Merge pull request apache#332 from mrhillsman/credleak

Resolve dockerhub credentials leak

Author: mrhillsman

playbooks/cloud-provider-openstack-acceptance-test-e2e-conformance/run.yaml

@@ -130,8 +130,13 @@
           # NOTE(flaper87): Export these variables
           # before setting -x and -e to avoid leaking
           # sensitive data.
-          export DOCKER_USERNAME={{dockerhub.username}}
-          export DOCKER_PASSWORD={{dockerhub.password}}
+          # NOTE(mrhillsman): Credentials still were leaking
+          # so removing the export unless absolutely needed
+          # and setting the login earlier instead of using Makefile
+          # https://github.com/kubernetes/cloud-provider-openstack/blob/master/Makefile#L255
+          #export DOCKER_USERNAME={{dockerhub.username}}
+          #export DOCKER_PASSWORD={{dockerhub.password}}
+          docker login -u {{dockerhub.username}} -p {{dockerhub.password}}
           export REGISTRY=docker.io/k8scloudprovider
           export VERSION=latest
 
@@ -143,7 +148,16 @@
               exit 0;
           fi
 
-          make upload-images 2>&1 | tee $LOG_DIR/image-build-upload.log
+          make images 2>&1 | tee $LOG_DIR/image-build-upload.log
+
+          docker push $(REGISTRY)/openstack-cloud-controller-manager:$(VERSION) | tee $LOG_DIR/image-build-upload.log
+          docker push $(REGISTRY)/cinder-flex-volume-driver:$(VERSION) | tee $LOG_DIR/image-build-upload.log
+          docker push $(REGISTRY)/cinder-provisioner:$(VERSION) | tee $LOG_DIR/image-build-upload.log
+          docker push $(REGISTRY)/cinder-csi-plugin:$(VERSION) | tee $LOG_DIR/image-build-upload.log
+          docker push $(REGISTRY)/k8s-keystone-auth:$(VERSION) | tee $LOG_DIR/image-build-upload.log
+          docker push $(REGISTRY)/octavia-ingress-controller:$(VERSION) | tee $LOG_DIR/image-build-upload.log
+          docker push $(REGISTRY)/manila-provisioner:$(VERSION) | tee $LOG_DIR/image-build-upload.log
+
         executable: /bin/bash
         chdir: '{{ k8s_os_provider_src_dir }}'
       environment: '{{ global_env }}'

zuul.d/secrets.yaml

@@ -632,13 +632,13 @@
           TFjEpKwbdoTEVhHyJYB90fxeT3TqQ0VXEQ9CXruwGcK0+ob+D9uDixEyfOdzmMLf7TtOC
           4F7k/VkZhnprO91G8xj46ZBNmmOs/8+dDW7g92Xqe1Axrdd5OaAoc7iBA9vvJg=
       password: !encrypted/pkcs1-oaep
-        - D31XJ4yBkgNt3Jz3sWqzdPRxA0WukIEnRh9/0lB0P4DQicRl7Vlz79kJtlQj4Y8ZGJzHE
-          pjwCRls6thayNjBj5dG1Rl2rKBNV+jUihEl0JPxXzfCr6vKD0Z4o3SaLNkyJetaS/NV5d
-          7/leg/8oidblmWsOROLwlekq3rOSjFDnzBMF1PKUACpkth/hIclUUAKFRoYJX4ZszgKVB
-          2UBK77EZarhuvmj3U7TNkGiHSjAz3iHuiADKcq19COaov9FSLf2YEVUBV9O62rS668iLJ
-          FC+iPqddHDNVxcS/Is51tRsfDbnPwwilTK5uwgIghaw8R8XmgoSCLB/h6UFr6swTxPYla
-          77yUNvX19yDFFVRCM5OmfojX7ucDxRtPdzNBJBDihLiZjZ5Zkts/Cy/Sh3VmJMngA2QVw
-          bncDFE9K/AuJjDecf3UqsuBs2OxAfKINGUPPk9OUgM+rdDZeq/yAgpEW4ZIu+cB+7Xl1z
-          mEr/V2fkz6ApMiqdFUDMDLiH06mf3QgVesPYYi720etSFz9qoCiAR+KNnO8NKl5GuXdrM
-          VXf168+ej1oWq9qIdBbyg6S8l7F0O+EthCIWECkJ9buv2XepXaPgZaxhE9ppbtL7N8Oat
-          mkKLXNyIg4aRx0jaxuQcMRVuy9zqfrxowkKQxEk4OLP/htnlJmbkHw9Y3lhtRU=
+        - gBcJsbDNsMhPYNvXdY3T3KYY/liUcEBE0foS6BasPQnbaERVQ6D1fSJlMFbMkkEMwRbp3
+          OBjnwZwed4IQ9WNVtmJHGWXCD/EfmZ4MM86LWZN/8PcJfNN0CSRT98XHLW5LemudvFgIT
+          EjUq1go64+ZvTeGYc87JE9c7M2V2/PMEjiA4GFh1OGcG2JiM/N2UXDkwBmFvUAoDVAJ7B
+          cDVQJXbARIhovEaIOp3Rs/YLd6G2ndofJchGoRpRHH7d0BM8Ep+S2XSa0NL2B0pFakSMM
+          +ylXt4vzGwaKsAiTrT/yrH50OnVTA2qB02Ca143ZbLudTIelsKC/ISdLGz7V4on10kuww
+          mV6eIneApdw69NX6lLz+GC3Fn8StQoJjD8Pccw4TYAqpELPbDlp3zXe/bHXsNGNZAAaa6
+          HJEuFhPWOyfwD9Xv+Pm6mAcP4JgdcXlrqocue6CDV/xFAp20IZv+mLnreYDqlq+GEN5Gd
+          leeJGp4vFVD636c3I6AwkJZGFZgpS1a0UblCBn4xT+yzUc9kvAqdZjwMwmBKnIFyKZvVu
+          je39HPT7L37WBuiPhWUu0Y5V0gfjSgWbauGDSAp749AQzmaweTECxM/jZOt9Nxye++6Mj
+          KPdF0X8oXsFbLXk2Ur2eKhstYZ3nGlKYXew4hslZXVDFsmSypsxJmJGX9GaXIg=