Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure & invalid defaults provided for BAS configuration in playbooks #65

Closed
durera opened this issue Nov 24, 2021 · 2 comments · Fixed by #70
Closed

Insecure & invalid defaults provided for BAS configuration in playbooks #65

durera opened this issue Nov 24, 2021 · 2 comments · Fixed by #70
Assignees
@andrercm
Labels
Bug Report Something isn't working

Comments

@durera
Copy link
Contributor

durera commented Nov 24, 2021
edited
Loading

See TODOs in lite-core-roks.yml ... please deliver fixes to this branch: https://github.com/ibm-mas/ansible-devops/tree/bugfixes2411

# 4. Install BAS
# -----------------------------------------------------------------------------
- name: Install BAS
  import_playbook: bas/install-bas.yml
  vars:
    # BAS Configuration
    bas_namespace: "{{ lookup('env', 'BAS_NAMESPACE') | default('ibm-bas', true) }}"
    bas_persistent_storage: "{{ lookup('env', 'BAS_PERSISTENT_STORAGE') }}"
    bas_meta_storage_class: "{{ lookup('env', 'BAS_META_STORAGE') }}"

    bas_username: "{{ lookup('env', 'BAS_USERNAME') | default('basuser', true) }}"
    # TODO: Providing a default password of "password" is unacceptable, this needs to be randomly generated if not provided (and provide details in the documentation about how to look up the generated password)
    #       When fixing this, ensure it is fixed in any other playbooks with the same problem too
    bas_password: "{{ lookup('env', 'BAS_PASSWORD') | default('password', true) }}"

    # TODO: if this is related to BAS, the env vars should be prefixed BAS_ ... otherwise, why is the grafana config required under the BAS section here/why is the grafana username set to "basuser" as default?
    #       When fixing this, ensure it is fixed in any other playbooks with the same problem too
    grafana_username: "{{ lookup('env', 'GRAFANA_USERNAME') | default('basuser', true) }}"
    # TODO: Providing a default password of "password" is unacceptable, this needs to be randomly generated if not provided (and provide details in the documentation about how to look up the generated password)
    #       When fixing this, ensure it is fixed in any other playbooks with the same problem too
    grafana_password: "{{ lookup('env', 'GRAFANA_PASSWORD') | default('password', true) }}"

    # TODO: These all need to be made required env vars, these are not useable defaults
    #       When fixing this, ensure it is fixed in any other playbooks with the same problem too
    contact:
      email: "{{ lookup('env', 'BAS_CONTACT_MAIL') | default('john@mycompany.com', true) }}"
      firstName: "{{ lookup('env', 'BAS_CONTACT_FIRSTNAME') | default('John', true) }}"
      lastName: "{{ lookup('env', 'BAS_CONTACT_LASTNAME') | default('Barnes', true) }}"

    # MAS Configuration
    mas_instance_id: "{{ lookup('env', 'MAS_INSTANCE_ID') }}"
    mas_config_dir: "{{ lookup('env', 'MAS_CONFIG_DIR') }}"
@durera durera mentioned this issue Nov 24, 2021
Closed
andrercm added a commit that referenced this issue Nov 24, 2021
@andrercm
[patch] initial fix for #65
37d5a90
@durera durera added the Bug Report Something isn't working label Nov 25, 2021
andrercm added a commit that referenced this issue Nov 25, 2021
@andrercm
[patch] fix for issue #65
f9bb323
@andrercm andrercm mentioned this issue Nov 25, 2021
Merged
@andrercm
Copy link
Contributor

@durera should be fixed in #71

@durera durera mentioned this issue Nov 29, 2021
Merged
@andrercm
Copy link
Contributor

@durera thanks for confirming, I'll close this issue then.

@durera durera linked a pull request Nov 29, 2021 that will close this issue
[patch] Multiple bug fixes from 4.5.0 code review & retrospective testing #70
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrercm andrercm

Labels
Bug Report Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[patch] Multiple bug fixes from 4.5.0 code review & retrospective testing ibm-mas/ansible-devops
2 participants
@durera @andrercm