1578343 – [OSP13] Heat in DEBUG logs private keys when a template creates a keypair

Bug 1578343 - [OSP13] Heat in DEBUG logs private keys when a template creates a keypair

Summary: [OSP13] Heat in DEBUG logs private keys when a template creates a keypair

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-keystone
Sub Component:
Version:	13.0 (Queens)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Nathan Kinder
QA Contact:	nlevinki
Docs Contact:
URL:
Whiteboard:
Depends On:	1575945 1578346 1578347 1612890
Blocks:
TreeView+	depends on / blocked

Reported:	2018-05-15 10:59 UTC by Matthew Booth
Modified:	2022-08-16 08:49 UTC (History)
CC List:	21 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1575945
Clones:	1612890 (view as bug list)
Environment:
Last Closed:	2019-10-15 09:44:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1770683	None	None	None	2018-05-15 10:59:02 UTC
OpenStack gerrit	567887	None	master: MERGED	oslo.utils: Add private_key to the list of sanitized keys (I7f889f0bf254fad43b1e26d32fa145f88c668b39)	2018-07-19 01:49:51 UTC
OpenStack gerrit	568555	None	stable/queens: MERGED	oslo.utils: Add private_key to the list of sanitized keys (I7f889f0bf254fad43b1e26d32fa145f88c668b39)	2018-07-19 01:49:45 UTC
Red Hat Issue Tracker	OSP-5087	None	None	None	2022-08-16 08:49:10 UTC

Comment 3 Matthew Booth 2018-05-15 11:21:08 UTC

Submitted a backport for upstream queens: https://review.openstack.org/568555

Comment 5 Victor Stinner 2018-06-05 12:51:23 UTC

I requested Release oslo.utils 3.35.1 for Queens:
https://review.openstack.org/#/c/572373/

Comment 6 Victor Stinner 2018-06-06 13:32:29 UTC

I cannot rebase oslo.utils to 3.35.1 because this issue is not marked as a blocker issue. Since the issue only impacts log in DEBUG mode, I don't think that it deserves to block the release. It can wait for a z-stream release. If you disagree, please mark the issue as a blocker, so I can do the rebase :-)

Comment 9 Victor Stinner 2018-07-12 14:09:53 UTC

While the Oslo part is done, keystoneauth needs to be modified to use mask_password(): see https://bugzilla.redhat.com/show_bug.cgi?id=1578347#c11

I changed the component of this issue to openstack-keystone.

Comment 11 Damien Ciabrini 2018-08-06 14:48:03 UTC

Since that bug requires a fix in both python-oslo-utils and openstack-keystone, I have just clone it [1] to track the python-oslo-utils fix in a dedicated bz.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1612890

Note You need to log in before you can comment on or make changes to this bug.

apevec
dasmith
dciabrin
eglynn
jhakimra
jschluet
kchamart
lhh
lyarwood
mbooth
mburns
nkinder
nova-maint
pablo.iranzo
sbaker
sbauza
sgordon
shardy
srevivo
vromanso
vstinner