[dev.icinga.com #10640] Respect protected_variables in nested custom variables too

[icinga-migration]

This issue has been migrated from Redmine: https://dev.icinga.com/issues/10640

Created by sbancal on 2015-11-16 09:22:58 +00:00

Assignee: elippmann
Status: Resolved (closed on 2016-02-23 14:45:03 +00:00)
Target Version: 2.2.0
Last Update: 2016-02-23 14:45:03 +00:00 (in Redmine)

---

Hi,

Password hiding mechanism set by the protected_customvars works for 1st level variables, but not 2nd level :

Let's say a host config has this :

vars.mysql["fooo"] = {
mysql_user = "fooo123"
mysql_password = host_mysql_fooo123
mysql_database = "fooo"
}

mysql_password is directly readable on icingaweb2.

If I declare the password this way (which is not possible in our context) :

vars.mysql_password = host_mysql_fooo123

Then the password is substitued with ***** on icingaweb2.

/etc/icingaweb2/config.ini contains :
[security]
protected_customvars = "pw,pass,community"

Versions :
icinga2 2.3.11-1ppa1trusty1
icingaweb2 2.0.0-1~ppa1

Changesets

2016-01-22 17:37:27 +00:00 by aklimov 7bc489b

MonitoredObject: obfuscate custom variables recursively

refs #10640

2016-02-23 09:54:47 +00:00 by elippmann acd2ef7

monitoring: Fix PHPDoc of MonitoredObject::obfuscateCustomVars()

refs #10640

2016-02-23 14:40:27 +00:00 by elippmann bb8478a

Merge branch 'bugfix/passwords-not-hidden-by-icinga-web-2-10640'

fixes #10640

[icinga-migration]

Updated by aklimov on 2016-01-22 17:39:55 +00:00

• Status changed from New to Feedback
• Assigned to set to elippmann

[icinga-migration]

Updated by elippmann on 2016-02-17 16:55:58 +00:00

• Subject changed from Passwords not hidden by Icinga Web 2 to Respect protected_variables in nested custom variables too
• Target Version set to 2.2.0

[icinga-migration]

Updated by elippmann on 2016-02-23 14:45:03 +00:00

• Status changed from Feedback to Resolved
• Done % changed from 0 to 100

Applied in changeset bb8478a.