OpenStack Heat

Globally sequential event ID leaks information about cloud provider

Bug #1249159 reported by Clint Byrum
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
High
Pablo Andres Fuente
OpenStack Heat 2014.1 "icehouse"
python-heatclient
Fix Released
High
Pablo Andres Fuente
python-heatclient v0.2.7

Bug Description

If you are using a public Heat you can use the event ID in 'heat event-list' to measure how much activity the service provider has in their heat installation. Thats bad, mmkay.

Pablo Andres Fuente (pablo-a-fuente)
Changed in heat:
assignee: nobody → Pablo Andres Fuente (pablo-a-fuente)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/59719

Changed in heat:
status: Triaged → In Progress
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Adding python-heatclient. We need to make sure it can handle UUIDs and add tests for that before this lands.

Changed in python-heatclient:
status: New → Triaged
importance: Undecided → High
Changed in heat:
milestone: none → icehouse-2
Changed in python-heatclient:
milestone: none → v0.2.7
milestone: v0.2.7 → v0.2.6
Pablo Andres Fuente (pablo-a-fuente)
Changed in python-heatclient:
assignee: nobody → Pablo Andres Fuente (pablo-a-fuente)
Steve Baker (steve-stevebaker)
Changed in python-heatclient:
milestone: v0.2.6 → v0.2.7
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-heatclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/60290

Changed in python-heatclient:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-heatclient (master)

Reviewed: https://review.openstack.org/60290
Committed: http://github.com/openstack/python-heatclient/commit/4a4f9a69e54c84f8de3ae0d83187cd19499e4a40
Submitter: Jenkins
Branch: master

commit 4a4f9a69e54c84f8de3ae0d83187cd19499e4a40
Author: Pablo Andres Fuente <email address hidden>
Date: Thu Dec 5 13:41:04 2013 -0300

    Change ID column of Event table to UUID

    If you are using a public Heat you can use the event ID in
    'heat event-list' to measure how much activity the service provider
    has in their heat installation.

    To avoid this, the Id column of the Event table was changed from
    autoincremental integer to a uuid.

    Added some unit tests in order to ensure that events with integer or
    uuid id pass through the API, since we have a migration which will
    leave behind integer ids.

    Change-Id: I5693937b21acca6a3ddf6074f283a474684be3d2
    Closes-Bug: #1249159

Changed in python-heatclient:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/59719
Committed: http://github.com/openstack/heat/commit/d0da08ce09ba704d3be42f9196f1d7517acb6177
Submitter: Jenkins
Branch: master

commit d0da08ce09ba704d3be42f9196f1d7517acb6177
Author: Pablo Andres Fuente <email address hidden>
Date: Tue Dec 3 10:39:27 2013 -0300

    Change ID column of Event table to UUID

    If you are using a public Heat you can use the event ID in
    'heat event-list' to measure how much activity the service provider
    has in their heat installation.

    To avoid this, the Id column of the Event table was changed from
    autoincremental integer to a uuid.

    Added some unit tests in order to ensure that events with integer or
    uuid id pass through the API, since we have a migration which will
    leave behind integer ids.

    Change-Id: Ib3eddb700738cb3667c72977a9a5011209acd6d7
    Closes-Bug: #1249159

Changed in heat:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in heat:
status: Fix Committed → Fix Released
Steve Baker (steve-stevebaker)
Changed in python-heatclient:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in heat:
milestone: icehouse-2 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.