[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
** Changed in: sosreport (Ubuntu Xenial) Assignee: (unassigned) => Eric Desrochers (slashd) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
This bug was fixed in the package sosreport - 3.9-1ubuntu0.18.04.3
---
sosreport (3.9-1ubuntu0.18.04.3) bionic; urgency=medium
* d/p/0003-lshw-command.patch: (LP: #1871494)
- Add `lshw` command to hardware plugin
[Eric Desrochers]
* d/p/0004-lds-substitute-oidc-conf.patch:
- landscape substitute oidc conf
in service file (LP: #1874526)
[Eric Desrochers]
* d/tests/{control,simple.sh}: (LP: #1865212)
- Add testsuite "simple.sh". A port of the travis tests to bash
provided by upstream.
-- Heather Lemon Wed, 29 Apr 2020
14:04:05 +
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1874526
Title:
[landscape] Substitute oidc conf in service file
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
This bug was fixed in the package sosreport - 3.9-1ubuntu2.1 --- sosreport (3.9-1ubuntu2.1) focal; urgency=low * d/p/0003-lshw-command.patch: (LP: #1871494) - Add `lshw` command to hardware plugin [Eric Desrochers] * d/p/0004-lds-substitute-oidc-conf.patch: - landscape substitute oidc conf in service file (LP: #1874526) -- Heather Lemon Mon, 27 Apr 2020 09:33:16 -0600 ** Changed in: sosreport (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
This bug was fixed in the package sosreport - 3.9-1ubuntu0.19.10.3
---
sosreport (3.9-1ubuntu0.19.10.3) eoan; urgency=medium
* d/p/0003-lshw-command.patch: (LP: #1871494)
- Add `lshw` command to hardware plugin
[Eric Desrochers]
* d/p/0004-lds-substitute-oidc-conf.patch:
- landscape substitute oidc conf
in service file (LP: #1874526)
[Eric Desrochers]
* d/tests/{control,simple.sh}: (LP: #1865212)
- Add testsuite "simple.sh". A port of the travis tests to bash
provided by upstream.
-- Heather Lemon Wed, 29 Apr 2020
13:47:47 +
** Changed in: sosreport (Ubuntu Eoan)
Status: Fix Committed => Fix Released
** Changed in: sosreport (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1874526
Title:
[landscape] Substitute oidc conf in service file
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
[VERIFICATION BIONIC] Testing using bionic landscape-client: 18.01-0ubuntu3.5 Tested using bionic sosreport: sosreport_3.9-1ubuntu0.18.04.3 # pull source code from: pull-lp-source sosreport bionic-proposed # installed landscape-client from apt $ sudo apt-get install landscape-client # created new local directory under /etc/landscape # created 2 files in /etc/landscape $ touch service.conf $ touch service.conf.old $ vim service.conf && service.conf.old # inserted these 2 lines into both files oidc-client-secret = 93084029384-secret-test oidc-client-id = 234234234-secret-id # saved and closed file # Executed sosreport $ sudo sosreport -o landscape --config sos.conf # untar compressed file from /tmp folder $ cd /tmp//etc/landscape/ $ less service.conf $ less service.conf.old # checking logs and verifying password is filled with *** # verify password is [*] # Run unit tests $ sudo tests/simple.sh # verify success message root@bio:/tmp# cat sosreport-bio-2020-05-04-ymaseea/etc/landscape/service.conf oidc-client-secret = [] oidc-client-id = [] root@bio:/tmp# cat sosreport-bio-2020-05-04-ymaseea/etc/landscape/service.conf.old oidc-client-secret = [] oidc-client-id = [] ** Tags removed: verification-needed-bionic verification-needed-eoan ** Tags added: verification-done-bionic verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
[VERIFICATION EOAN] Testing using eoan landscape-client: 18.01-0ubuntu9.3 Tested using eoan sosreport: 3.9-1ubuntu0.19.10.3 # pull source code from: pull-lp-source sosreport eoan-proposed # installed landscape-client from apt $ sudo apt-get install landscape-client # created new local directory under /etc/landscape # created 2 files in /etc/landscape $ touch service.conf $ touch service.conf.old $ vim service.conf && service.conf.old # inserted these 2 lines into both files oidc-client-secret = 93084029384-secret-test oidc-client-id = 234234234-secret-id # saved and closed file # Executed sosreport $ sudo sosreport -o landscape --config sos.conf # untar compressed file from /tmp folder $ cd /tmp//etc/landscape/ $ less service.conf $ less service.conf.old # checking logs and verifying password is filled with *** # verify password is [*] # Run unit tests $ sudo tests/simple.sh # verify success message -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
