Preprovisioned cred provider may leak credentials

Bug #1596458 reported by miaoyimin on 2016-06-27
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tempest
High
Unassigned

Bug Description

When we use pre-registered tenant to perform the tests, the tenant account load process will call the below function:
In: tempest.common.preprov_creds.PreProvisionedCredentialProvider:_get_creds

def _get_creds(self, roles=None):
        if self.use_default_creds:
            raise exceptions.InvalidConfiguration(
                "Account file %s doesn't exist" % CONF.auth.test_accounts_file)
        useable_hashes = self._get_match_hash_list(roles)
        free_hash = self._get_free_hash(useable_hashes) # here we create the hash file of the tenant file
        clean_creds = self._sanitize_creds(
            self.hash_dict['creds'][free_hash])
        LOG.info('%s allocated creds:\n%s' % (self.name, clean_creds))
        return self._wrap_creds_with_network(free_hash) # if any error happens here, the outer layer function’s self._creds variable will be an empty list, and in
                                                                                                          # the subsequent cleanup process, the value of self._creds will be checked, if it is empty, the hash file
                                                                                                          # of this tenant won’t be cleaned.

Daryl Walleck (dwalleck) on 2016-07-07
Changed in tempest:
assignee: nobody → Daryl Walleck (dwalleck)
Daryl Walleck (dwalleck) wrote :

I actually ran into a sub-issue to this (https://bugs.launchpad.net/tempest/+bug/1600349) where I needed to add extra exception handling to _wrap_creds_with_network. Do you have a specific scenario that was triggering an exception in the _wrap_creds_with_network?

miaoyimin (miaoyimin) wrote :

I ran out of the problem too, and I ran out of the problem of getting the token failure because of the network problem.

Daryl are you still working on a fix for this?

summary: - Insufficient number of users provided
+ Preprovisioned cred provider may leak credentials
Changed in tempest:
status: New → Confirmed
importance: Undecided → High
chandan kumar (chkumar246) wrote :

Unassigning this bug as there is no activity from last 6 months. If you are still want to work on this bug, feel free to assign yourself.

Changed in tempest:
assignee: Daryl Walleck (dwalleck) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers