python-keystoneclient

Keystoneclient logs auth tokens

Bug #1287938 reported by Joel Friedly
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-keystoneclient
Fix Released
Medium
Joel Friedly

Bug Description

``keystoneclient/middleware/auth_token.py`` contains a bunch of places where auth tokens are logged out. This could be useful for debugging, but log files are the kinds of things that users often forget to secure. We should make them not contain sensitive data.

Revision history for this message
Joel Friedly (joelfriedly) wrote :

https://review.openstack.org/#/c/74242/

Changed in keystone:
assignee: nobody → Joel Friedly (joelfriedly)
status: New → In Progress
Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → Medium
Revision history for this message
Lance Bragstad (lbragstad) wrote :

Could this be resolved with this patch?

https://review.openstack.org/#/c/99432/

Revision history for this message
Joel Friedly (joelfriedly) wrote :

@ldbragst I originally wrote the ticket and a patch to fix token logging in ``keystoneclient/middleware/auth_token.py``, but this seems to be fixing essentially the same issue in ``keystoneclient/session.py``. (I didn't realize it was present there.)

I actually meant to have this ticket closed by my review, but it looks like you need to have a "Fixes" clause instead of a "Closes-Bug" clause in the commit message to make that work. Let's just say that patch 99432 resolves this bug.

Revision history for this message
Dolph Mathews (dolph) wrote :

Closes-Bug should actually work, but unfortunately the bug was targeted at keystone rather than python-keystoneclient.

affects: keystone → python-keystoneclient
Revision history for this message
Jamie Lennox (jamielennox) wrote :

Fixed by: https://review.openstack.org/#/c/110117/ and released as 0.10.1

Changed in python-keystoneclient:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.