[VERIFICATION FOCAL] Testing using focal landscape-client: 19.12-0ubuntu4 Tested using focal sosreport: 3.9-1ubuntu2.1 # installed landscape-client from apt $ sudo apt-get install landscape-client # created new local directory under /etc/landscape # created 2 files in /etc/landscape $ touch service.conf $ touch service.conf.old $ vim service.conf && service.conf.old # inserted these 2 lines into both files oidc-client-secret = 93084029384-secret-test oidc-client-id = 234234234-secret-id # saved and closed file # Executed sosreport $ sudo sosreport -o landscape --config sos.conf # checking logs and verifying password is filled with *** # untar compressed file from /tmp folder $ cd /tmp//etc/landscape/ $ less service.conf $ less service.conf.old # verify password is [*] # Run unit tests $ sudo tests/simple.sh # verifiy success message ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
After talking to simpoir (lds maintainer) lds 19.10 is not available in Xenial so no OIDC available. ** Changed in: sosreport (Ubuntu Xenial) Status: In Progress => Won't Fix ** Changed in: sosreport (Ubuntu Xenial) Assignee: Eric Desrochers (slashd) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
Hello Eric, or anyone else affected, Accepted sosreport into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sosreport/3.9-1ubuntu0.18.04.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: sosreport (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
Hello Eric, or anyone else affected, Accepted sosreport into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sosreport/3.9-1ubuntu0.19.10.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-eoan. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: sosreport (Ubuntu Eoan) Status: In Progress => Fix Committed ** Tags added: verification-needed-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
Hello Eric, or anyone else affected, Accepted sosreport into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sosreport/3.9-1ubuntu2.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: sosreport (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
** Description changed: [Impact] Landscape has added the ability to connect to OIDC. The plugin should be updated to obfuscate the sensitive information. https://docs.ubuntu.com/landscape/en/onprem-auth#openid-connect-support [Test Case] * Install sosreport - * Run sosreport in a Landscape environment (client and server) - * Extract archive and look at the content of sos_commands/landscape and most importantly make sure both "oidc-client-id" & "oidc-client-secret" are subsitute in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present). + * Install landscape-client and/or landscape-server (to make sure sosreport's landscape plugin will be triggered) + * Manually append or create files: "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" (No need to have a fully functionnal landscape setup, just the package installed (for triggering purposes) and then you can create and add the parameter by hand) + * Add the following in both "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old": + oidc-client-secret = secret-test + oidc-client-id = id-test + * Execute sosreport "sosreport -a" + * Make sure landscape plugin was exercise. + * Extract archive and make sure both "oidc-client-id" & "oidc-client-secret" are subsituted in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present). - Expected result: + Expected result (path_to_sosreport/etc/landscape/service.conf*) oidc-client-secret = [] oidc-client-id = [] - Extra testing: + Extra testing (sanity check): * Look under "sos_reports" for full report. * Look under "sos_logs" for warnings/errors. $ grep -v "INFO:" sos_logs/sos.log * Run "simple.sh": A quick port of the travis tests to bash. Generating various type of sosreports collection. https://raw.githubusercontent.com/sosreport/sos/master [Regression] No regression expected, we don't change/impact core functionnalities nor affect other plugins. If something happens it will be isolate to the landscape plugin itself only. Worse case the OID substitution won't work as expected (corner case) and will reveal OID sensible information, but it is very unlikely to happen as it will be intensively tested during the testing phase, and the substitute mechanism in place has been proven to work for the same configuration files in the landscape plugin already. [Other Informations] Upstream bug: https://github.com/sosreport/sos/issues/2023 Upstream PR: https://github.com/sosreport/sos/pull/2025 Upstream commit: