| 2014-03-06 12:32:04 |
Evan |
bug |
|
|
added bug |
| 2014-03-06 12:34:39 |
Evan |
description |
12:29 PM <ev> auth_user, auth_password, auth_region, auth_url, auth_tenant_name - these are specific to swift. Letting them leak out to the developers is dangerous, given that those same credentials could remove everything we've stored. Some other component should hold these and proxy requests to Swift when creating a new ticket.
12:30 PM <ev> ci_url - should default to airline.ubuntu.com (or whatever we call it) and be overridden by a command line parameter |
12:29 PM <ev> auth_user, auth_password, auth_region, auth_url, auth_tenant_name - these are specific to swift. Letting them leak out to the developers is dangerous, given that those same credentials could remove everything we've stored. Some other component should hold these and proxy requests to Swift when creating a new ticket.
12:30 PM <ev> ci_url - should default to airline.ubuntu.com (or whatever we call it) and be overridden by a command line parameter
The component proxying requests to swift or the ticket system should validate the signature of the upload and discard the data if it's not valid or does not match an approved list. This will help to prevent a malicious user from flooding swift. |
|
| 2014-03-17 15:38:35 |
Andy Doan |
ubuntu-ci-services-itself: milestone |
backlog |
phase-1 |
|
| 2014-03-26 18:27:13 |
Ursula Junque |
uci-engine: importance |
Undecided |
Low |
|
| 2014-03-26 18:27:13 |
Ursula Junque |
uci-engine: milestone |
|
phase-1 |
|
| 2014-03-31 13:44:37 |
Evan |
bug task deleted |
ubuntu-ci-services-itself |
|
|
| 2014-03-31 13:45:00 |
Evan |
uci-engine: milestone |
phase-1 |
uce-0 |
|
| 2014-03-31 13:45:14 |
Evan |
nominated for series |
|
uci-engine/mthood |
|
| 2014-03-31 13:45:14 |
Evan |
bug task added |
|
uci-engine/mthood |
|
| 2014-03-31 13:45:26 |
Evan |
uci-engine/mthood: milestone |
|
phase-1 |
|
| 2014-03-31 13:45:36 |
Evan |
uci-engine: importance |
Low |
Medium |
|
| 2014-03-31 13:45:41 |
Evan |
uci-engine: status |
New |
Triaged |
|
| 2014-03-31 13:45:49 |
Evan |
uci-engine: assignee |
|
Ursula Junque (ursinha) |
|
| 2014-03-31 13:46:32 |
Evan |
description |
12:29 PM <ev> auth_user, auth_password, auth_region, auth_url, auth_tenant_name - these are specific to swift. Letting them leak out to the developers is dangerous, given that those same credentials could remove everything we've stored. Some other component should hold these and proxy requests to Swift when creating a new ticket.
12:30 PM <ev> ci_url - should default to airline.ubuntu.com (or whatever we call it) and be overridden by a command line parameter
The component proxying requests to swift or the ticket system should validate the signature of the upload and discard the data if it's not valid or does not match an approved list. This will help to prevent a malicious user from flooding swift. |
From Asana:
Check signed package upload LP ID against a LP team. In the case of a MP, check the merge submitter against the LP team. All of this in a middleware service in front of Swift.
Original report follows:
12:29 PM <ev> auth_user, auth_password, auth_region, auth_url, auth_tenant_name - these are specific to swift. Letting them leak out to the developers is dangerous, given that those same credentials could remove everything we've stored. Some other component should hold these and proxy requests to Swift when creating a new ticket.
12:30 PM <ev> ci_url - should default to airline.ubuntu.com (or whatever we call it) and be overridden by a command line parameter
The component proxying requests to swift or the ticket system should validate the signature of the upload and discard the data if it's not valid or does not match an approved list. This will help to prevent a malicious user from flooding swift. |
|
| 2014-04-04 04:51:19 |
Celso Providelo |
bug |
|
|
added subscriber Celso Providelo |
| 2014-05-30 09:21:52 |
Ursula Junque |
uci-engine: assignee |
Ursula Junque (ursinha) |
Celso Providelo (cprov) |
|
| 2014-05-30 09:22:02 |
Ursula Junque |
uci-engine: status |
Triaged |
In Progress |
|
| 2014-05-30 11:41:23 |
Ursula Junque |
description |
From Asana:
Check signed package upload LP ID against a LP team. In the case of a MP, check the merge submitter against the LP team. All of this in a middleware service in front of Swift.
