You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the Task "Execute OC command" with Openshift Connection Service, the module uses the kubeconfig placed in the home folder. This is a security risk for several reasons:
. The information is not deleted when the execution ends. This means that the kubeconfig has all the service accounts credentials on it and anyone can create a pipeline to see it.
. If two pipelines starts in parallel the second pipeline overwrites the information causing the first one will be using a wrong connection
. In the previous scenario, one pipeline could starts deploying objects in one cluster and ends in another cluster
The solution could be to use a kubeconfig placed in the same cloned folder (which is exclusive for the execution).
I think the problem is in the file "src/oc-auth.ts" line 135. I'm attaching a screenshot.
Thanks!
D.
The text was updated successfully, but these errors were encountered:
When using the Task "Execute OC command" with Openshift Connection Service, the module uses the kubeconfig placed in the home folder. This is a security risk for several reasons:
. The information is not deleted when the execution ends. This means that the kubeconfig has all the service accounts credentials on it and anyone can create a pipeline to see it.
. If two pipelines starts in parallel the second pipeline overwrites the information causing the first one will be using a wrong connection
. In the previous scenario, one pipeline could starts deploying objects in one cluster and ends in another cluster
The solution could be to use a kubeconfig placed in the same cloned folder (which is exclusive for the execution).
I think the problem is in the file "src/oc-auth.ts" line 135. I'm attaching a screenshot.
Thanks!
D.
The text was updated successfully, but these errors were encountered: