mistral playbook action's default verbosity leaks fernet keys in mistral logs

Bug #1714198 reported by Juan Antonio Osorio Robles on 2017-08-31
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Critical
Juan Antonio Osorio Robles

Bug Description

With the deafult verbosity of the playbook action (-vvvvv) the values for the fernet keys get leaked into the mistral logs.

Fix proposed to branch: master
Review: https://review.openstack.org/499526

Changed in tripleo:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status: New → In Progress
Changed in tripleo:
importance: Undecided → Critical
milestone: none → pike-rc2
tags: added: security-hardening

Reviewed: https://review.openstack.org/499526
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=28cd0e4bf51c4f82d0ab231a02403696bb526e60
Submitter: Jenkins
Branch: master

commit 28cd0e4bf51c4f82d0ab231a02403696bb526e60
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Aug 31 12:07:20 2017 +0300

    Add less verbosity for fernet keys ansible playbook

    The default verbosity ended up logging the values of the fernet keys.
    This is not desirable, so we set the least amount of verbosity to stop
    this.

    Change-Id: I38646729692231f305630fc36ef7591a99daff63
    Closes-Bug: #1714198

Changed in tripleo:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/500070
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=16d1bcbd9734cf56300aac740c4e58e82100c3f6
Submitter: Jenkins
Branch: stable/pike

commit 16d1bcbd9734cf56300aac740c4e58e82100c3f6
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Aug 31 12:07:20 2017 +0300

    Add less verbosity for fernet keys ansible playbook

    The default verbosity ended up logging the values of the fernet keys.
    This is not desirable, so we set the least amount of verbosity to stop
    this.

    Change-Id: I38646729692231f305630fc36ef7591a99daff63
    Closes-Bug: #1714198
    (cherry picked from commit 28cd0e4bf51c4f82d0ab231a02403696bb526e60)

tags: added: in-stable-pike

This issue was fixed in the openstack/tripleo-common 7.6.0 release.

This issue was fixed in the openstack/tripleo-common 8.0.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers