Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_codepipeline should not display oauth token in plaintext #8391

Closed
William-Luo0 opened this issue Apr 20, 2019 · 3 comments
Closed

aws_codepipeline should not display oauth token in plaintext #8391

William-Luo0 opened this issue Apr 20, 2019 · 3 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/codepipeline Issues and PRs that pertain to the codepipeline service.

Comments

@William-Luo0
Copy link

William-Luo0 commented Apr 20, 2019
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.13

  • provider.aws v2.7.0

Affected Resource(s)

  • aws_codepipeline

Terraform Configuration Files

resource "aws_codepipeline" "pipeline" {
  name     = "pipeline"

...

  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"

      owner            = "ThirdParty"
      provider         = "GitHub"
      version          = "1"
      output_artifacts = ["Source"]

      configuration = {
        Owner  = "example"
        Repo   = "example"
        Branch = "master"
        OAuthToken = "${data.aws_ssm_parameter.oauth.value}"
      }
    }
  }

...

  }

Expected Behavior

The OAuthToken should not have been displayed in plaintext when planning or applying. Should have been similar to placing a secret string in parameter store.
stage.0.action.0.configuration.OAuthToken: <sensitive> => <sensitive>
OR
stage.0.action.0.configuration.OAuthToken: "" => <sensitive>

Actual Behavior

New OAuth token was displayed
stage.0.action.0.configuration.OAuthToken: "" => "OAuth2"

Steps to Reproduce

  1. Setup a codepipeline that needs to source from a public or private github repo. Read in the OAuth token from somewhere (e.g. a SecretString from ssm paramter store)

  2. terraform plan or terraform apply
@nywilken nywilken added enhancement Requests to existing resources that expand the functionality or scope. service/codepipeline Issues and PRs that pertain to the codepipeline service. labels Apr 20, 2019
@jukie
Copy link
Contributor

jukie commented Apr 20, 2019
edited
Loading

Not sure how to handle this since it's outside of the top level schema. Anyone have an idea?

@bflad
Copy link
Contributor

bflad commented Jan 11, 2020

Hi folks 👋 This issue appears to be a duplicate of #4768 so to consolidate discussions and efforts, I'm going to close this one in preference of the earlier one. Please upvote and follow #4768 for further updates, thanks.

@bflad bflad closed this as completed Jan 11, 2020
@ghost
Copy link

ghost commented Mar 27, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 27, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/codepipeline Issues and PRs that pertain to the codepipeline service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bflad @nywilken @jukie @William-Luo0