Skip to content

Mark auth_client_secret variables as sensitive in terraform#4736

Merged
marrobi merged 13 commits into
mainfrom
jc-wk/handle-error-log-secrets
Nov 20, 2025
Merged

Mark auth_client_secret variables as sensitive in terraform#4736
marrobi merged 13 commits into
mainfrom
jc-wk/handle-error-log-secrets

Conversation

@JC-wk

@JC-wk JC-wk commented Oct 28, 2025
edited
Loading

Copy link
Copy Markdown
Collaborator

Resolves #4735

What is being addressed

auth_client_secret leaks in log files if a deployment fails

How is this addressed

  • Mark variable as sensitive in terraform
  • Updated CHANGELOG.md
  • Increment template versions
  • Added sensitive var test

@github-actions

github-actions Bot commented Oct 28, 2025
edited
Loading

Copy link
Copy Markdown

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 87e5327.

♻️ This comment has been updated with latest results.

@JC-wk

JC-wk commented Oct 28, 2025
edited
Loading

Copy link
Copy Markdown
Collaborator Author

@marrobi I created a test which works locally but it doesn't seem like it's able to see the templates directory as it's current directory is api/. in the GitHub pipeline.
I can remove the test from the PR and create a separate issue if you think that is better to get this one merged sooner?
Happy to take suggestions on what to do with the testing.

@marrobi

marrobi commented Oct 28, 2025

Copy link
Copy Markdown
Member

@marrobi I created a test which works locally but it doesn't seem like it's able to see the templates directory as it's current directory is api/. in the GitHub pipeline. I can remove the test from the PR and create a separate issue if you think that is better to get this one merged sooner? Happy to take suggestions on what to do with the testing.

It shoudl probably be called as part of: https://github.com/marrobi/AzureTRE/blob/e009b2497eb106d08018c86b86bbb0d5bf0d6831/Makefile#L253C1-L262

I'm happy with a templates/tests directory and tests get executed prior to bundle build.

@tamirkamara @jonnyry thoughts?

@JC-wk JC-wk mentioned this pull request Oct 28, 2025
Open
@JC-wk

JC-wk commented Oct 28, 2025

Copy link
Copy Markdown
Collaborator Author

I removed the test and created #4737 to allow discussion @marrobi @tamirkamara @jonnyry so this one can get sorted more quickly.

@JC-wk JC-wk marked this pull request as ready for review October 28, 2025 15:53
@JC-wk JC-wk requested a review from a team as a code owner October 28, 2025 15:53
marrobi
marrobi approved these changes Nov 7, 2025
View reviewed changes

@marrobi marrobi left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marrobi

marrobi commented Nov 7, 2025

Copy link
Copy Markdown
Member

/test-extended

@github-actions

github-actions Bot commented Nov 7, 2025

Copy link
Copy Markdown

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/19171576697 (with refid 2e041005)

(in response to this comment from @marrobi)

@marrobi

marrobi commented Nov 18, 2025

Copy link
Copy Markdown
Member

/test 06785b2

@github-actions

github-actions Bot commented Nov 18, 2025

Copy link
Copy Markdown

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/19466866239 (with refid 2e041005)

(in response to this comment from @marrobi)

@marrobi

marrobi commented Nov 20, 2025

Copy link
Copy Markdown
Member

/test-force-approve 87e5327

Passed: https://github.com/microsoft/AzureTRE/actions/runs/19466866239

@marrobi marrobi enabled auto-merge (squash) November 20, 2025 10:45
@github-actions

github-actions Bot commented Nov 20, 2025

Copy link
Copy Markdown

🤖 pr-bot 🤖

✅ Marking tests as complete (for commit 87e5327)

(in response to this comment from @marrobi)

@marrobi marrobi merged commit 1b205df into main Nov 20, 2025
13 checks passed
@marrobi marrobi deleted the jc-wk/handle-error-log-secrets branch November 20, 2025 10:45
JC-wk added a commit to JC-wk/AzureTRE that referenced this pull request Nov 21, 2025
@JC-wk
update changelog to move microsoft#4736 to 0.27.0
26e6832
@JC-wk JC-wk mentioned this pull request Nov 21, 2025
Merged
marrobi added a commit that referenced this pull request Nov 24, 2025
@JC-wk @marrobi
update changelog to move #4736 to 0.27.0 (#4765)
2cf6710 
Co-authored-by: Marcus Robinson <marrobi@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonnyry jonnyry jonnyry approved these changes

@marrobi marrobi marrobi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

auth_client_secret leaks in log files if a deployment fails

3 participants

@JC-wk @marrobi @jonnyry