Sahara

Swift passwords should use key manager interface

Bug #1431944 reported by Michael McCune on 2015-03-13

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Sahara	Fix Released	High	Michael McCune

Bug Description

Swift passwords are currently stored in the default database. This behavior should be migrated to the key manager interface to allow for storage in an external manager (when enabled).

Tags:

Chad Roberts (croberts) on 2015-03-13

Changed in sahara:
assignee:	nobody → Michael McCune (mimccune)
status:	New → Confirmed

Revision history for this message

Sergey Lukjanov (slukjanov) wrote on 2015-11-18:

This bug is > 180 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.

If the bug is still valid, then update the bug status.

Changed in sahara:
assignee:	Michael McCune (mimccune) → nobody
status:	Confirmed → Incomplete

Revision history for this message

Jeff Feng (jianhua) wrote on 2015-11-18:

do we know is it saved as hash of password in database?
if it's saved in password plaintext format, this bug should be fixed asap.

Revision history for this message

Michael McCune (mimccune) wrote on 2015-11-18:

i am currently working on mitigating this with the new series of improved secret store patches, starting with https://review.openstack.org/#/c/220680/

@Jeff, they are currently stored in plaintext in the database. i am working to incorporate these password into the new castellan based key manager. if you would like to coordinate and help out, please let me know and we can discuss the patch i am working on.

Changed in sahara:
assignee:	nobody → Michael McCune (mimccune)

Michael McCune (mimccune) on 2015-11-18

Changed in sahara:
importance:	Undecided → High

Vitalii Gridnev (vgridnev) on 2015-11-18

Changed in sahara:
status:	Incomplete → Triaged

OpenStack Infra (hudson-openstack) on 2015-11-20

Changed in sahara:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-12-23: Fix merged to sahara (master)

Reviewed: https://review.openstack.org/220680
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=d148dd4d551d7635b1015e868ceb54933c78acb1
Submitter: Jenkins
Branch: master

commit d148dd4d551d7635b1015e868ceb54933c78acb1
Author: Michael McCune <email address hidden>
Date: Thu May 7 11:48:51 2015 -0400

Initial key manager implementation

This change adds the sahara key manager and converts the proxy passwords
and swift passwords to use the castellan interface.

    * adding sahara key manager
    * adding castellan to requirements
    * removing barbicanclient from requirements
    * removing sahara.utils.keymgr and related tests
    * adding castellan wrapper configs to sahara list_opts
    * creating a castellan validate_config to help setup
    * updating documentation for castellan usage
    * fixing up tests to work with castellan
    * converting all proxy password usages to use castellan
    * converting job binaries to use castellan when user credentials are
      applied
    * converting data source to use castellan when user credentials are
      applied

    Change-Id: I8cb08a365c6175744970b1037501792fe1ddb0c7
    Partial-Implements: blueprint improved-secret-storage
    Closes-Bug: #1431944

Changed in sahara:
status:	In Progress → Fix Released

Revision history for this message

Thierry Carrez (ttx) wrote on 2016-01-21: Fix included in openstack/sahara 4.0.0.0b2

This issue was fixed in the openstack/sahara 4.0.0.0b2 development milestone.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.