tripleo

Sensu service is overriding redact with empty list

Bug #1641080 reported by Martin Mágr
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Martin Mágr
tripleo ocata-2 "ocata-2"

Bug Description

OpenStack auth password can be seen as clear text in Uchiwa and Sensu logs, because we override default password redaction with empty list in /etc/sensu/conf.d/client.json.

OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: nobody → Martin Mágr (mmagr)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/394847
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=c921b15c905eb609f0a3e1bd5943e24da46f549f
Submitter: Jenkins
Branch: master

commit c921b15c905eb609f0a3e1bd5943e24da46f549f
Author: Martin Mágr <email address hidden>
Date: Tue Nov 8 10:04:41 2016 +0100

    Use default Sensu redact

    By default sensu-puppet is overring default list of varibles which should
    be redacted. This patch enables to configure redact list and uses default
    value given by [1]. This patch also serves as a workaround until [2]
    is merged in the module itself (or in case it won't get merged).

    [1] https://sensuapp.org/docs/0.24/reference/clients.html
    [2] https://github.com/sensu/sensu-puppet/pull/580

    Closes-Bug: #1641080
    Closes-Bug: rhbz#1392473
    Change-Id: I21201f734d2fbf5f571091603126cf11cfdd8c40

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/398281

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 6.0.0.0b1

This issue was fixed in the openstack/tripleo-heat-templates 6.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/newton)

Reviewed: https://review.openstack.org/398281
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=4f480263533721a86d55d0b60187cd3b5a9ed538
Submitter: Jenkins
Branch: stable/newton

commit 4f480263533721a86d55d0b60187cd3b5a9ed538
Author: Martin Mágr <email address hidden>
Date: Tue Nov 8 10:04:41 2016 +0100

    Use default Sensu redact

    By default sensu-puppet is overring default list of varibles which should
    be redacted. This patch enables to configure redact list and uses default
    value given by [1]. This patch also serves as a workaround until [2]
    is merged in the module itself (or in case it won't get merged).

    [1] https://sensuapp.org/docs/0.24/reference/clients.html
    [2] https://github.com/sensu/sensu-puppet/pull/580

    Closes-Bug: #1641080
    Closes-Bug: rhbz#1392473
    Change-Id: I21201f734d2fbf5f571091603126cf11cfdd8c40
    (cherry picked from commit c921b15c905eb609f0a3e1bd5943e24da46f549f)

tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/403722

Revision history for this message
Steven Hardy (shardy) wrote :

Marked in progress again as it seems we need to land https://review.openstack.org/#/c/403722/ before this is fully fixed

Changed in tripleo:
importance: Undecided → High
milestone: none → ocata-2
status: Fix Released → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/403722
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=d1deaae25f8583603c9a8d9394a81c12d5d1742c
Submitter: Jenkins
Branch: master

commit d1deaae25f8583603c9a8d9394a81c12d5d1742c
Author: Martin Mágr <email address hidden>
Date: Mon Nov 28 14:19:59 2016 +0100

    Use correct type for SensuRedactVariables parameter

    The parameter type is invalid making it impossible to enable monitoring-environment.

    Change-Id: I835d1e82480edb0b6d082a7496d7ceebb1781728
    Closes-Bug: #1641080
    Closes-Bug: rhbz#1392473

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/403849

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/newton)

Reviewed: https://review.openstack.org/403849
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=63c26034b10a1a89af983e32acc8429c06855677
Submitter: Jenkins
Branch: stable/newton

commit 63c26034b10a1a89af983e32acc8429c06855677
Author: Martin Mágr <email address hidden>
Date: Mon Nov 28 14:19:59 2016 +0100

    Use correct type for SensuRedactVariables parameter

    The parameter type is invalid making it impossible to enable monitoring-environment.

    Change-Id: I835d1e82480edb0b6d082a7496d7ceebb1781728
    Closes-Bug: #1641080
    Closes-Bug: rhbz#1392473
    (cherry picked from commit d1deaae25f8583603c9a8d9394a81c12d5d1742c)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 6.0.0.0b2

This issue was fixed in the openstack/tripleo-heat-templates 6.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 5.2.0

This issue was fixed in the openstack/tripleo-heat-templates 5.2.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.