Keystone admin password leaked via logs
Bug #1634937 reported by
Paul Bourke
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
networking-arista |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Within networking_
cmds and log_cmds are then passed through _run_openstack_
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/388747 /git.openstack. org/cgit/ openstack/ networking- arista/ commit/ ?id=9039b8a46b0 47b61ce672422bc fc13550399838f
Committed: https:/
Submitter: Jenkins
Branch: master
commit 9039b8a46b047b6 1ce672422bcfc13 550399838f
Author: Paul Bourke <email address hidden>
Date: Wed Oct 19 16:00:18 2016 +0100
Redact keystone password from logs in arista_ml2
Within networking_ arista/ ml2/arista_ ml2.py, the register_with_eos()
method takes care to redact the keystone password by maintaining a copy
of "cmds" in "log_cmds".
cmds and log_cmds are then passed through _run_openstack_ cmds() ->
_run_eos_cmds() -> _send_eapi_req(). However, _send_eapi_req() does not
have an argument for log_cmds, and ends up logging the password on line
1118.
Fix this by updating _send_eapi_req() to accept 'commands_to_log', and
subbing those into the msg to be logged.
Change-Id: I42a79f6e5f5352 d982641ffc16215 e1919355fda
Closes-Bug: #1634937