[openstack-dev] [Heat] [Nova] [oslo] [Ceilometer] about notifications : huge and may be non secure
sandy.walsh at rackspace.com
Wed Jan 29 19:12:38 UTC 2014
On 01/29/2014 11:50 AM, Swann Croiset wrote:
> Hi stackers,
> I would like to sharemy wonder here about Notifications.
> I'm working  on Heat notifications and I noticed that :
> 1/ Heat uses his context to store 'password'
> 2/ Heat and Nova store 'auth_token' in context too. Didn't check for
> other projects except for neutron which doesn't store auth_token
> These infos are consequently sent thru their notifications.
> I guess we consider the broker as securised and network communications
> with services too BUT
> should not we delete these data anyway since IIRC they are never in
> use(at least by ceilometer)and by the way
> throwing it away the security question ?
> My other concern is the size (Kb) of notifications : 70% for auth_token
> (with pki) !
> We can reduce the volume drastically and easily by deleting these data
> from notifications.
> I know that RabbitMQ (or others) is very robust and can handle this
> volume but when I see this kind of improvements, I'am tempted to do it.
> I see an easy way to fix that in oslo-incubator  :
> delete keys of context if existing, config driven with "password" and
> "auth_token" by default
Yeah, there was a bunch of work in nova to eliminate these sorts of
fields from the notification payload. They should certainly be
eliminated from other services as well. Ideally, as you mention, at the
We assume the notifications can be large, but they shouldn't be that large.
The CADF work that IBM is doing to provide versioning and schemas to
notifications will go a long way here. They have provisions for marking
fields as private. I think this is the right way to go, but we may have
to do some hack fixes in the short term.
> and others
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
More information about the OpenStack-dev