<div dir="ltr"><div><div><div>Hi stackers,<br><br>I would like to share<span id="result_box" class="" lang="en"> <span class="">my wonder</span> <span class="">here</span></span> about Notifications.<br><br>I'm working [1] on Heat notifications and I noticed that :<br>
1/ Heat uses his context to store 'password'  <br>2/ Heat and Nova store 'auth_token' in context too. Didn't check for other projects except for neutron which doesn't store auth_token<br><br>These infos are consequently sent thru their notifications.<br>
<span id="result_box" class="" lang="en"><span class=""></span> </span><br>I guess we consider the broker as securised and network communications with services too BUT <br><span id="result_box" class="" lang="en"><span class="">should not we</span> delete <span class="">these</span> <span class="">data</span> <span class="">anyway</span> <span class="">since</span> <span class="">IIRC</span> <span class="">they</span> <span class="">are</span> <span class="">never in use</span><span class=""> (at</span> <span class="">least</span> <span class="">by</span> <span class="">ceilometer</span><span class="">)</span><span class=""> and by the way </span></span><br>
<span id="result_box" class="" lang="en"><span class=""><span id="result_box" class="" lang="en"><span class="">throwing it away</span> <span class="">the security question</span></span> ?<br><br></span></span></div>My other concern is the size (Kb) of notifications : 70% for auth_token (with pki) !<br>
We can reduce the volume drastically and easily by deleting these data from notifications.<br>I know that RabbitMQ (or others) is very robust and can handle this volume but when I see this kind of <span id="result_box" class="" lang="en"><span class="">improvements</span></span>, I'am tempted to do it.<br>
<br>I see an easy way to fix that in oslo-incubator [2] : <br>delete keys of context if existing, config driven with "password" and "auth_token" by default<br></div><br></div>thoughts?<br><div><div><div>
<br>[1] <a href="https://blueprints.launchpad.net/ceilometer/+spec/handle-heat-notifications">https://blueprints.launchpad.net/ceilometer/+spec/handle-heat-notifications</a><br>[2] <a href="https://github.com/openstack/oslo-incubator/blob/master/openstack/common/notifier/rpc_notifier.py">https://github.com/openstack/oslo-incubator/blob/master/openstack/common/notifier/rpc_notifier.py</a>  and others<br>
<br></div></div></div></div>