Cinder

When start cinder volume service, replication remote device sensitive information print in cinder volume log

Bug #1617534 reported by huanan on 2016-08-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	Fix Released	Undecided	huanan

Bug Description

In cinder.conf replication_device may contains replication remote device password,and in cinder.volume.driver.py secret is not set true for replication_device, So when start cinder volume service,replication remote device sensitive information will print in cinder volume log, it will cause some security problems.

    cfg.MultiOpt('replication_device',
          item_type=types.Dict(),
          help="Multi opt of dictionaries to represent a replication "
             "target device. This option may be specified multiple "
              "times in a single config section to specify multiple "
             "replication target devices. Each entry takes the "
             "standard dict config form: replication_device = "
             "target_device_id:<required>,"
             "key1:value1,key2:value2...")

See original description

Tags:

huanan (huanan) on 2016-08-27

Changed in cinder:
assignee:	nobody → huanan (huanan)
status:	New → In Progress

huanan (huanan) on 2016-08-27

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-29: Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/362031

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-05: Fix merged to cinder (master)

Reviewed: https://review.openstack.org/362031
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=033284a419e4c6d550e253de2a88a50aaac4922e
Submitter: Jenkins
Branch: master

commit 033284a419e4c6d550e253de2a88a50aaac4922e
Author: huananhuawei <email address hidden>
Date: Mon Aug 29 19:29:04 2016 +0800

Fix the password print in cinder-volume.log issue

    In cinder.conf replication_device may contains replication
    remote device password,and in cinder.volume.driver secret
    is not set 'true' for replication_device, So when start cinder
    volume service,replication remote device sensitive information
    will print in cinder volume log, it will cause some security
    problems.

This commit fixes that by setting secret=true for replication_device
in cinder.volume.driver.

Change-Id: I710b557768ca3df0303d70b43b3c74247eed6b24
Closes-Bug: #1617534

Changed in cinder:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-07: Fix proposed to cinder (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/366456

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-13: Fix merged to cinder (stable/mitaka)

Reviewed: https://review.openstack.org/366456
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=3a589db7132e5372c3d8cf563d56b7b3a09b0a9f
Submitter: Jenkins
Branch: stable/mitaka

commit 3a589db7132e5372c3d8cf563d56b7b3a09b0a9f
Author: huananhuawei <email address hidden>
Date: Mon Aug 29 19:29:04 2016 +0800

Fix the password print in cinder-volume.log issue

This commit fixes that by setting secret=true for replication_device
in cinder.volume.driver.

    Change-Id: I710b557768ca3df0303d70b43b3c74247eed6b24
    Closes-Bug: #1617534
    (cherry picked from commit 033284a419e4c6d550e253de2a88a50aaac4922e)