-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #37418 - Fixes an issue that caused hidden Ansible variables to be shown in plain text on the Host-Details page #717
base: master
Are you sure you want to change the base?
Conversation
I'm getting the following error when navigating to the
|
@nofaralfasi I think that is because you still have the broken GQL scheme... Did you make sure the content of #716 is present on your branch? |
You are right, I missed that part. Also, it's not possible to edit the variable value from the |
Glad you got it sorted. I tried to reproduce the issue you faced with editing the value, but without success. |
Exactly. That should be the correct implementation.
I apologize for the confusion, it was a problem on my setup. I'll be more careful next time. |
Great, I'll implement that then! |
… be shown in plain text on the Host-Details page - Add "hiddenValue" to GraphQL query hostVariableOverrides.gql - Replace plain text secret with masked value - Adds a parameter "redact_secrets" to AnsibleInventoriesController#show_inventory - Change frontend code to use newly added "redact_secrets" parameter - Add a new "to_hash_with_secrets_redacted" method to InventoryCreator - Hide hidden values in GQL response by if edit_ansible_variables not granted
d468a18
to
0792fb6
Compare
Redmine Issue #37418 and reproducer
Variables marked as hidden were shown in plain text under Variables and Inventory on a host's details page.
This PR fixes that by masking the values in question in the UI.
Values are still shown in plain text when editing, as this requires the same permissions, edit_ansible_variables, as
Configure > Ansible > Variables.
It should be noted, that hidden variables are NOT considered secrets. The point of hidden is to only hide the values of the respective variables in the UI. The Foreman documentation clearly reflects this fact under point 6.
Changes:
Requires #716