tuskar

tuskar overcloud-list shows passwords

Bug #1308172 reported by James Slagle on 2014-04-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tuskar	Fix Released	Critical	Roman Podoliaka

Bug Description

tuskar overcloud-list will show your passwords that you used when you launched the overcloud. tuskar should honor the NoEcho attribute in the templates, the same way as Heat does.

James Slagle (james-slagle) on 2014-04-15

Changed in tuskar:
importance:	Undecided → Critical
status:	New → Triaged

Dougal Matthews (d0ugal) on 2014-04-16

Changed in tuskar:
assignee:	nobody → Dougal Matthews (d0ugal)

Dougal Matthews (d0ugal) on 2014-05-06

Changed in tuskar:
assignee:	Dougal Matthews (d0ugal) → nobody

Roman Podoliaka (rpodolyaka) on 2014-05-20

Changed in tuskar:
assignee:	nobody → Roman Podoliaka (rpodolyaka)

Revision history for this message

Ladislav Smola (lsmola) wrote on 2014-05-20:

I have reported same thing weeks ago. The solution here will be to migrate to barbican.

Changed in tuskar:
importance:	Critical → High

Revision history for this message

Ladislav Smola (lsmola) wrote on 2014-05-20:

If there is a quick fix please try, but we are using at least Admin Password for connection to Overcloud, so we need it to be accessible. Which relates to this https://bugs.launchpad.net/tuskar/+bug/1235236

The long thread about this is here
http://lists.openstack.org/pipermail/openstack-dev/2014-February/027582.html
in the case that anybody wants to start another long discussion

Ladislav Smola (lsmola) on 2014-05-20

Changed in tuskar:
importance:	High → Critical

OpenStack Infra (hudson-openstack) on 2014-05-23

Changed in tuskar:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-05-26: Fix merged to tuskar (master)

Reviewed: https://review.openstack.org/94648
Committed: https://git.openstack.org/cgit/openstack/tuskar/commit/?id=ca24351c637b5ceff0a48973cdb77d9560a5df34
Submitter: Jenkins
Branch: master

commit ca24351c637b5ceff0a48973cdb77d9560a5df34
Author: Roman Podoliaka <email address hidden>
Date: Wed May 21 18:04:14 2014 +0300

Don't display passwords when listing overclouds

    A quick and dirty workaround to stop displaying passwords when
    listing overclouds. The proper way to fix this would probably be
    either to stop storing passwords in Tuskar API or delegate this task
    to another service.

Change-Id: Ibb269e82f24a0cd4a77594ea9374359a0503b636
Closes-Bug: #1308172

Changed in tuskar:
status:	In Progress → Fix Committed

Roman Podoliaka (rpodolyaka) on 2014-05-30

Changed in tuskar:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.