[Bug 2085607] Re: [sru] Obfuscation issues in sosreport sos 4.7.2

[Mauricio Faria de Oliveira]

Hi Arif,

Thanks for the verification steps.

In the future, please include the version/origin being tested (e.g., apt
policy sosreport), but I trust your setup when you say 'enable
proposed', per previous work experience.

The autopkgtests look good for this SRU, with the exception of what you
clarified in comment 18 to be a transient, infra-related issue that will
be addressed in the next SRUs, so that looks good too.

Thanks again for all your work with soseport!
cheers

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2085607

Title:
  [sru] Obfuscation issues in sosreport sos 4.7.2

Status in sosreport source package in Focal:
  Fix Released
Status in sosreport source package in Jammy:
  Fix Released
Status in sosreport source package in Noble:
  Fix Released
Status in sosreport source package in Oracular:
  Fix Released

Bug description:
  [ Impact ]

  When doing SRU for sos 4.7.2 we encountered obfuscation issues,
  although not a regression at the time, it was still an issue that had
  been present for a while

  So, these passwords would be fully visible to the end support
  personnel and therefore leaked passwords.

  [ Test Plan ]

  1. Deploy a sunbeam simple cloud, and run the sos report, check to see if passwords are obfuscated in configuration file
  2. Deploy heat, and ensure auth_encryption_key is obfuscated in configuration file
  3. Deploy placement, and ensure that both NOVA_API_PASS and PLACEMENT_PASS are obfuscated in configuration file
  4. Deploy mysql and ensure password field is obfuscated in configuration file

  [ Where problems could occur ]

  The corresponding files are not obfuscated, and we need to update the
  patches

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/focal/+source/sosreport/+bug/2085607/+subscriptions