Execution plan logging may reveal sensitive information
Bug #1706059 reported by
Gerry Buteau
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Murano |
Fix Released
|
Undecided
|
Gerry Buteau |
Bug Description
Execution plans are logged when received in the murano-agent if debug is enabled. Plans may contain sensitive information (passwords, security tokens, etc...). They should be sanitized before being logged.
Since murano-agent uses oslo_logging, we should use the built-in utility, oslo_utils/
Changed in murano: | |
assignee: | nobody → Gerry Buteau (gerry.buteau) |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/486641
Review: https:/