ad7bd9c6f2
There are some special variables that should be only set by nodepool and not on job level [1]. Overriding those could make mitm attacks possible. Fix this by blocking those variables in the job definition and data return. [1] https://docs.ansible.com/ansible/latest/reference_appendices/special_variables.html#connection-variables Story: 2008672 Task: 41964 Change-Id: Ie85fe110c092df7ef816af20356a55426cbebcb2 Co-Authored-By: Tobias Henkel <tobias.henkel@bmw.de>
16 lines
395 B
YAML
16 lines
395 B
YAML
---
|
|
security:
|
|
- |
|
|
The following connection-related variables are no longer allowed
|
|
to be set in job definitions, as they may be used to circumvent
|
|
security measures:
|
|
|
|
* ansible_connection
|
|
* ansible_host
|
|
* ansible_python_interpreter
|
|
* ansible_shell_executable
|
|
* ansible_user
|
|
|
|
They may still be set using the corresponding settings in
|
|
Nodepool.
|