** Description changed: [Impact] Landscape has added the ability to connect to OIDC. The plugin should be updated to obfuscate the sensitive information. https://docs.ubuntu.com/landscape/en/onprem-auth#openid-connect-support [Test Case] * Install sosreport - * Run sosreport in a Landscape environment (client and server) - * Extract archive and look at the content of sos_commands/landscape and most importantly make sure both "oidc-client-id" & "oidc-client-secret" are subsitute in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present). + * Install landscape-client and/or landscape-server (to make sure sosreport's landscape plugin will be triggered) + * Manually append or create files: "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" (No need to have a fully functionnal landscape setup, just the package installed (for triggering purposes) and then you can create and add the parameter by hand) + * Add the following in both "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old": + oidc-client-secret = secret-test + oidc-client-id = id-test + * Execute sosreport "sosreport -a" + * Make sure landscape plugin was exercise. + * Extract archive and make sure both "oidc-client-id" & "oidc-client-secret" are subsituted in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present). - Expected result: + Expected result (path_to_sosreport/etc/landscape/service.conf*) oidc-client-secret = [********] oidc-client-id = [********] - Extra testing: + Extra testing (sanity check): * Look under "sos_reports" for full report. * Look under "sos_logs" for warnings/errors. $ grep -v "INFO:" sos_logs/sos.log * Run "simple.sh": A quick port of the travis tests to bash. Generating various type of sosreports collection. https://raw.githubusercontent.com/sosreport/sos/master [Regression] No regression expected, we don't change/impact core functionnalities nor affect other plugins. If something happens it will be isolate to the landscape plugin itself only. Worse case the OID substitution won't work as expected (corner case) and will reveal OID sensible information, but it is very unlikely to happen as it will be intensively tested during the testing phase, and the substitute mechanism in place has been proven to work for the same configuration files in the landscape plugin already. [Other Informations] Upstream bug: https://github.com/sosreport/sos/issues/2023 Upstream PR: https://github.com/sosreport/sos/pull/2025 Upstream commit: https://github.com/sosreport/sos/pull/2025/commits/0c4d821e26e1206a0b99f427b572931ba2fd9bb5
** Description changed: [Impact] Landscape has added the ability to connect to OIDC. The plugin should be updated to obfuscate the sensitive information. https://docs.ubuntu.com/landscape/en/onprem-auth#openid-connect-support [Test Case] * Install sosreport - * Install landscape-client and/or landscape-server (to make sure sosreport's landscape plugin will be triggered) + * Install landscape-client and/or landscape-server (to make sure sosreport's landscape plugin will be triggered) from the Landscape PPA -> https://launchpad.net/~landscape * Manually append or create files: "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" (No need to have a fully functionnal landscape setup, just the package installed (for triggering purposes) and then you can create and add the parameter by hand) * Add the following in both "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old": oidc-client-secret = secret-test oidc-client-id = id-test * Execute sosreport "sosreport -a" * Make sure landscape plugin was exercise. * Extract archive and make sure both "oidc-client-id" & "oidc-client-secret" are subsituted in files "/etc/landscape/service.conf" & "/etc/landscape/service.conf.old" as it should (if present). Expected result (path_to_sosreport/etc/landscape/service.conf*) oidc-client-secret = [********] oidc-client-id = [********] Extra testing (sanity check): * Look under "sos_reports" for full report. * Look under "sos_logs" for warnings/errors. $ grep -v "INFO:" sos_logs/sos.log * Run "simple.sh": A quick port of the travis tests to bash. Generating various type of sosreports collection. https://raw.githubusercontent.com/sosreport/sos/master [Regression] No regression expected, we don't change/impact core functionnalities nor affect other plugins. If something happens it will be isolate to the landscape plugin itself only. Worse case the OID substitution won't work as expected (corner case) and will reveal OID sensible information, but it is very unlikely to happen as it will be intensively tested during the testing phase, and the substitute mechanism in place has been proven to work for the same configuration files in the landscape plugin already. [Other Informations] Upstream bug: https://github.com/sosreport/sos/issues/2023 Upstream PR: https://github.com/sosreport/sos/pull/2025 Upstream commit: https://github.com/sosreport/sos/pull/2025/commits/0c4d821e26e1206a0b99f427b572931ba2fd9bb5 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874526 Title: [landscape] Substitute oidc conf in service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1874526/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
