encrypted_param_names should be internal only data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Heat |
Fix Released
|
Medium
|
Steven Hardy |
Bug Description
Currently we store encrypted_
Also, it means we pass it from parent to nested stacks (which is wrong, because it's derived from the parent parameters tagged as hidden), and any remote stacks.
Instead we should only store it and access it internally - anything which is passed to/via a user-facing (or RPC) API should only use the user-allowed environment keys.
Long term we may want to consider storing it somewhere else, but for now we just need to decouple "user_env" from the entire env as stored in the DB.
Changed in heat: | |
assignee: | nobody → Steven Hardy (shardy) |
status: | New → Triaged |
milestone: | none → newton-2 |
Changed in heat: | |
importance: | Undecided → Medium |
Fix proposed to branch: master /review. openstack. org/327275
Review: https:/