search

vmware / terraform-provider-vcd

Terraform VMware Cloud Director provider
https://www.terraform.io/docs/providers/vcd/
Mozilla Public License 2.0
147 stars 112 forks source link

vcd_cse_kubernetes_cluster: kubeconfig not sensitive variable #1265

Closed langenoja closed 3 months ago

langenoja commented 4 months ago

Hello,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

v1.5.7

vcd v3.12.1

Affected Resource(s)

Terraform Configuration Files

N/A

Debug Output

N/A

Panic Output

N/A

Expected Behavior

  1. Variable kubeconfig is flagged as a sensitive variable and is masked by terraform

Actual Behavior

  1. terraform plan on a cluster to be destroyed output the admin kubeconfig variable

Steps to Reproduce

  1. Rename cluster
  2. Run terraform plan

User Access rights

N/A

Important Factoids

We are running terraform in pipelines in Gitlab so that we don't have to expose our API keys to users (gitops). However, due to this issue, anyone with access to the repository could just make an MR/PR destroying the cluster, run the pipeline which plans the destruction, and obtain the kubeconfig that provides full admin access to it.

References

N/A

adambarreiro commented 4 months ago

Hi @langenoja,

Thanks for reporting, I'll be working on this on #1266

adambarreiro commented 3 months ago

This is now fixed in the mainbranch, ready to go for the next release.

Would you like to try it out, you can clone the repo and build/install the provider with make install.

Feedback would be great 🙂

langenoja commented 3 months ago

Awesome, I'll have to wait until it is in the next release until testing however!