Original report follows:
12:29 PM <ev> auth_user, auth_password, auth_region, auth_url, auth_tenant_name - these are specific to swift. Letting them leak out to the developers is dangerous, given that those same credentials could remove everything we've stored. Some other component should hold these and proxy requests to Swift when creating a new ticket.
12:30 PM <ev> ci_url - should default to airline.ubuntu.com (or whatever we call it) and be overridden by a command line parameter
The component proxying requests to swift or the ticket system should validate the signature of the upload and discard the data if it's not valid or does not match an approved list. This will help to prevent a malicious user from flooding swift. |
This will be fixed in three parts:
- Creating a component to upload files on behalf of CLI, to remove the need of swift credentials on the client side. This is already done.
- Adding support to the CLI to talk to the gatekeeper component instead of uploading files by itself. This is in progress.
- Making ciairline.ubuntu.com (or the like) as default ci_url.
Original report follows:
12:29 PM <ev> auth_user, auth_password, auth_region, auth_url, auth_tenant_name - these are specific to swift. Letting them leak out to the developers is dangerous, given that those same credentials could remove everything we've stored. Some other component should hold these and proxy requests to Swift when creating a new ticket.
12:30 PM <ev> ci_url - should default to airline.ubuntu.com (or whatever we call it) and be overridden by a command line parameter
The component proxying requests to swift or the ticket system should validate the signature of the upload and discard the data if it's not valid or does not match an approved list. This will help to prevent a malicious user from flooding swift. |
|
| 2014-05-30 11:42:43 |
Ursula Junque |
description |
This will be fixed in three parts:
- Creating a component to upload files on behalf of CLI, to remove the need of swift credentials on the client side. This is already done.
- Adding support to the CLI to talk to the gatekeeper component instead of uploading files by itself. This is in progress.
- Making ciairline.ubuntu.com (or the like) as default ci_url.
Original report follows:
12:29 PM <ev> auth_user, auth_password, auth_region, auth_url, auth_tenant_name - these are specific to swift. Letting them leak out to the developers is dangerous, given that those same credentials could remove everything we've stored. Some other component should hold these and proxy requests to Swift when creating a new ticket.
12:30 PM <ev> ci_url - should default to airline.ubuntu.com (or whatever we call it) and be overridden by a command line parameter
The component proxying requests to swift or the ticket system should validate the signature of the upload and discard the data if it's not valid or does not match an approved list. This will help to prevent a malicious user from flooding swift. |
This will be fixed in three parts:
- Creating a component to upload files on behalf of CLI, to remove the need of swift credentials on the client side. This is already done.
- Adding support to the CLI to talk to the gatekeeper component instead of uploading files by itself. This is in progress.
- Making ciairline.ubuntu.com (or the like) the default ci_url, with an option on the CLI to override it.
Original report follows:
12:29 PM <ev> auth_user, auth_password, auth_region, auth_url, auth_tenant_name - these are specific to swift. Letting them leak out to the developers is dangerous, given that those same credentials could remove everything we've stored. Some other component should hold these and proxy requests to Swift when creating a new ticket.
12:30 PM <ev> ci_url - should default to airline.ubuntu.com (or whatever we call it) and be overridden by a command line parameter
The component proxying requests to swift or the ticket system should validate the signature of the upload and discard the data if it's not valid or does not match an approved list. This will help to prevent a malicious user from flooding swift. |
|
| 2014-06-25 18:15:16 |
Celso Providelo |
uci-engine: assignee |
Celso Providelo (cprov) |
Parameswaran Sivatharman (psivaa) |
|
| 2014-06-25 18:15:25 |
Celso Providelo |
uci-engine: status |
In Progress |
Fix Committed |
|
| 2014-11-01 10:13:14 |
Vincent Ladeuil |
uci-engine: status |
Fix Committed |
Fix Released |
|