https://github.com/sosreport/sos/pull/2025/commits/0c4d821e26e1206a0b99f427b572931ba2fd9bb5 ** Description changed: [Impact] Landscape has added the ability to connect to OIDC. The plugin should be updated to obfuscate the sensitive information. https://docs.ubuntu.com/landscape/en/onprem-auth#openid-connect-support [Test Case] * Install sosreport - * Install landscape-client and/or landscape-server (to make sure sosreport's landscape plugin will be triggered) + * Install landscape-client and/or landscape-server (to make sure sosreport's landscape plugin will be triggered) from the Landscape PPA -> https://launchpad.net/~landscape * Manually append or create files: "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" (No need to have a fully functionnal landscape setup, just the package installed (for triggering purposes) and then you can create and add the parameter by hand) * Add the following in both "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old": oidc-client-secret = secret-test oidc-client-id = id-test * Execute sosreport "sosreport -a" * Make sure landscape plugin was exercise. * Extract archive and make sure both "oidc-client-id" & "oidc-client-secret" are subsituted in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present). Expected result (path_to_sosreport/etc/landscape/service.conf*) oidc-client-secret = [] oidc-client-id = [] Extra testing (sanity check): * Look under "sos_reports" for full report. * Look under "sos_logs" for warnings/errors. $ grep -v "INFO:" sos_logs/sos.log * Run "simple.sh": A quick port of the travis tests to bash. Generating various type of sosreports collection. https://raw.githubusercontent.com/sosreport/sos/master [Regression] No regression expected, we don't change/impact core functionnalities nor affect other plugins. If something happens it will be isolate to the landscape plugin itself only. Worse case the OID substitution won't work as expected (corner case) and will reveal OID sensible information, but it is very unlikely to happen as it will be intensively tested during the testing phase, and the substitute mechanism in place has been proven to work fo
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
[VERIFICATION GROOVY] Tested in groovy/20.10 with sosreport version "3.9-1ubuntu3" I confirmed both "oidc-client-secret" & "oidc-client-id", if found in "service.conf" & "service.conf.old" are obfuscated as follows: :: etc/landscape/service.conf :: oidc-client-secret = [] oidc-client-id = [] :: etc/landscape/service.conf.old :: oidc-client-secret = [] oidc-client-id = [] ** Description changed: [Impact] Landscape has added the ability to connect to OIDC. The plugin should be updated to obfuscate the sensitive information. https://docs.ubuntu.com/landscape/en/onprem-auth#openid-connect-support [Test Case] * Install sosreport * Run sosreport in a Landscape environment (client and server) * Extract archive and look at the content of sos_commands/landscape and most importantly make sure both "oidc-client-id" & "oidc-client-secret" are subsitute in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present). + + Expected result: + oidc-client-secret = [] + oidc-client-id = [] Extra testing: * Look under "sos_reports" for full report. * Look under "sos_logs" for warnings/errors. $ grep -v "INFO:" sos_logs/sos.log * Run "simple.sh": A quick port of the travis tests to bash. Generating various type of sosreports collection. https://raw.githubusercontent.com/sosreport/sos/master [Regression] No regression expected, we don't change/impact core functionnalities nor affect other plugins. If something happens it will be isolate to the landscape plugin itself only. Worse case the OID substitution won't work as expected (corner case) and will reveal OID sensible information, but it is very unlikely to happen as it will be intensively tested during the testing phase, and the substitute mechanism in place has been proven to work for the same configuration files in the landscape plugin already. [Other Informations] Upstream bug: https://github.com/sosreport/sos/issues/2023 Upstream PR: https://github.com/sosreport/sos/pull/2025 Upstream commit: https://github.com/sosreport/sos/pull/2025/commits/0c4d821e26e1206a0b99f427b572931ba2fd9bb5 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
This bug was fixed in the package sosreport - 3.9-1ubuntu3 --- sosreport (3.9-1ubuntu3) groovy; urgency=low * d/p/0003-lshw-command.patch: (LP: #1871494) - Add `lshw` command to hardware plugin [Eric Desrochers] * d/p/0004-lds-substitute-oidc-conf.patch: - landscape substitute oidc conf in service file (LP: #1874526) -- Heather Lemon Mon, 27 Apr 2020 09:33:16 -0600 ** Changed in: sosreport (Ubuntu Groovy) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
