sql_connection not marked secret

Bug #1160680 reported by Michael Fork on 2013-03-27
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Medium
Michael Fork
Grizzly
Undecided
Unassigned
Glance
Undecided
Unassigned
OpenStack Compute (nova)
Medium
Oleg Bondarev
Grizzly
Medium
Vish Ishaya
OpenStack Identity (keystone)
Undecided
Michael Fork
Folsom
Undecided
Unassigned
neutron
Medium
Roman Podoliaka
Grizzly
Undecided
Unassigned
oslo-incubator
Medium
Michael Fork
Grizzly
Medium
Mark McLoughlin

Bug Description

sql_connection contains the password in plain text, but it not marked secret and could cause the password to be logged.

Changed in oslo:
assignee: nobody → Michael Fork (mjfork)
status: New → In Progress
Changed in quantum:
status: New → Confirmed
importance: Undecided → Medium
milestone: none → havana-1
Changed in quantum:
assignee: nobody → Roman Podolyaka (rpodolyaka)

Fix proposed to branch: master
Review: https://review.openstack.org/25500

Changed in quantum:
status: Confirmed → In Progress
Changed in nova:
assignee: nobody → Oleg Bondarev (obondarev)
Changed in nova:
status: New → In Progress

Reviewed: https://review.openstack.org/25481
Committed: http://github.com/openstack/oslo-incubator/commit/f79915ec1d975219719e0ba99128d7c62398ae0a
Submitter: Jenkins
Branch: master

commit f79915ec1d975219719e0ba99128d7c62398ae0a
Author: Michael J Fork <email address hidden>
Date: Wed Mar 27 02:34:49 2013 +0000

    Mark sql_connection with secret flag

    sql_connection contains the password in some setups and marking as
    secret prevents accidental logging

    fixes bug 1160680

    Change-Id: Ib2d00219ea40a010c62e6a29045309f030e6de28

Changed in oslo:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/25500
Committed: http://github.com/openstack/quantum/commit/b5e6c2c8556927efb6de9de1e7c19e0aab450b10
Submitter: Jenkins
Branch: master

commit b5e6c2c8556927efb6de9de1e7c19e0aab450b10
Author: Roman Podolyaka <email address hidden>
Date: Wed Mar 27 07:59:39 2013 +0200

    Mark 'sql_connection' config option as secret

    Fixes bug 1160680.

    Change-Id: I42b16d006f162cb41090fa34677d6ad054b6a55a

Changed in quantum:
status: In Progress → Fix Committed
Changed in nova:
milestone: none → havana-1
Michael Fork (mjfork) on 2013-03-28
Changed in glance:
assignee: nobody → Michael Fork (mjfork)
Changed in keystone:
assignee: nobody → Michael Fork (mjfork)
Changed in cinder:
assignee: nobody → Michael Fork (mjfork)

Fix proposed to branch: master
Review: https://review.openstack.org/25584

Changed in cinder:
status: New → In Progress
Michael Fork (mjfork) wrote :

After further investigation, found out that sql_connection is marked secret in Glance.

Changed in glance:
assignee: Michael Fork (mjfork) → nobody
status: New → Invalid

Fix proposed to branch: master
Review: https://review.openstack.org/25585

Changed in keystone:
status: New → In Progress
Oleg Bondarev (obondarev) wrote :

The bug doesn't need to be fixed in Nova as it was already fixed in oslo and will be merged to Nova.

Changed in nova:
status: In Progress → Fix Committed
Alan Pevec (apevec) wrote :

I'd like to propose this to Folsom series in all projects, any objections?

Reviewed: https://review.openstack.org/25584
Committed: http://github.com/openstack/cinder/commit/9f8ee9d2981c5f317139e3743385b59956546d65
Submitter: Jenkins
Branch: master

commit 9f8ee9d2981c5f317139e3743385b59956546d65
Author: Michael J Fork <email address hidden>
Date: Thu Mar 28 02:58:04 2013 +0000

    Mark sql_connection with secret flag

    sql_connection contains the password in some setups and marking as
    secret prevents accidental logging

    fixes bug 1160680

    Change-Id: I3704237d0923bb30138b5ece7e5c7bbda0a78b9b

Changed in cinder:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/25607
Committed: http://github.com/openstack/nova/commit/6ff9c9effe011cb7d8d5479ec8cd2f6c7f61705c
Submitter: Jenkins
Branch: master

commit 6ff9c9effe011cb7d8d5479ec8cd2f6c7f61705c
Author: Michael J Fork <email address hidden>
Date: Thu Mar 28 11:57:29 2013 +0000

    sync oslo db/sqlalchemy module

    sync oslo db/sqlalchemy module to grab "Mark sql_connection with secret
    flag" change.

    fixes bug 1160680

    Change-Id: Id48419624c41eea5a0f2e130d7cdbe8a8f0a9118

Reviewed: https://review.openstack.org/25585
Committed: http://github.com/openstack/keystone/commit/ee0e4be91ea6010bebed3a63e531f24063dcfa4c
Submitter: Jenkins
Branch: master

commit ee0e4be91ea6010bebed3a63e531f24063dcfa4c
Author: Michael J Fork <email address hidden>
Date: Thu Mar 28 03:09:58 2013 +0000

