Issue 13919043: apiserver/provisioner: Mask out secret env attrs

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 13919043: apiserver/provisioner: Mask out secret env attrs (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
10 years, 7 months ago by dimitern

Modified:
10 years, 7 months ago

Reviewers:
mp+187577, fwereade

Visibility:
Public.

Description

apiserver/provisioner: Mask out secret env attrs This changes the provisioner API EnvironConfig() call to mask out any secret attributes before returning the config to non-manager agents. The environment manager agents still get everything. This closes of a security issue with LXC provisioner having access to the environment configuration and its secrets via the API. https://code.launchpad.net/~dimitern/juju-core/145-apiserver-provisioner-blank-secrets/+merge/187577 Requires: https://code.launchpad.net/~dimitern/juju-core/144-environs-secretattrs-strings/+merge/187566 (do not edit description out of merge proposal)

Patch Set 1 #

Total comments: 1

Created: 10 years, 7 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+38 lines, -1 line)			Patch
A	[revision details]	View	1 chunk	+2 lines, -0 lines	0 comments	Download
M	state/apiserver/provisioner/provisioner.go	View	2 chunks	+19 lines, -1 line	1 comment	Download
M	state/apiserver/provisioner/provisioner_test.go	View	1 chunk	+17 lines, -0 lines	0 comments	Download

Messages

Total messages: 3

Expand All Messages | Collapse All Messages

fwereade

LGTM, but please verify it live. https://codereview.appspot.com/13919043/diff/1/state/apiserver/provisioner/provisioner.go File state/apiserver/provisioner/provisioner.go (right): https://codereview.appspot.com/13919043/diff/1/state/apiserver/provisioner/provisioner.go#newcode166 state/apiserver/provisioner/provisioner.go:166: // but the ...

10 years, 7 months ago (2013-09-25 18:39:31 UTC) #2

dimitern

10 years, 7 months ago (2013-09-26 10:56:41 UTC) #3

After live testing on EC2 it turned out my previous CL wasn't supplying correct
addresses of state and API server. So I'm closing this, and will repropose it
after I fix that first.

Expand All Messages | Collapse All Messages