Uploaded in groovy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
** Also affects: sosreport (Ubuntu Groovy) Importance: High Assignee: Eric Desrochers (slashd) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
** Tags added: sts-sponsor-slashd ** Changed in: sosreport (Ubuntu Focal) Importance: Undecided => High ** Changed in: sosreport (Ubuntu Eoan) Importance: Undecided => High ** Changed in: sosreport (Ubuntu Bionic) Importance: Undecided => High ** Changed in: sosreport (Ubuntu Xenial) Importance: Undecided => High ** Changed in: sosreport (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874526] Re: [landscape] Substitute oidc conf in service file
** Description changed: + [Impact] + Landscape has added the ability to connect to OIDC. The plugin should be updated to obfuscate the sensitive information. https://docs.ubuntu.com/landscape/en/onprem-auth#openid-connect-support + [Test Case] + + * Install sosreport + * Run sosreport in a Landscape environment (client and server) + * Extract archive and look at the content of sos_commands/landscape and most importantly make sure both "oidc-client-id" & "oidc-client-secret" are subsitute in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present). + + Extra testing: + * Look under "sos_reports" for full report. + * Look under "sos_logs" for warnings/errors. + $ grep -v "INFO:" sos_logs/sos.log + * Run "simple.sh": A quick port of the travis tests to bash. Generating various type of sosreports collection. + https://raw.githubusercontent.com/sosreport/sos/master + + [Regression] + + No regression expected, we don't change/impact core functionnalities nor + affect other plugins. If something happens it will be isolate to the + landscape plugin itself only. + + Worse case the substitution won't work as expected (corner case) and + will reveal sensible information, but it is very unlikely to happen as + it will be intensively tested during the testing phase, and the + substitute mechanism in place has been proven to work for the same files + in the landscape plugin already. + + [Other Informations] + + Upstream bug: + https://github.com/sosreport/sos/issues/2023 + Upstream PR: https://github.com/sosreport/sos/pull/2025 Upstream commit: https://github.com/sosreport/sos/pull/2025/commits/0c4d821e26e1206a0b99f427b572931ba2fd9bb5 ** Description changed: [Impact] Landscape has added the ability to connect to OIDC. The plugin should be updated to obfuscate the sensitive information. https://docs.ubuntu.com/landscape/en/onprem-auth#openid-connect-support [Test Case] * Install sosreport * Run sosreport in a Landscape environment (client and server) * Extract archive and look at the content of sos_commands/landscape and most importantly make sure both "oidc-client-id" & "oidc-client-secret" are subsitute in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present). Extra testing: * Look under "sos_reports" for full report. * Look under "sos_logs" for warnings/errors. - $ grep -v "INFO:" sos_logs/sos.log + $ grep -v "INFO:" sos_logs/sos.log * Run "simple.sh": A quick port of the travis tests to bash. Generating various type of sosreports collection. https://raw.githubusercontent.com/sosreport/sos/master [Regression] No regression expected, we don't change/impact core functionnalities nor affect other plugins. If something happens it will be isolate to the landscape plugin itself only. - Worse case the substitution won't work as expected (corner case) and - will reveal sensible information, but it is very unlikely to happen as - it will be intensively tested during the testing phase, and the - substitute mechanism in place has been proven to work for the same files - in the landscape plugin already. + Worse case the OID substitution won't work as expected (corner case) and + will reveal OID sensible information, but it is very unlikely to happen + as it will be intensively tested during the testing phase, and the + substitute mechanism in place has been proven to work for the same + configuration files in the landscape plugin already. [Other Informations] Upstream bug: https://github.com/sosreport/sos/issues/2023 Upstream PR: https://github.com/sosreport/sos/pull/2025 Upstream commit: https://github.com/sosreport/sos/pull/2025/commits/0c4d821e26e1206a0b99f427b572931ba2fd9bb5 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