    Mark sql connection with secret flag

    sql connection parameter contains the password in some setups and
    marking as secret prevents accidental logging

    fixes bug 1160680

    Change-Id: I093d9c6556197ec25cb63bf16bcc90bb9679fed0

Changed in keystone:
status: In Progress → Fix Committed
Mark McLoughlin (markmc) on 2013-03-29
Changed in oslo:
importance: Undecided → Medium

Reviewed: https://review.openstack.org/25724
Committed: http://github.com/openstack/oslo-incubator/commit/07ce6a36c35e07169e11178e6a48340e2ed1b1c9
Submitter: Jenkins
Branch: stable/grizzly

commit 07ce6a36c35e07169e11178e6a48340e2ed1b1c9
Author: Michael J Fork <email address hidden>
Date: Wed Mar 27 02:34:49 2013 +0000

    Mark sql_connection with secret flag

    sql_connection contains the password in some setups and marking as
    secret prevents accidental logging

    fixes bug 1160680

    Change-Id: Ib2d00219ea40a010c62e6a29045309f030e6de28
    (cherry picked from commit f79915ec1d975219719e0ba99128d7c62398ae0a)

Neela Shah (neela) on 2013-04-03
tags: added: grizzly-backport-potential
Changed in nova:
importance: Undecided → Medium
Changed in cinder:
importance: Undecided → Medium
milestone: none → havana-1

Reviewed: https://review.openstack.org/26196
Committed: http://github.com/openstack/quantum/commit/61e63789c5998026f47313f6dfa93824d871186f
Submitter: Jenkins
Branch: stable/grizzly

commit 61e63789c5998026f47313f6dfa93824d871186f
Author: Roman Podolyaka <email address hidden>
Date: Wed Mar 27 07:59:39 2013 +0200

    Mark 'sql_connection' config option as secret

    Fixes bug 1160680.

    Change-Id: I42b16d006f162cb41090fa34677d6ad054b6a55a

Reviewed: https://review.openstack.org/26767
Committed: http://github.com/openstack/cinder/commit/2113fe1832a305ccaf1093ccf866adbd20d2f5ac
Submitter: Jenkins
Branch: stable/grizzly

commit 2113fe1832a305ccaf1093ccf866adbd20d2f5ac
Author: Michael J Fork <email address hidden>
Date: Thu Mar 28 02:58:04 2013 +0000

    Mark sql_connection with secret flag

    sql_connection contains the password in some setups and marking as
    secret prevents accidental logging

    fixes bug 1160680

    Change-Id: I3704237d0923bb30138b5ece7e5c7bbda0a78b9b
    (cherry picked from commit 9f8ee9d2981c5f317139e3743385b59956546d65)

Gary Kotton (garyk) on 2013-04-22
tags: added: in-stable-grizzly
removed: grizzly-backport-potential

I am out of the office until 05/12/2013.

For technical issues regarding the Storwize/SVC Cinder driver, please
contact: Jie Ping Wu <email address hidden>, Li Min Liu <email address hidden>,
Ronen Kat <email address hidden>
For all other issue, please contact my manager, Dalit Naor
<email address hidden>

Note: This is an automated response to your message "[Bug 1160680] Re:
sql_connection not marked secret" sent on 22/04/2013 20:23:41.

This is the only notification you will receive while this person is away.

Reviewed: https://review.openstack.org/26874
Committed: http://github.com/openstack/nova/commit/0f4c3f91cac93ce8444a9c65af80af9dc053d06f
Submitter: Jenkins
Branch: stable/grizzly

commit 0f4c3f91cac93ce8444a9c65af80af9dc053d06f
Author: Michael J Fork <email address hidden>
Date: Thu Mar 28 11:57:29 2013 +0000

    sync oslo db/sqlalchemy module

    sync oslo db/sqlalchemy module to grab "Mark sql_connection with secret
    flag" change.

    fixes bug 1160680

    Change-Id: Id48419624c41eea5a0f2e130d7cdbe8a8f0a9118
    (cherry picked from commit 6ff9c9effe011cb7d8d5479ec8cd2f6c7f61705c)

Thierry Carrez (ttx) on 2013-05-29
Changed in keystone:
milestone: none → havana-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-05-29
Changed in cinder:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-05-29
Changed in nova:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-05-29
Changed in quantum:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-05-30
Changed in oslo:
milestone: none → havana-1
status: Fix Committed → Fix Released
Alan Pevec (apevec) on 2013-08-06
tags: removed: in-stable-grizzly
Thierry Carrez (ttx) on 2013-10-17
Changed in oslo:
milestone: havana-1 → 2013.2
Thierry Carrez (ttx) on 2013-10-17
Changed in cinder:
milestone: havana-1 → 2013.2
Thierry Carrez (ttx) on 2013-10-17
Changed in neutron:
milestone: havana-1 → 2013.2
Thierry Carrez (ttx) on 2013-10-17
Changed in nova:
milestone: havana-1 → 2013.2
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-1 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers