OpenStack Compute (nova)

  1. Series rocky
  2. Bug #1837877
  3. Comment #12

Comment 12 for bug 1837877

Revision history for this message
Matt Riedemann (mriedem) wrote : Re: Error message reveals ceph information

So the issue is the traceback with the sensitive details in the instance fault, right? That's not exposed to end users, only admins (not even really configurable in the policy specific to faults, it's just the is_admin rule):

https://developer.openstack.org/api-guide/compute/faults.html

https://github.com/openstack/nova/blob/2c0cb71fb0ac0d502dc9fed24211e1ef15407b8f/nova/api/openstack/compute/views/servers.py#L562

Now the logic in ^ is a bit suspect, if the fault code is not 500 then we could have issues. What is the fault code in this case? Are non-admin tenant users able to see this?

Note that the related instance action event details would be in a similar situation since the records a traceback when the reboot fails on the instance action event:

https://github.com/openstack/nova/blob/2c0cb71fb0ac0d502dc9fed24211e1ef15407b8f/nova/compute/manager.py#L3447

https://developer.openstack.org/api-ref/compute/?expanded=show-server-action-details-detail#show-server-action-details

Again that traceback in the event should only be viewable by admins by default policy (os_compute_api:os-instance-actions:events rule).