Control on Log displayed for End users on Service Catalog Persona using Role permissions in History Tab.
(Replace with a quick summary of the idea)
End users today who provision request with Service Catalog persona are having access to too many log information on history tab, sometime it carries Access ID’s, Secrets, Database passwords, and API tokens.
We are looking forward to bring some security gaurdrails on what level of logs an user can see, and what an administrator can see through Standard persona.
A screenshot of a sample logs are added here.
INFO:root:---------
INFO:root:amrvlmordevap01.pfizer.com
INFO:root:---------
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): wpof9kzs48.execute-api.us-east-1.amazonaws.com:443
DEBUG:urllib3.connectionpool:https://wpof9kzs48.execute-api.us-east-1.amazonaws.com:443 “POST /DEV/common/getconfigbykey HTTP/1.1” 200 162
…
DEBUG:urllib3.connectionpool:https://awx-tst.pfizer.com:443 “POST /api/v2/job_templates/31/launch/ HTTP/1.1” 201 3026
INFO:root:Response Code: 201
INFO:root:Job launched successfully.
INFO:root:Response: {‘job’: 197770, ‘ignored_fields’: {}, ‘id’: 197770, ‘type’: ‘job’, ‘url’: ‘/api/v2/jobs/197770/’, ‘related’: {‘created_by’: ‘/api/v2/users/19/’, ‘modified_by’: ‘/api/v2/users/19/’, ‘labels’: ‘/api/v2/jobs/197770/labels/’, ‘inventory’: ‘/api/v2/inventories/15/’, ‘project’: ‘/api/v2/projects/27/’, ‘organization’: ‘/api/v2/organizations/2/’, ‘credentials’: ‘/api/v2/jobs/197770/credentials/’, ‘unified_job_template’: ‘/api/v2/job_templates/31/’, ‘stdout’: ‘/api/v2/jobs/197770/stdout/’, ‘job_events’: ‘/api/v2/jobs/197770/job_events/’, ‘job_host_summaries’: ‘/api/v2/jobs/197770/job_host_summaries/’, ‘activity_stream’: ‘/api/v2/jobs/197770/activity_stream/’, ‘notifications’: ‘/api/v2/jobs/197770/notifications/’, ‘create_schedule’: ‘/api/v2/jobs/197770/create_schedule/’, ‘job_template’: ‘/api/v2/job_templates/31/’, ‘cancel’: ‘/api/v2/jobs/197770/cancel/’, ‘relaunch’: ’