Bug 1612881
| Summary: | [OSP10] Heat in DEBUG logs private keys when a template creates a keypair | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Damien Ciabrini <dciabrin> |
| Component: | python-oslo-utils | Assignee: | Hervé Beraud <hberaud> |
| Status: | CLOSED ERRATA | QA Contact: | pkomarov |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 10.0 (Newton) | CC: | apevec, berrange, dasmith, eglynn, hberaud, jamsmith, jdennis, jhakimra, jruzicka, kchamart, lhh, lyarwood, mbooth, mburns, nkinder, nlevinki, nova-maint, ojanas, pablo.iranzo, pkomarov, sbaker, sbauza, sgordon, shardy, srevivo, vromanso, vstinner |
| Target Milestone: | async | Keywords: | Triaged, ZStream |
| Target Release: | 10.0 (Newton) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | Triaged | ||
| Fixed In Version: | python-oslo-utils-3.16.0-2.el7ost | Doc Type: | Bug Fix |
| Doc Text: |
With this update, oslo.utils now hides private keys in logs.
Prior to this update, if Nova or Heat was configured to log at the DEBUG log level, private keys were logged as clear text when a keypair was created.
|
Story Points: | --- |
| Clone Of: | 1578346 | Environment: | |
| Last Closed: | 2019-01-16 17:09:07 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1612890 | ||
| Bug Blocks: | 1578346 | ||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0075 |
[stack@undercloud-0 ~]$ rhos-release -L Installed repositories (rhel-7.6): 10 ceph-2 ceph-osd-2 rhel-7.6 [stack@undercloud-0 ~]$ python -c 'from oslo_utils import strutils; print(strutils.mask_password({"keypair": {"private_key": "secret"}}))' {'keypair': {'private_key': '***'}} [stack@undercloud-0 ~]$ rpm -qa|grep python-oslo-utils python-oslo-utils-3.16.0-2.el7ost.noarch python-oslo-utils-lang-3.16.0-2.el7ost.noarch [stack@undercloud-0 ~]$ ansible overcloud -b -mshell -a'rpm -qa|grep python-oslo-utils' [WARNING]: Found both group and host with same name: undercloud [WARNING]: Consider using yum, dnf or zypper module rather than running rpm compute-1 | SUCCESS | rc=0 >> python-oslo-utils-lang-3.16.0-2.el7ost.noarch python-oslo-utils-3.16.0-2.el7ost.noarch compute-0 | SUCCESS | rc=0 >> python-oslo-utils-lang-3.16.0-2.el7ost.noarch python-oslo-utils-3.16.0-2.el7ost.noarch controller-1 | SUCCESS | rc=0 >> python-oslo-utils-lang-3.16.0-2.el7ost.noarch python-oslo-utils-3.16.0-2.el7ost.noarch controller-0 | SUCCESS | rc=0 >> python-oslo-utils-lang-3.16.0-2.el7ost.noarch python-oslo-utils-3.16.0-2.el7ost.noarch controller-2 | SUCCESS | rc=0 >> python-oslo-utils-lang-3.16.0-2.el7ost.noarch python-oslo-utils-3.16.0-2.el7ost.noarch