Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse password field from dialog and decrypt before job launch #14636

Merged
merged 1 commit into from
Apr 6, 2017
Merged

Parse password field from dialog and decrypt before job launch #14636

merged 1 commit into from
Apr 6, 2017

Conversation

bzwei
Copy link
Contributor

@bzwei bzwei commented Apr 4, 2017

https://bugzilla.redhat.com/show_bug.cgi?id=1438923

A password text field from service dialog will appear in the options field with the format
password::dialog_param_field_name: v2:{encrypted_word}

At option parsing the prefix will be removed, only field_name remains. The value remains encrypted.

An extra var can be set by three means in the following priority

  1. Through automat code. The value can be either plain or encrypted. Encryption is recommended for password.
  2. Through service dialog. The value from a password text box is always encrypted.
  3. Through service item design time. The value is always plain. A future enhancement can be created to encrypt selected vars.

Before the job launching time we attempt to decrypt all values. A plain text can pass decryption with no problem.

@bzwei
Copy link
Contributor Author

bzwei commented Apr 4, 2017

@miq-bot add_label bug, providers/ansible_tower, services, fine/yes
@miq-bot assign @gmcculloug

@bzwei bzwei force-pushed the playbook_password_decrypt branch from 30a4d60 to b206694 Compare April 4, 2017 19:24
@miq-bot
Copy link
Member

miq-bot commented Apr 4, 2017

Checked commit bzwei@b206694 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0
2 files checked, 0 offenses detected
Everything looks good. 🍰

@mkanoor mkanoor changed the title Parse password field from dialog and decryt before job launch Parse password field from dialog and decrypt before job launch Apr 4, 2017
@mkanoor
Copy link
Contributor

mkanoor commented Apr 5, 2017

@bzwei
Since every extra var defined by the user is going to be added via our Dialogs, can they set the type to be Password. And when we decide to launch the playbook we can figure out that the field is encrypted by fetching the dialog_field that corresponds to the extra var. This will shift the onus on the end user to decide which fields (extra vars) are encrypted fields.

@bzwei
Copy link
Contributor Author

bzwei commented Apr 5, 2017

@mkanoor yes. It is a proposed enhancement after the initial release. I will create a pivotal story.

@gmcculloug gmcculloug merged commit 9bb8653 into ManageIQ:master Apr 6, 2017
@gmcculloug gmcculloug added this to the Sprint 58 Ending Apr 10, 2017 milestone Apr 6, 2017
simaishi pushed a commit that referenced this pull request Apr 6, 2017
@gmcculloug @simaishi
Merge pull request #14636 from bzwei/playbook_password_decrypt
fee3b18 
Parse password field from dialog and decrypt before job launch
(cherry picked from commit 9bb8653)

https://bugzilla.redhat.com/show_bug.cgi?id=1439938
@simaishi
Copy link
Contributor

simaishi commented Apr 6, 2017

Fine backport details:

$ git log -1
commit fee3b18e8d151ee2bd6dd9dd8eefa54614ac0cf7
Author: Greg McCullough <[email protected]>
Date:   Thu Apr 6 10:19:04 2017 -0400

    Merge pull request #14636 from bzwei/playbook_password_decrypt
    
    Parse password field from dialog and decrypt before job launch
    (cherry picked from commit 9bb8653267137d5cf03c5d36aeea17e8c9236f75)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1439938

@bzwei bzwei deleted the playbook_password_decrypt branch April 7, 2017 14:24
@agrare agrare mentioned this pull request Jun 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@gmcculloug gmcculloug

Labels
bug fine/backported lifecycle/services providers/automation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@bzwei @miq-bot @mkanoor @simaishi @Fryguy @gmcculloug