[Automate] Collect Hash with password field


#1

I am trying to collect a Hash with a password inside. I have created an instance in /System/Request called TestCollect. It has a single relationship pointing to /Test/Collect/Default that is an instance of the /Test/Collect class. This class is quite simple:

  • rel: a relationship that collects a variable named cfg
  • meth: a method that logs $evm.object["cfg"].inspect

The relationship points to /Collect/Cfg/Default that is an instance of the class /Collect/Cfg. The class is also pretty simple as it contains olny attributes.

Now I have some issues when the /Collect/Cfg class has attributes of type “Password”.
I have done a few tests and had different results:

/Collect/Cfg has only one attribute of type “String”. The collect is right and returns the string:

[----] I, [2015-06-25T12:27:21.056955 #6572:c1fe94]  INFO -- : Instantiating [/SYSTEM/PROCESS/Request?MiqServer%3A%3Amiq_server=1&User%3A%3Auser=1&VmOrTemplate%3A%3Avm=8&object_name=Request&request=TestCollect&vmdb_object_type=vm#create]
[----] I, [2015-06-25T12:27:21.185739 #6572:c1fe94]  INFO -- : Updated namespace [/SYSTEM/PROCESS/Request?MiqServer%3A%3Amiq_server=1&User%3A%3Auser=1&VmOrTemplate%3A%3Avm=8&object_name=Request&request=TestCollect&vmdb_object_type=vm#create  ManageIQ/SYSTEM]
[----] I, [2015-06-25T12:27:21.397075 #6572:c1fe94]  INFO -- : Updated namespace [SYSTEM/PROCESS/parse_provider_category  ManageIQ/SYSTEM]
[----] I, [2015-06-25T12:27:21.400729 #6572:c1fe94]  INFO -- : Invoking [inline] method [/ManageIQ/System/Process/parse_provider_category] with inputs [{}]
[----] I, [2015-06-25T12:27:21.401514 #6572:c1fe94]  INFO -- : <AEMethod [/ManageIQ/System/Process/parse_provider_category]> Starting 
[----] I, [2015-06-25T12:27:21.708896 #6572:51aa6a8]  INFO -- : <AEMethod parse_provider_category> Parse Provider Category Key: "vm"  Value: infrastructure
[----] I, [2015-06-25T12:27:21.714969 #6572:c1fe94]  INFO -- : <AEMethod [/ManageIQ/System/Process/parse_provider_category]> Ending
[----] I, [2015-06-25T12:27:21.715070 #6572:c1fe94]  INFO -- : Method exited with rc=MIQ_OK
[----] I, [2015-06-25T12:27:21.715834 #6572:c1fe94]  INFO -- : Following Relationship [miqaedb:/System/Request/TestCollect#create]
[----] I, [2015-06-25T12:27:21.725107 #6572:c1fe94]  INFO -- : Updated namespace [miqaedb:/System/Request/TestCollect#create  Custom/System]
[----] I, [2015-06-25T12:27:21.751889 #6572:c1fe94]  INFO -- : Following Relationship [miqaedb:/Test/Collect/Default#create]
[----] I, [2015-06-25T12:27:21.756517 #6572:c1fe94]  INFO -- : Updated namespace [miqaedb:/Test/Collect/Default#create  Custom/Test]
[----] I, [2015-06-25T12:27:21.762552 #6572:c1fe94]  INFO -- : Following Relationship [miqaedb:/Collect/Cfg/Default#create]
[----] I, [2015-06-25T12:27:21.769961 #6572:c1fe94]  INFO -- : Followed  Relationship [miqaedb:/Collect//CfgDefault#create]
[----] I, [2015-06-25T12:27:21.771811 #6572:c1fe94]  INFO -- : Updated namespace [Test/Collect/print_cfg  Custom/Test]
[----] I, [2015-06-25T12:27:21.774320 #6572:c1fe94]  INFO -- : Invoking [inline] method [/Custom/Test/Collect/print_cfg] with inputs [{}]
[----] I, [2015-06-25T12:27:21.774885 #6572:c1fe94]  INFO -- : <AEMethod [/Custom/Test/Collect/print_cfg]> Starting 
[----] I, [2015-06-25T12:27:21.990046 #6572:4f4e8dc]  INFO -- : <AEMethod print_cfg> CONFIG = "secret"
[----] I, [2015-06-25T12:27:21.995798 #6572:c1fe94]  INFO -- : <AEMethod [/Custom/Test/Collect/print_cfg]> Ending
[----] I, [2015-06-25T12:27:21.995920 #6572:c1fe94]  INFO -- : Method exited with rc=MIQ_OK
[----] I, [2015-06-25T12:27:21.996259 #6572:c1fe94]  INFO -- : Followed  Relationship [miqaedb:/Test/Collect/Default#create]
[----] I, [2015-06-25T12:27:21.996578 #6572:c1fe94]  INFO -- : Followed  Relationship [miqaedb:/System/Request/TestCollect#create]

