Cinder

key manager is insecure warning messages

Bug #1236459 reported by Dan Prince
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
High
Dan Prince
Cinder 2014.1 "icehouse"

Bug Description

In ae6b7642e8d32ef5fa75cdcfe55be23c052fd547 we added a key manager with a static key.

This key manager (enabled by default) repeated logs the following WARNING message to the Cinder api.log file:

2013-10-07 15:10:17.714 553 WARNING cinder.keymgr.conf_key_mgr [-] This key manager is insecure and is not recommended for production deployments

-----

There are actually two issues here. Logging tons of warning messages by default is not ideal... and should be avoided, especially since at this time there is no "production ready" key manager implementation which an end user could configure.

Dan Prince (dan-prince)
Changed in cinder:
assignee: nobody → Dan Prince (dan-prince)
status: New → In Progress
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/50134

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/50134
Committed: http://github.com/openstack/cinder/commit/5c321d758c9718d7dde555316ac4fbd2f7acf424
Submitter: Jenkins
Branch: master

commit 5c321d758c9718d7dde555316ac4fbd2f7acf424
Author: Dan Prince <email address hidden>
Date: Mon Oct 7 12:41:28 2013 -0400

    Drop conf_key_mgr warning message!

    By default ConfKeyManager logs tons of WARNING message stating
    that it isn't production ready...

    Given that it is currently the only Cinder key manager option
    which can be used/selected I don't think repeatedly logging
    warnings is helpful. Lets just drop the warning message
    for now and when a good "production ready" cinder key manager
    implementation is implemented perhaps we can re-add a warning to
    this class (hopefully making the production ready impl the default).

    Change-Id: Id1fdddc20a963f9fa4749ad57f355cd83d0e14e3
    Closes-Bug: #1236459

Changed in cinder:
status: In Progress → Fix Committed
Revision history for this message
Heiko Krämer (foexle) wrote :

This bug is not committed in the cloud-archive repos and still present

Thierry Carrez (ttx)
Changed in cinder:
milestone: none → icehouse-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in cinder:
milestone: icehouse-1 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.