← Back to team overview

sts-sponsors team mailing list archive

  1. sts-sponsors team
  2. Mailing list archive
  3. Message #01798

[Bug 1874526] Re: [landscape] Substitute oidc conf in service file

  Thread PreviousDate PreviousThread Next 
Hello Eric, or anyone else affected,

Accepted sosreport into eoan-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/sosreport/3.9-1ubuntu0.19.10.3 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
eoan to verification-done-eoan. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-eoan. In either case, without details of your testing we will not
be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: sosreport (Ubuntu Eoan)
       Status: In Progress => Fix Committed

** Tags added: verification-needed-eoan

-- 
You received this bug notification because you are a member of STS
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1874526

Title:
  [landscape] Substitute oidc conf in service file

Status in sosreport package in Ubuntu:
  Fix Released
Status in sosreport source package in Xenial:
  In Progress
Status in sosreport source package in Bionic:
  Fix Committed
Status in sosreport source package in Eoan:
  Fix Committed
Status in sosreport source package in Focal:
  Fix Committed
Status in sosreport source package in Groovy:
  Fix Released

Bug description:
  [Impact]

  Landscape has added the ability to connect to OIDC.

  The plugin should be updated to obfuscate the sensitive information.

  https://docs.ubuntu.com/landscape/en/onprem-auth#openid-connect-
  support

  [Test Case]

  * Install sosreport
  * Install landscape-client and/or landscape-server (to make sure sosreport's landscape plugin will be triggered) from the Landscape PPA -> https://launchpad.net/~landscape
  * Manually append or create files: "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" (No need to have a fully functionnal landscape setup, just the package installed (for triggering purposes) and then you can create and add the parameter by hand)
  * Add the following in both "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old":
  oidc-client-secret = secret-test
  oidc-client-id = id-test
  * Execute sosreport "sosreport -a"
  * Make sure landscape plugin was exercise.
  * Extract archive and make sure both "oidc-client-id" & "oidc-client-secret" are subsituted in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present).

  Expected result (path_to_sosreport/etc/landscape/service.conf*)
  oidc-client-secret = [********]
  oidc-client-id = [********]

  Extra testing (sanity check):
  * Look under "sos_reports" for full report.
  * Look under "sos_logs" for warnings/errors.
    $ grep -v "INFO:" sos_logs/sos.log
  * Run "simple.sh": A quick port of the travis tests to bash. Generating various type of sosreports collection.
  https://raw.githubusercontent.com/sosreport/sos/master

  [Regression]

  No regression expected, we don't change/impact core functionnalities
  nor affect other plugins. If something happens it will be isolate to
  the landscape plugin itself only.

  Worse case the OID substitution won't work as expected (corner case)
  and will reveal OID sensible information, but it is very unlikely to
  happen as it will be intensively tested during the testing phase, and
  the substitute mechanism in place has been proven to work for the same
  configuration files in the landscape plugin already.

  [Other Informations]

  Upstream bug:
  https://github.com/sosreport/sos/issues/2023

  Upstream PR:
  https://github.com/sosreport/sos/pull/2025

  Upstream commit:
  https://github.com/sosreport/sos/pull/2025/commits/0c4d821e26e1206a0b99f427b572931ba2fd9bb5

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions
  Thread PreviousDate PreviousThread Next