When I change the attribute type to “Password”, I collect an obfuscated value:

[----] I, [2015-06-25T12:28:53.586870 #6575:333e98]  INFO -- : Instantiating [/SYSTEM/PROCESS/Request?MiqServer%3A%3Amiq_server=1&User%3A%3Auser=1&VmOrTemplate%3A%3Avm=8&object_name=Request&request=TestCollect&vmdb_object_type=vm#create]
[----] I, [2015-06-25T12:28:53.597888 #6575:333e98]  INFO -- : Updated namespace [/SYSTEM/PROCESS/Request?MiqServer%3A%3Amiq_server=1&User%3A%3Auser=1&VmOrTemplate%3A%3Avm=8&object_name=Request&request=TestCollect&vmdb_object_type=vm#create  ManageIQ/SYSTEM]
[----] I, [2015-06-25T12:28:53.636188 #6575:333e98]  INFO -- : Updated namespace [SYSTEM/PROCESS/parse_provider_category  ManageIQ/SYSTEM]
[----] I, [2015-06-25T12:28:53.638915 #6575:333e98]  INFO -- : Invoking [inline] method [/ManageIQ/System/Process/parse_provider_category] with inputs [{}]
[----] I, [2015-06-25T12:28:53.639589 #6575:333e98]  INFO -- : <AEMethod [/ManageIQ/System/Process/parse_provider_category]> Starting 
[----] I, [2015-06-25T12:28:53.862086 #6575:43347cc]  INFO -- : <AEMethod parse_provider_category> Parse Provider Category Key: "vm"  Value: infrastructure
[----] I, [2015-06-25T12:28:53.868465 #6575:333e98]  INFO -- : <AEMethod [/ManageIQ/System/Process/parse_provider_category]> Ending
[----] I, [2015-06-25T12:28:53.868576 #6575:333e98]  INFO -- : Method exited with rc=MIQ_OK
[----] I, [2015-06-25T12:28:53.869261 #6575:333e98]  INFO -- : Following Relationship [miqaedb:/System/Request/TestCollect#create]
[----] I, [2015-06-25T12:28:53.878381 #6575:333e98]  INFO -- : Updated namespace [miqaedb:/System/Request/TestCollect#create  Custom/System]
[----] I, [2015-06-25T12:28:53.906516 #6575:333e98]  INFO -- : Following Relationship [miqaedb:/Test/Collect/Default#create]
[----] I, [2015-06-25T12:28:53.911630 #6575:333e98]  INFO -- : Updated namespace [miqaedb:/Test/Collect/Default#create  Custom/Test]
[----] I, [2015-06-25T12:28:53.917768 #6575:333e98]  INFO -- : Following Relationship [miqaedb:/Collect/Cfg/Default#create]
[----] I, [2015-06-25T12:28:53.926353 #6575:333e98]  INFO -- : Followed  Relationship [miqaedb:/Collect/Cfg/Default#create]
[----] I, [2015-06-25T12:28:53.928517 #6575:333e98]  INFO -- : Updated namespace [Test/Collect/print_cfg  Custom/Test]
[----] I, [2015-06-25T12:28:53.931086 #6575:333e98]  INFO -- : Invoking [inline] method [/Custom/Test/Collect/print_cfg] with inputs [{}]
[----] I, [2015-06-25T12:28:53.931627 #6575:333e98]  INFO -- : <AEMethod [/Custom/Test/Collect/print_cfg]> Starting 
[----] I, [2015-06-25T12:28:54.150030 #6575:45cd038]  INFO -- : <AEMethod print_cfg> CONFIG = "********"
[----] I, [2015-06-25T12:28:54.156192 #6575:333e98]  INFO -- : <AEMethod [/Custom/Test/Collect/print_cfg]> Ending
[----] I, [2015-06-25T12:28:54.156288 #6575:333e98]  INFO -- : Method exited with rc=MIQ_OK
[----] I, [2015-06-25T12:28:54.156581 #6575:333e98]  INFO -- : Followed  Relationship [miqaedb:/Test/Collect/Default#create]
[----] I, [2015-06-25T12:28:54.156918 #6575:333e98]  INFO -- : Followed  Relationship [miqaedb:/System/Request/TestCollect#create]

