passwords.yml does not have secure defaults
Bug #1559266 reported by
Sam Yaple
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla |
Fix Released
|
Critical
|
Sam Yaple |
Bug Description
The passwords.yml file for ansible containers insecure passwords in the form of "password" or other similar strings.
Passwords should not be defaulted at all, but required to be populated to resolve this security issue.
Changed in kolla: | |
status: | Triaged → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/293728 /git.openstack. org/cgit/ openstack/ kolla/commit/ ?id=f03e06e09bc 486a1a26d5642cc e278d7dbb7bd92
Committed: https:/
Submitter: Jenkins
Branch: master
commit f03e06e09bc486a 1a26d5642cce278 d7dbb7bd92
Author: SamYaple <email address hidden>
Date: Wed Mar 16 21:45:25 2016 +0000
Add generate_ passwords. py to generate passwords
As with all tools, this is a first pass at the generation. Perhaps we
even want to move this into kolla/kolla/cmd and be generated with tox
itself in the future.
This tool, when run, will only populate empty fields that have no
values meaning that it is safe to run repeatedly on the same file.
Of note, there is no way to preserve comments in the file after it has
been processed by the yaml parser in python. Comments and sections
will remain in the passwords.yml template for additional documentation
if the user wishes to populate the file themselves.
Use SystemRandom and clean up the docs a bit to not use pronouns.
Co-Authored-By: Steven Dake <email address hidden>
Closes-Bug: #1559266 f1b7811059206d0 b4d0553a687
Change-Id: I2932d592df8871