RFE: block_device_info dict should have a password key rather than clear password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Matt Riedemann | ||
oslo.versionedobjects |
Fix Released
|
Medium
|
Matt Riedemann |
Bug Description
See bug 1319943 and the related patch https:/
That bug and patch are masking the password when logged in the immediate known locations, but this could continue to crop up so we should change the design such that the block_device_info dict doesn't contain the password but rather a key to a store that nova can retrieve the password for use.
Comment from Daniel Berrange in the patch above:
"Long term I think we need to figure out a way to remove the passwords from any data dicts we pass around. Ideally the block device info would merely contain something like a UUID to identify a password, which Nova could use to fetch the actual password from a secure password manager service at time of use. Thus we wouldn't have to worry about random objects/dicts containing actual passwords. Obviously this isn't something we can do now, but could you file an RFE to address this from a design POV, because masking passwords at time of logging call is not really a viable long term strategy IMHO."
Changed in nova: | |
status: | New → Confirmed |
importance: | Undecided → Wishlist |
no longer affects: | nova/icehouse |
Changed in oslo.versionedobjects: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Matt Riedemann (mriedem) |
Changed in oslo.versionedobjects: | |
milestone: | none → 1.1.0 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
importance: | Wishlist → Medium |
assignee: | nobody → Matt Riedemann (mriedem) |
tags: | added: unified-objects |
Ideally we'd turn connection_info into a nova object and it would have a __repr__ method that would mask the values by default. Then we could use the ConnectionInfo object in the BlockDeviceMapping object and we wouldn't have to worry about this when things get logged.