tempest

Preprovisioned cred provider may leak credentials

Bug #1596458 reported by miaoyimin
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tempest
Expired
Undecided
Unassigned

Bug Description

When we use pre-registered tenant to perform the tests, the tenant account load process will call the below function:
In: tempest.common.preprov_creds.PreProvisionedCredentialProvider:_get_creds

def _get_creds(self, roles=None):
        if self.use_default_creds:
            raise exceptions.InvalidConfiguration(
                "Account file %s doesn't exist" % CONF.auth.test_accounts_file)
        useable_hashes = self._get_match_hash_list(roles)
        free_hash = self._get_free_hash(useable_hashes) # here we create the hash file of the tenant file
        clean_creds = self._sanitize_creds(
            self.hash_dict['creds'][free_hash])
        LOG.info('%s allocated creds:\n%s' % (self.name, clean_creds))
        return self._wrap_creds_with_network(free_hash) # if any error happens here, the outer layer function’s self._creds variable will be an empty list, and in
                                                                                                          # the subsequent cleanup process, the value of self._creds will be checked, if it is empty, the hash file
                                                                                                          # of this tenant won’t be cleaned.

Daryl Walleck (dwalleck)
Changed in tempest:
assignee: nobody → Daryl Walleck (dwalleck)
Revision history for this message
Daryl Walleck (dwalleck) wrote :

I actually ran into a sub-issue to this (https://bugs.launchpad.net/tempest/+bug/1600349) where I needed to add extra exception handling to _wrap_creds_with_network. Do you have a specific scenario that was triggering an exception in the _wrap_creds_with_network?

Revision history for this message
miaoyimin (miaoyimin) wrote :

I ran out of the problem too, and I ran out of the problem of getting the token failure because of the network problem.

Revision history for this message
Andrea Frittoli (andrea-frittoli) wrote :

Daryl are you still working on a fix for this?

summary: - Insufficient number of users provided
+ Preprovisioned cred provider may leak credentials
Changed in tempest:
status: New → Confirmed
importance: Undecided → High
Revision history for this message
chandan kumar (chkumar246) wrote :

Unassigning this bug as there is no activity from last 6 months. If you are still want to work on this bug, feel free to assign yourself.

Changed in tempest:
assignee: Daryl Walleck (dwalleck) → nobody
Revision history for this message
Doug Schveninger (ds6901) wrote :

to my knowledge this not happening and we are using accounts.yaml. Also the code haave changed.https://github.com/openstack/tempest/blob/master/tempest/lib/common/preprov_creds.py#L243

Should we close this bug?

Revision history for this message
Paras Babbar (pbabbar) wrote :

As per Doug, this seems to be fixed. So I would like to close this bug, let me know by this week if someone is facing this issue otherwise I will mark it as closed.

Thanks

Paras Babbar

Revision history for this message
Martin Kopec (mkopec) wrote :

Per the previous comments, I'm marking this bug as Incomplete until more data is provided.

Changed in tempest:
importance: High → Undecided
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for tempest because there has been no activity for 60 days.]

Changed in tempest:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.