic-e2e-jenkins-test": ["172.16.171.246"]
},
"cloud": "defaults",
"has_config_drive": false,
"user_id": "6fdaef18f58e40bfb4d10f17a54554f3",
"disk_config": "MANUAL",
"OS-DCF:diskConfig": "MANUAL",
"id": "cb566441-5102-4379-b1e0-07e3365d1eb9",
"accessIPv4": "10.8.174.176",
"accessIPv6": "",
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": "nova",
"region_name": "",
"cloud": "defaults"
},
"power_state": 1,
"public_v4": "10.8.174.176",
"progress": 0,
"OS-EXT-STS:power_state": 1,
"OS-EXT-AZ:availability_zone": "nova",
"launched_at": "2017-02-08T15:43:40.000000",
"metadata": {},
"status": "ACTIVE",
"updated": "2017-02-08T15:43:41Z",
"hostId": "61c253831cad0b369b827d248c682857fb2bff1ba44e8fd3f760d2c2",
"OS-SRV-USG:terminated_at": null,
"key_name": "ci-factory",
"public_v6": "",
"request_ids": [],
"private_v4": "172.16.171.246",
"host_id": "61c253831cad0b369b827d248c682857fb2bff1ba44e8fd3f760d2c2",
"task_state": null,
"properties": {
"OS-EXT-STS:task_state": null,
"OS-SRV-USG:terminated_at": null,
"OS-DCF:diskConfig": "MANUAL",
"request_ids": [],
"os-extended-volumes:volumes_attached": [],
"OS-EXT-STS:vm_state": "active",
"OS-SRV-USG:launched_at": "2017-02-08T15:43:40.000000",
"OS-EXT-STS:power_state": 1,
"OS-EXT-AZ:availability_zone": "nova"
},
"security_groups": [{
"NAME_ATTR": "name",
"description": "Default security group",
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"human_id": null,
"security_group_rules": [{
"remote_group_id": null,
"direction": "ingress",
"protocol": null,
"ethertype": "IPv4",
"port_range_max": null,
"security_group_id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"tenant_id": "",
"port_range_min": null,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"properties": {
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
}
},
"remote_ip_prefix": null,
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
},
"project_id": "",
"id": "07d9e837-23b0-47d2-93ab-89a9d6f46b21"
}, {
"remote_group_id": null,
"direction": "ingress",
"protocol": null,
"ethertype": "IPv4",
"port_range_max": null,
"security_group_id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"tenant_id": "",
"port_range_min": null,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"properties": {
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
}
},
"remote_ip_prefix": null,
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
},
"project_id": "",
"id": "4f2cb431-90a5-46a0-bc57-b98a4ea7ca97"
}],
"request_ids": [],
"HUMAN_ID": false,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"project_id": "4ace8180769a42e7b7ef2d795c555002",
"properties": {
"request_ids": [],
"NAME_ATTR": "name",
"human_id": null,
"HUMAN_ID": false
},
"name": "default"
}, {
"NAME_ATTR": "name",
"description": "Default security group",
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"human_id": null,
"security_group_rules": [{
"remote_group_id": null,
"direction": "ingress",
"protocol": null,
"ethertype": "IPv4",
"port_range_max": null,
"security_group_id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"tenant_id": "",
"port_range_min": null,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"properties": {
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
}
},
"remote_ip_prefix": null,
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
},
"project_id": "",
"id": "07d9e837-23b0-47d2-93ab-89a9d6f46b21"
}, {
"remote_group_id": null,
"direction": "ingress",
"protocol": null,
"ethertype": "IPv4",
"port_range_max": null,
"security_group_id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"tenant_id": "",
"port_range_min": null,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"properties": {
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
}
},
"remote_ip_prefix": null,
"group": {
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"name": "default"
},
"project_id": "",
"id": "4f2cb431-90a5-46a0-bc57-b98a4ea7ca97"
}],
"request_ids": [],
"HUMAN_ID": false,
"location": {
"project": {
"id": "4ace8180769a42e7b7ef2d795c555002",
"domain_name": null,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain_id": null
},
"zone": null,
"region_name": "",
"cloud": "defaults"
},
"id": "dc3d62e6-db74-48ea-801d-f3f99504b9ec",
"project_id": "4ace8180769a42e7b7ef2d795c555002",
"properties": {
"request_ids": [],
"NAME_ATTR": "name",
"human_id": null,
"HUMAN_ID": false
},
"name": "default"
}],
"interface_ip": "10.8.174.176",
"name": "testgroup2_ano_inst1",
"adminPass": "C9op26gKPzaG",
"tenant_id": "4ace8180769a42e7b7ef2d795c555002",
"region": "",
"created": "2017-02-08T15:43:32Z",
"os-extended-volumes:volumes_attached": [],
"project_id": "4ace8180769a42e7b7ef2d795c555002",
"volumes": [],
"config_drive": ""
}]
}],
"aws_ec2_key_res": [],
"aws_s3_res": [],
"gcloud_gce_res": [{
"instance_data": [{
"status": "RUNNING",
"name": "testresourcesme-000",
"zone": "us-central1-a",
"tags": [],
"image": "debian-8-jessie-v20170124",
"disks": ["testresourcesme-000"],
"public_ip": "104.154.65.175",
"private_ip": "10.128.0.2",
"machine_type": "f1-micro",
"subnetwork": "default",
"metadata": {},
"network": "default"
}],
"state": "present",
"changed": true,
"name": "testresourcesme",
"zone": "us-central1-a"
}],
"os_volume_res": [],
"os_sg_res": [],
"beaker_res": [],
"aws_cfn_res": [],
"os_heat_res": [],
"os_obj_res": [],
"rax_server_res": []
}``` |
As discovered earlier today, certain bits of data were pushed into this repository as static output from a run on an internal openstack server. The password and other sensitive data was changed.
To prevent this in the future, an audit of outputs and code should be performed to ensure better security. A good approach may be to write unit tests that ensure outputs are returned as expected, with redacted information represented appropriately.
The text was updated successfully, but these errors were encountered: