code changes to remove sensitive data from log & bootnode..

aws/db/db-create-iam-user.sh

@@ -29,7 +29,7 @@ else
     if [ $? -ne 0 ]; then
         SCRIPT_STATUS=36
     fi
-    log "aws/db/db-create-iam-user.sh: .......... AWS_ACCESS_KEY_ID:DEPLOY_REGION $AWS_ACCESS_KEY_ID : $DEPLOY_REGION"
+    log "aws/db/db-create-iam-user.sh: .......... AWS_ACCESS_KEY_ID:DEPLOY_REGION : $DEPLOY_REGION"
     # on successful completion of db-create-iam-user.sh, create a file
     echo "COMPLETE" > /tmp/iam-user-created
     chmod a+rw /tmp/iam-user-created

aws/deploy.sh

@@ -70,9 +70,9 @@ if [[ -n "$MAS_LICENSE_URL" ]]; then
 else
   log " MAS LICENSE URL file is not available."
 fi
-log "deploy.sh AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
+#log "deploy.sh AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
 if [[ -f "/tmp/iam-user-created" ]]; then
-  log "deploy.sh /tmp/iam-user-created exists; iam user creation skipped AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID..."
+  log "deploy.sh /tmp/iam-user-created exists; iam user creation skipped..."
 else
   ## IAM
   # Create IAM policy
@@ -84,7 +84,7 @@ else
   accessdetails=$(aws iam create-access-key --user-name ${IAM_USER_NAME})
   export AWS_ACCESS_KEY_ID=$(echo $accessdetails | jq '.AccessKey.AccessKeyId' | tr -d "\"")
   export AWS_SECRET_ACCESS_KEY=$(echo $accessdetails | jq '.AccessKey.SecretAccessKey' | tr -d "\"")
-  log " AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID"
+  #log " AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID"
   # on successful user and policy creation, create a file /tmp/iam-user-created
   echo "COMPLETE" > /tmp/iam-user-created
   chmod a+rw /tmp/iam-user-created
@@ -202,6 +202,16 @@ EOT
   cd /tmp
   zip -r $BACKUP_FILE_NAME mas-multicloud/*
   set +e
+
+  # Remove sensitive data from mas-provisioning.log file before uploading it to s3 bucket.
+  cd /tmp/mas-multicloud
+sed -i -e "/"kubeadmin"/d" mas-provisioning.log
+sed -i -e "/pullSecret:/d" mas-provisioning.log
+sed -i -e "/sshKey:/d" mas-provisioning.log
+
+# Remove the license file, pull-secret file, & database certificate file
+rm -rf db.crt entitlement.lic pull-secret.json
+
   aws s3 cp $BACKUP_FILE_NAME $DEPLOYMENT_CONTEXT_UPLOAD_PATH --region $DEPLOY_REGION
   retcode=$?
   if [[ $retcode -ne 0 ]]; then
@@ -432,7 +442,7 @@ if [[ (-z $SLS_URL) || (-z $SLS_REGISTRATION_KEY) || (-z $SLS_PUB_CERT_URL) ]];
       accessdetails=$(aws iam create-access-key --user-name ${IAM_USER_NAME_ROSA})
       AWS_ACCESS_KEY_ID_ROSA=$(echo $accessdetails | jq '.AccessKey.AccessKeyId' | tr -d "\"")
       AWS_SECRET_ACCESS_KEY_ROSA=$(echo $accessdetails | jq '.AccessKey.SecretAccessKey' | tr -d "\"")
-      log " AWS_ACCESS_KEY_ID_ROSA: $AWS_ACCESS_KEY_ID_ROSA"
+      #log " AWS_ACCESS_KEY_ID_ROSA: $AWS_ACCESS_KEY_ID_ROSA"
       # Put some delay for IAM permissions to be applied in the backend
       sleep 60
       oc create secret generic "$SLS_INSTANCE_NAME"-aws-access --from-literal=aws_access_key_id="$AWS_ACCESS_KEY_ID_ROSA" --from-literal=aws_secret_access_key="$AWS_SECRET_ACCESS_KEY_ROSA" -n "$SLS_NAMESPACE"

init.sh

@@ -504,6 +504,15 @@ fi
 # Delete temporary password files
 rm -rf /tmp/*password*
 
+# Remove sensitive data from mas-provisioning.log file before uploading it to s3 bucket.
+cd $GIT_REPO_HOME
+sed -i -e "/"kubeadmin"/d" mas-provisioning.log
+sed -i -e "/pullSecret:/d" mas-provisioning.log
+sed -i -e "/sshKey:/d" mas-provisioning.log
+
+# Remove the license file, pull-secret file, & database certificate file
+rm -rf db.crt entitlement.lic pull-secret.json
+
 # Upload log file to object store
 if [[ $CLUSTER_TYPE == "aws" ]]; then
   # Upload the log file to s3

mongo/docdb/docdb-create-iam-user.sh

@@ -29,7 +29,7 @@ else
     if [ $? -ne 0 ]; then
         SCRIPT_STATUS=36
     fi
-    log "mongo/docdb/docdb-create-iam-user.sh: .......... AWS_ACCESS_KEY_ID:DEPLOY_REGION $AWS_ACCESS_KEY_ID : $DEPLOY_REGION"
+    log "mongo/docdb/docdb-create-iam-user.sh: .......... AWS_ACCESS_KEY_ID:DEPLOY_REGION : $DEPLOY_REGION"
     # on successful completion of docdb-create-iam-user.sh, create a file 
     echo "COMPLETE" > /tmp/iam-user-created
     chmod a+rw /tmp/iam-user-created