OpenStack Heat

ERROR: 'module' object has no attribute 'a'

Bug #1463929 reported by Jason Dunsmore on 2015-06-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Heat	Fix Released	High	Jason Dunsmore	OpenStack Heat 5.0.0 "liberty"

Bug Description

When encrypt_parameters_and_properties is set to True, the hidden parameters data is initially written to the db encrypted. But the call to db_stack['tags'] on line https://github.com/openstack/heat/blob/master/heat/objects/stack.py#L72 causes unencrypted hidden parameters to be persisted to the database.

To reproduce:

1) Create hello_world.yaml:

heat_template_version: 2013-05-23

description: >
Hello world HOT template that just defines a single server.
Contains just base features to verify base HOT support.

parameters:
  foo:
    type: string
    description: Name of an existing key pair to use for the server
    hidden: true
    default: secret

resources:
  random_key_name:
    type: OS::Heat::RandomString
    properties:
      length: 8

2) Freshen heat db "mysql -e 'drop database heat; create database heat' && /opt/stack/heat/bin/heat-manage db_sync"
3) Set encrypt_parameters_and_properties = True
4) heat stack-create -f hello_world.yaml -P foo=asdf hw1
5) heat stack-list (see traceback)

Jason Dunsmore (jasondunsmore) on 2015-06-10

Changed in heat:
assignee:	nobody → Jason Dunsmore (jasondunsmore)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-10: Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/190334

Changed in heat:
status:	New → In Progress

Steve Baker (steve-stevebaker) on 2015-06-10

Changed in heat:
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-11: Fix merged to heat (master)

Reviewed: https://review.openstack.org/190334
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=e45eca4dc5d74d800145f985e6e2617650398d09
Submitter: Jenkins
Branch: master

commit e45eca4dc5d74d800145f985e6e2617650398d09
Author: Jason Dunsmore <email address hidden>
Date: Wed Jun 10 15:19:45 2015 -0500

Copy environment before decrypting

This is to prevent the decrypted values from being written to the
database.

    Change-Id: Iab8d4d737e3fd839a12d8782367ff0b731f93fe7
    Closes-Bug: #1463929
    Co-Authored-By: Thomas Herve <email address hidden>

Changed in heat:
status:	In Progress → Fix Committed

Thomas Herve (therve) on 2015-06-19

Changed in heat:
milestone:	none → liberty-1

Thierry Carrez (ttx) on 2015-06-24

Changed in heat:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in heat:
milestone:	liberty-1 → 5.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.