Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for exceptions to annotations #44

Merged
merged 3 commits into from
Jun 26, 2024
Merged

feat: add support for exceptions to annotations #44

merged 3 commits into from
Jun 26, 2024

Conversation

jackhodgkiss
Copy link
Contributor

@jackhodgkiss jackhodgkiss commented Dec 29, 2023
edited
Loading

Some secrets when redacted are rejected due to invalid characters. One example of this would prometheus_bcrypt_salt which is rejected due to the use of underscores. Therefore the solution is to add support for exceptions to the standard annotation format.

See: https://github.com/ansible/ansible/blob/devel/lib/ansible/utils/encrypt.py#L118C46-L118C46
https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/prometheus/templates/prometheus-web.yml.j2#L3

@jackhodgkiss jackhodgkiss requested a review from a team as a code owner December 29, 2023 12:30
@jackhodgkiss
feat: add support for exceptions to annotations
84ee860 
Some secrets when redacted are rejected due to invalid characters. One
example of this would `prometheus_bcrypt_salt` which is rejected due to
the use of underscores. Therefore the solution is to add support for
exceptions to the standard annotation format.

See: https://github.com/ansible/ansible/blob/devel/lib/ansible/utils/encrypt.py#L118C46-L118C46
@MaxBed4d MaxBed4d self-requested a review December 29, 2023 16:31
MaxBed4d
MaxBed4d previously approved these changes Dec 29, 2023
View reviewed changes
Copy link
Contributor

@MaxBed4d MaxBed4d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed in Google meeting.

@jackhodgkiss
Copy link
Contributor Author

Most recent change ensures that nested dicts are redacted and still keep the full name.

bifrost_ssh_key:
  private_key: value
  public_key: value

becomes

bifrost_ssh_key:
  private_key: bifrost_ssh_key_private_key.original
  public_key: bifrost_ssh_key_public_key.original

@jackhodgkiss
fix: bcrypt salt must be 22 characters long
024b83e 
In addition to bcrypt salt rejecting underscores amongst other
characters it must also be exactly 22 characters long.
@jovial
Copy link
Collaborator

jovial commented May 16, 2024

LGTM - nice solution :)

@technowhizz
Copy link

technowhizz commented Jun 26, 2024
edited
Loading

@jackhodgkiss Is this planned to merge soon?

@jackhodgkiss
Copy link
Contributor Author

jackhodgkiss commented Jun 26, 2024
edited
Loading

@technowhizz

Happy to merge it now. It was working last time I checked but don't have time this week to test again. However, if you encounter any issues please let me know.

@jackhodgkiss jackhodgkiss merged commit ad93766 into main Jun 26, 2024
4 checks passed
@jackhodgkiss jackhodgkiss deleted the salt_redact_fix branch June 26, 2024 15:17
assumptionsandg pushed a commit that referenced this pull request Nov 11, 2024
@jackhodgkiss @assumptionsandg
Merge pull request #44 from stackhpc/salt_redact_fix
2eb371e 
feat: add support for exceptions to annotations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markgoddard markgoddard markgoddard left review comments

@jovial jovial jovial approved these changes

@MaxBed4d MaxBed4d MaxBed4d left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jackhodgkiss @jovial @technowhizz @markgoddard @MaxBed4d