Then I modified the /Collect/Cfg class to add an attribute named user and of type “String”. In the collect of /Test/Collect class, I have changed to a Hash cfg = {:user => user, :password => password} to gather all information in one variable. When both fields are of type “String”, it works great:

[----] I, [2015-06-25T12:39:52.569751 #6575:333e98]  INFO -- : Instantiating [/SYSTEM/PROCESS/Request?MiqServer%3A%3Amiq_server=1&User%3A%3Auser=1&VmOrTemplate%3A%3Avm=8&object_name=Request&request=TestCollect&vmdb_object_type=vm#create]
[----] I, [2015-06-25T12:39:52.578358 #6575:333e98]  INFO -- : Updated namespace [/SYSTEM/PROCESS/Request?MiqServer%3A%3Amiq_server=1&User%3A%3Auser=1&VmOrTemplate%3A%3Avm=8&object_name=Request&request=TestCollect&vmdb_object_type=vm#create  ManageIQ/SYSTEM]
[----] I, [2015-06-25T12:39:52.613003 #6575:333e98]  INFO -- : Updated namespace [SYSTEM/PROCESS/parse_provider_category  ManageIQ/SYSTEM]
[----] I, [2015-06-25T12:39:52.615994 #6575:333e98]  INFO -- : Invoking [inline] method [/ManageIQ/System/Process/parse_provider_category] with inputs [{}]
[----] I, [2015-06-25T12:39:52.616531 #6575:333e98]  INFO -- : <AEMethod [/ManageIQ/System/Process/parse_provider_category]> Starting 
[----] I, [2015-06-25T12:39:52.845653 #6575:4871ce4]  INFO -- : <AEMethod parse_provider_category> Parse Provider Category Key: "vm"  Value: infrastructure
[----] I, [2015-06-25T12:39:52.852192 #6575:333e98]  INFO -- : <AEMethod [/ManageIQ/System/Process/parse_provider_category]> Ending
[----] I, [2015-06-25T12:39:52.852282 #6575:333e98]  INFO -- : Method exited with rc=MIQ_OK
[----] I, [2015-06-25T12:39:52.852854 #6575:333e98]  INFO -- : Following Relationship [miqaedb:/System/Request/TestCollect#create]
[----] I, [2015-06-25T12:39:52.861561 #6575:333e98]  INFO -- : Updated namespace [miqaedb:/System/Request/TestCollect#create  Custom/System]
[----] I, [2015-06-25T12:39:52.991977 #6575:333e98]  INFO -- : Following Relationship [miqaedb:/Test/Collect/Default#create]
[----] I, [2015-06-25T12:39:52.997642 #6575:333e98]  INFO -- : Updated namespace [miqaedb:/Test/Collect/Default#create  Custom/Test]
[----] I, [2015-06-25T12:39:53.004179 #6575:333e98]  INFO -- : Following Relationship [miqaedb:/Collect/Cfg/Default#create]
[----] I, [2015-06-25T12:39:53.012704 #6575:333e98]  INFO -- : Followed  Relationship [miqaedb:/Collect/Cfg/Default#create]
[----] I, [2015-06-25T12:39:53.014811 #6575:333e98]  INFO -- : Updated namespace [Test/Collect/print_cfg  Custom/Test]
[----] I, [2015-06-25T12:39:53.017260 #6575:333e98]  INFO -- : Invoking [inline] method [/Custom/Test/Collect/print_cfg] with inputs [{}]
[----] I, [2015-06-25T12:39:53.017882 #6575:333e98]  INFO -- : <AEMethod [/Custom/Test/Collect/print_cfg]> Starting 
[----] I, [2015-06-25T12:39:53.231613 #6575:41c0f80]  INFO -- : <AEMethod print_cfg> CONFIG = {:user=>"bob", :password=>"secret"}
[----] I, [2015-06-25T12:39:53.238494 #6575:333e98]  INFO -- : <AEMethod [/Custom/Test/Collect/print_cfg]> Ending
[----] I, [2015-06-25T12:39:53.238636 #6575:333e98]  INFO -- : Method exited with rc=MIQ_OK
[----] I, [2015-06-25T12:39:53.238980 #6575:333e98]  INFO -- : Followed  Relationship [miqaedb:/Test/Collect/Default#create]
[----] I, [2015-06-25T12:39:53.239278 #6575:333e98]  INFO -- : Followed  Relationship [miqaedb:/System/Request/TestCollect#create]

