-
Bug
-
Resolution: Done
-
Normal
-
None
-
4.13
-
None
-
None
-
CCXDEV Sprint 84, CCXDEV Sprint 85, CCXDEV Sprint 86
-
3
-
False
-
-
NA
-
Bug Fix
-
Done
Description of problem:
On Pod definitions gathering, Operator should obfuscate particular environment variables (HTTP_PROXY and HTTPS_PROXY) from containers by default. Pods from the control plane can have those variables injected from the cluster-wide proxy, and they may contain values as "user:password@[http://6.6.6.6:1234|http://6.6.6.6:1234/]".
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. In order to change deployments, scale down: * cluster-version-operator * cluster-monitoring-operator * prometheus-operator 2. Introduce a new environment variable on alertmanager-main statusSet with either or both HTTP_PROXY, HTTPS_PROXY. Any value but void will do. 4. Run insight-operator to get that pod definitions. 5. Check in the archive (usually config/pod/openshift-monitoring/alertmanager-main-0.json) that target environment variable(s) value is obfuscated.
Actual results:
...
"spec": {
...
"containers": {
...
"env": [
{
"name": "HTTP_PROXY"
"value": "jdow:1qa2wd@[http://8.8.8.8:8080|http://8.8.8.8:8080/]"
}
]
}
}
...
Expected results:
...
"spec": {
...
"containers": {
...
"env": [
{
"name": "HTTP_PROXY"
"value": "xxxxxxxxx" // Where x char number is the length of the obfuscated string
}
]
}
}
...
Additional info:
- is depended on by
-
-
- Closed
-
- links to