Cinder

Pure volume drivers don't verify https requests

Bug #1546655 reported by Patrick East
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
Undecided
Patrick East

Bug Description

As-is the Pure volume drivers do not have any way to verify https requests being sent to the FlashArray for management API calls. This means that a deployer has no way to secure that connection and know it is actually utilizing trusted https requests.

Newer versions of the purestorage python module support for specifying to verify the requests and an optional ssl cert path. This could be utilized to solve this.

Patrick East (patrick-east)
Changed in cinder:
assignee: nobody → Patrick East (patrick-east)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/281625

Changed in cinder:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/281625
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=615cc81051164c8e53c4237a28563264d1edc768
Submitter: Jenkins
Branch: master

commit 615cc81051164c8e53c4237a28563264d1edc768
Author: Patrick East <email address hidden>
Date: Tue Feb 16 20:38:22 2016 -0800

    Allow for Pure drivers to verify HTTPS requests

    This pipes in the config options (driver_ssl_cert_verify and
    driver_ssl_cert_path) for verifying https requests to the
    purestorage python module. This will allow for the underlying https
    management API requests to the array to be verified.

    To use this feature a newer (>1.4.0) version of the pure storage python
    module will be required.

    DocImpact: Need to update Pure Storage Volume Driver config reference
    to mention that it can use the new config options and the python module
    version requirements that go along with it.

    Change-Id: Id4d73e76ec64e4ac00291ed9b7377c47e40bc551
    Closes-Bug: #1546655

Changed in cinder:
status: In Progress → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/cinder 8.0.0.0rc1

This issue was fixed in the openstack/cinder 8.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.