And the bad thing happens when I change the password attribute type to “Password”. This type, I get a DRb::DRbUnknown object with my data strangely formatted:

[----] I, [2015-06-25T12:38:41.103474 #6575:333e98]  INFO -- : Instantiating [/SYSTEM/PROCESS/Request?MiqServer%3A%3Amiq_server=1&User%3A%3Auser=1&VmOrTemplate%3A%3Avm=8&object_name=Request&request=TestCollect&vmdb_object_type=vm#create]
[----] I, [2015-06-25T12:38:41.114667 #6575:333e98]  INFO -- : Updated namespace [/SYSTEM/PROCESS/Request?MiqServer%3A%3Amiq_server=1&User%3A%3Auser=1&VmOrTemplate%3A%3Avm=8&object_name=Request&request=TestCollect&vmdb_object_type=vm#create  ManageIQ/SYSTEM]
[----] I, [2015-06-25T12:38:41.285027 #6575:333e98]  INFO -- : Updated namespace [SYSTEM/PROCESS/parse_provider_category  ManageIQ/SYSTEM]
[----] I, [2015-06-25T12:38:41.288720 #6575:333e98]  INFO -- : Invoking [inline] method [/ManageIQ/System/Process/parse_provider_category] with inputs [{}]
[----] I, [2015-06-25T12:38:41.289439 #6575:333e98]  INFO -- : <AEMethod [/ManageIQ/System/Process/parse_provider_category]> Starting 
[----] I, [2015-06-25T12:38:41.542285 #6575:2cef19c]  INFO -- : <AEMethod parse_provider_category> Parse Provider Category Key: "vm"  Value: infrastructure
[----] I, [2015-06-25T12:38:41.549183 #6575:333e98]  INFO -- : <AEMethod [/ManageIQ/System/Process/parse_provider_category]> Ending
[----] I, [2015-06-25T12:38:41.549332 #6575:333e98]  INFO -- : Method exited with rc=MIQ_OK
[----] I, [2015-06-25T12:38:41.550382 #6575:333e98]  INFO -- : Following Relationship [miqaedb:/System/Request/TestCollect#create]
[----] I, [2015-06-25T12:38:41.562533 #6575:333e98]  INFO -- : Updated namespace [miqaedb:/System/Request/TestCollect#create  Custom/System]
[----] I, [2015-06-25T12:38:41.597911 #6575:333e98]  INFO -- : Following Relationship [miqaedb:/Test/Collect/Default#create]
[----] I, [2015-06-25T12:38:41.603717 #6575:333e98]  INFO -- : Updated namespace [miqaedb:/Test/Collect/Default#create  Custom/Test]
[----] I, [2015-06-25T12:38:41.610305 #6575:333e98]  INFO -- : Following Relationship [miqaedb:/Collect/Cfg/Default#create]
[----] I, [2015-06-25T12:38:41.618976 #6575:333e98]  INFO -- : Followed  Relationship [miqaedb:/Collect/Cfg/Default#create]
[----] I, [2015-06-25T12:38:41.620968 #6575:333e98]  INFO -- : Updated namespace [Test/Collect/print_cfg  Custom/Test]
[----] I, [2015-06-25T12:38:41.623760 #6575:333e98]  INFO -- : Invoking [inline] method [/Custom/Test/Collect/print_cfg] with inputs [{}]
