Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-61353

The cluster-config-v1 cm of an IPI Nutanix cluster contains the Nutanix password, making it visible to anyone with access.

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      The cluster-config-v1 ConfigMap of an IPI Nutanix cluster contains the Nutanix password, making it visible to anyone with access.

------------
$ oc get cm -n kube-system cluster-config-v1 -o yaml | grep -i password -A 5 -B 5
          type: UserManaged
        prismCentral:
          endpoint:
            address: hcinxxxp.ot.lxxxl
            port: 9440
          password: Concxxxlusssxhorce.nl2024      <<------ Password
          username: hcinxxxp
        prismElements:
        - endpoint:
            address: hcinxxxp.ot.lxxxl
            port: 9440
--------

+ In a vSphere IPI cluster, I verified that the password does not appear.   
---------
$ oc get cm -n kube-system cluster-config-v1 -o yaml | grep -i password -A 5 -B 5
        ingressVIPs:
        - 10.44.939.45
        vcenters:
        - datacenters:
          - OpenShift-DC
          password: ""
          server: vcenter.vmware.xxxx.yyy.com
          user: ""
    publish: External
    pullSecret: ""
    sshKey: |
--------
       

              aaggrawa Abhay Aggrawal
              rhn-support-harspati Harshada Patil
              None
              None
              Shang Gao Shang Gao
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: