Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-7057

Update password property of User type to mention Sensitive data type

    XMLWordPrintable

    Details

    • Template:
    • Team:
      Platform Core
    • Release Notes:
      Not Needed
    • QA Risk Assessment:
      Needs Assessment

      Description

      When the user provider changes a managed users password, the plaintext password is shown in the console even if the password is encrypted in hiera.

      To reproduce:
      1) In PE Console go to report where the password was changed.
      2) Click on Events tab
      3) Under resource type click user
      4) The User resource will show the password in the Changed to column.

      Notes

      • Currently, Puppet will include password value(s) in the resource event logs when they change. This means passwords are written to the reports in plain text (though these reports are only root-readable).
      • The Sensitive type was recently added to Puppet, which obscures associated values where applicable. Ostensibly passwords are sensitive information and are applicable for this new type.

      In Scope

      • Plumb the Sensitive data type through the Puppet type system as needed, if at all, so that we can:
      • Set the password property of the user type to Sensitive. This will then apply to all user providers.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              garrett.guillotte Garrett Guillotte
              Reporter:
              joshua.keiser Joshua Keiser
              Votes:
              1 Vote for this issue
              Watchers:
              13 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support