← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #81861

[Bug 1865947] Re: Write redacted metadata to /run/cloud-init/instance-data.json

  Thread PreviousDate PreviousThread Next 
A version of cloud-init containing this fix was published to Ubuntu
Focal (20.04) cloud-init 20.1-9-g1f860e5a-0ubuntu1.


If this is still a problem for you, please re-open this bug or submit a new bug with related context.

** Changed in: cloud-init
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1865947

Title:
  Write redacted metadata to /run/cloud-init/instance-data.json

Status in cloud-init:
  Fix Released

Bug description:
  Cloud-init persists world-readable instance metadata in /run/cloud-
  init/instance-data.json and a read-only root /run/cloud-init/instance-
  data-sensitive.json.

  Cloud-init has a facility whereby clouds could defined a via
  sensitive_metadata_keys list as a class attribute in the platform's
  supported DataSource subclass.

  No clouds are redacting metadata using this mechanism currently.

  When cloud-init persists instannce-data.json it should write the
  redacted content to the world-readable /run/cloud-init/instance-
  data.json and unredacted content to root read-only /run/cloud-init
  /instance-data-sensitive.json.

  It currently writes the wrong content to each file. No clouds
  currently are exposed to this bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1865947/+subscriptions

References

  Thread PreviousDate PreviousThread Next