OpenStack-Ansible

Password in openrc is not quoted (openstack-ansible-openstack_openrc)

Bug #1663185 reported by Uros Orozel on 2017-02-09

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	High	Andy McCrae

Bug Description

Ansible role "openstack-ansible-openstack_openrc" does not quote password for variable "OS_PASSWORD" in template openrc.j2

unquoted password will break shell when special characters are used!

http://git.openstack.org/cgit/openstack/openstack-ansible-openstack_openrc/tree/templates/openrc.j2#n14

Tags:

Jean-Philippe Evrard (jean-philippe-evrard) on 2017-02-14

Changed in openstack-ansible:
status:	New → Confirmed
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-14: Fix proposed to openstack-ansible-openstack_openrc (master)

Fix proposed to branch: master
Review: https://review.openstack.org/433746

Changed in openstack-ansible:
assignee:	nobody → Andy McCrae (andrew-mccrae)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-14: Fix merged to openstack-ansible-openstack_openrc (master)

Reviewed: https://review.openstack.org/433746
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-openstack_openrc/commit/?id=02a104d77e546dd65353a99700c876162d0845ec
Submitter: Jenkins
Branch: master

commit 02a104d77e546dd65353a99700c876162d0845ec
Author: Andy McCrae <email address hidden>
Date: Tue Feb 14 16:11:03 2017 +0000

Quote OS_PASSWORD variable

Unquoted OS_PASSWORD variable can break shell commands when special
characters are used.

Closes-Bug: #1663185
Change-Id: Ia61a4ea1861d0f8792355213443b202b15ab862c

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-14: Fix proposed to openstack-ansible-openstack_openrc (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/433756

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-14: Fix merged to openstack-ansible-openstack_openrc (stable/ocata)

Reviewed: https://review.openstack.org/433756
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-openstack_openrc/commit/?id=9a836bcd21012a9f99aada155df3ce1caf0f0d81
Submitter: Jenkins
Branch: stable/ocata

commit 9a836bcd21012a9f99aada155df3ce1caf0f0d81
Author: Andy McCrae <email address hidden>
Date: Tue Feb 14 16:11:03 2017 +0000

Quote OS_PASSWORD variable

Unquoted OS_PASSWORD variable can break shell commands when special
characters are used.

    Closes-Bug: #1663185
    Change-Id: Ia61a4ea1861d0f8792355213443b202b15ab862c
    (cherry picked from commit 02a104d77e546dd65353a99700c876162d0845ec)

tags:

added: in-stable-ocata

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-15: Fix proposed to openstack-ansible-openstack_openrc (master)

Fix proposed to branch: master
Review: https://review.openstack.org/433988

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-15: Fix proposed to openstack-ansible-openstack_openrc (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/433996

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-15: Fix merged to openstack-ansible-openstack_openrc (master)

Reviewed: https://review.openstack.org/433988
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-openstack_openrc/commit/?id=6848f7d1b7312b296beec5deba85399937af11dc
Submitter: Jenkins
Branch: master

commit 6848f7d1b7312b296beec5deba85399937af11dc
Author: Jimmy McCrory <email address hidden>
Date: Tue Feb 14 15:58:09 2017 -0800

Quote OS_PASSWORD with single quotes

Use single quotes around OS_PASSWORD to prevent shell variable
expansion. Add a test to validate contents of the openrc file.

Closes-Bug: 1663185
Change-Id: I4b1e7b5cb83061ea35108db545fdfa33cef037a5

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-15: Fix merged to openstack-ansible-openstack_openrc (stable/ocata)

Reviewed: https://review.openstack.org/433996
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-openstack_openrc/commit/?id=11bfb620174a04b83002f0e4ddf7e78016f498db
Submitter: Jenkins
Branch: stable/ocata

commit 11bfb620174a04b83002f0e4ddf7e78016f498db
Author: Jimmy McCrory <email address hidden>
Date: Tue Feb 14 15:58:09 2017 -0800

Quote OS_PASSWORD with single quotes

Use single quotes around OS_PASSWORD to prevent shell variable
expansion. Add a test to validate contents of the openrc file.

Closes-Bug: 1663185
Change-Id: I4b1e7b5cb83061ea35108db545fdfa33cef037a5

Revision history for this message

Paul Halmos (paul-halmos) wrote on 2017-02-19:

Can we get this backported to Mitaka?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-07: Fix included in openstack/openstack-ansible-openstack_openrc 15.0.0.0rc2

#10

This issue was fixed in the openstack/openstack-ansible-openstack_openrc 15.0.0.0rc2 release candidate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-12: Fix included in openstack/openstack-ansible-openstack_openrc 16.0.0.0b1

#12

This issue was fixed in the openstack/openstack-ansible-openstack_openrc 16.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.