Creating a keypair via Nova logs the private key if DEBUG is enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oslo.utils |
Fix Released
|
High
|
Matthew Booth |
Bug Description
Originally reported publicly via RH Bugzilla here: https:/
Consequently should probably not be embargoed.
From bugzilla, when creating a keypair, Nova logs:
2018-05-08 09:49:13.198 742250 DEBUG novaclient.
tion/json Openstack-
b50d-b915-
RESP BODY: {"keypair": {"public_key": "ssh-rsa ... Generated-by-Nova", "private_key": "-----BEGIN RSA PRIVATE KEY-----\n ...
This log is directly generated by keystone's Session.
Changed in oslo.utils: | |
importance: | Undecided → High |
I believe the fix is as simple as:
diff --git a/oslo_ utils/strutils. py b/oslo_ utils/strutils. py utils/strutils. py utils/strutils. py HYPHENATE_ RE = re.compile( r"[-\s] +")
'auth_ token', 'new_pass', 'auth_password', 'secret_uuid',
'secret' , 'sys_pswd', 'token', 'configdrive',
index 929b34d..c7d0f55 100644
--- a/oslo_
+++ b/oslo_
@@ -58,7 +58,7 @@ SLUGIFY_
_SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password',
- 'CHAPPASSWORD', 'encrypted_key']
+ 'CHAPPASSWORD', 'encrypted_key', 'private_key']
It doesn't even appear that more tests are required, as this list is already adequately tested.