tripleo

Service shared secrets in heat templates should be hidden

Bug #1399793 reported by Chris Jones
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Juan Antonio Osorio Robles

Bug Description

Nova and Neutron (maybe others?) use shared secrets to sign some of their intra-service communication. Currently we do not set "hidden: true" on these elements of the heat templates.

I suggest that we should do that, on the grounds that they are effectively private key material.

See original description
Chris Jones (cmsj)
description: updated
Clint Byrum (clint-fewbar)
Changed in tripleo:
status: New → Triaged
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/233578

Changed in tripleo:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/233578
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=fa4ed015b083dfe416aaf2cd666ca666284608ce
Submitter: Jenkins
Branch: master

commit fa4ed015b083dfe416aaf2cd666ca666284608ce
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Mon Oct 12 13:59:22 2015 +0300

    Set shared secrets, keys and passwords as hidden

    Change-Id: Ieb27729c6b33ffc849d07200ec0d42508214956e
    Closes-Bug: #1399793

Changed in tripleo:
status: In Progress → Fix Committed
Steven Hardy (shardy)
Changed in tripleo:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.