Issue #11031 has been updated by Daniel Pittman.
Nigel Kersten wrote: > Daniel Pittman wrote: > > > I see your point. I am very concerned that we would give a false > > impression to users who saw this data cleaned up in one case, but then > > found out that their own use of private data was not equivalently fixed; > > that creates a complex and invisible mental model that I fear would lead > > people astray. > > You're arguing that the *absence* of a particular part of EC2 metadata in > Facter will lead to people thinking that their own _facts_ will get > automatically sanitized? Oh, no, I must have misunderstood your concerns. I thought you objected to my suggestion that we either ship this data raw, or don't ship it at all, with the obvious conclusion being that sanitation - stripping the password only - would be the right thing to do. *That* model, where we clean some security related data, concerns me. If we don't ship this data at all, or give the user the knobs to not ship it, then I have no problem at all, and the user has a simple and clear model. I would prefer something like the blacklist option, so that this can apply to the, eg, Rackspace or OpenStack, or VMWare equivalent data as well, but just excluding the one fact from core would satisfy my concerns. ---------------------------------------- Bug #11031: capturing ec2 userdata as a fact may be a security risk https://projects.puppetlabs.com/issues/11031 Author: Dan Bode Status: Investigating Priority: Normal Assignee: Adrien Thebo Category: Target version: 1.6.x Keywords: Branch: Affected Facter version: When cloud-init is used for bootstrapping nodes, a script contained in the userdata is often passed to the node to perform bootstrapping. In the case of cloud formation, this script often contains IAM credentials (access code/secret code) that are used to call cfn-init. In my integration of PE with cloudformation, I can see the AWS credentials in the inventory service when running b/c they are captured as a part of the ec2 metadata. This is not that big of a deal for my use case b/c the credentials only refer to a temporary account that only has the permissions to read metadata from cloudformation instances. In general, I have concerns over rather capturing userdata with facter may potentially (and unexpectedly) expose a user's credentials in some cases. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