[----] I, [2015-06-25T12:38:41.624259 #6575:333e98]  INFO -- : <AEMethod [/Custom/Test/Collect/print_cfg]> Starting 
[----] I, [2015-06-25T12:38:41.859034 #6575:436f174]  INFO -- : <AEMethod print_cfg> CONFIG = #<DRb::DRbUnknown:0x000000012891b8 @name="MiqAePassword", @buf="\x04\b{\a:\tuserI\"\bbob\x06:\x06ET:\rpasswordo:\x12MiqAePassword\x06:\f@encStrI\"\"v2:{iRAuzpL0VYj80SKeXmwYkQ==}\x06;\x06T">
[----] I, [2015-06-25T12:38:41.865705 #6575:333e98]  INFO -- : <AEMethod [/Custom/Test/Collect/print_cfg]> Ending
[----] I, [2015-06-25T12:38:41.865802 #6575:333e98]  INFO -- : Method exited with rc=MIQ_OK
[----] I, [2015-06-25T12:38:41.866197 #6575:333e98]  INFO -- : Followed  Relationship [miqaedb:/Test/Collect/Default#create]
[----] I, [2015-06-25T12:38:41.866506 #6575:333e98]  INFO -- : Followed  Relationship [miqaedb:/System/Request/TestCollect#create]

So help appreciated to figure out where I am messing.


Decrypting Dialog Fields
#2

Hi fdupont,

Thanks so much for bringing that issue to our attention.

I setup the collect test as you described and am getting the same results.
I’ll open a ticket on the issue and will let you know as soon as we have it fixed.

Regards,
Tina


#3

If you open a BZ, can you post the link here, please ?


#4

Sure, here it is:
https://bugzilla.redhat.com/show_bug.cgi?id=1237173


#5

Hi fdupont,

Since password fields require special handling in automate, they cannot be stored in a collect hash.

The password decryption method requires the password object attribute_name as its argument as shown below:

To decrypt from the current object:
$evm.current.decrypt(<attribute_name>)

To decrypt from the root object:
$evm.root.decrypt(<attribute_name>)

The method validates the <attribute_name> is a “password” datatype before any decryption can be done.

The decrypt is always in context of the object being processed.

You can still use collect for the password and other fields.

The collect field contents used to collect a single password field:
password = password

The collect field contents used to collect multiple attributes:
'password = password; user = user; some_field = some_field’

The collect field contents used to collect multiple attributes, changing the attribute names:
‘cfg_password = password; cfg_user = user; cfg_some_field = some_field’

While the “DRbUnknown” automation.log message looks very odd, it is not an error, and we plan to fix that going forward.

Please let me know if you have any questions.

Regards,
Tina


#6

Thanks @tinaafitz. Works great, but requires a bit more lines of code :wink: