[Openstack-security] [Bug 1380642] Re: Horizon should not log token

Thierry Carrez thierry.carrez+lp at gmail.com
Thu Dec 18 16:20:02 UTC 2014 

** Changed in: horizon
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1380642

Title:
  Horizon should not log token

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  It is Horizon version of bug 1327019.
  Various modules in openstack_dashboard/api logs token.
  In other modules, token value is not logged now and is output as *REDACTED* or some similar string.
  In Horizon case, these log lines are simply removed to fix the issue as it seems this logging is unnecessary in most cases.

  I don't think this needs to be private based on the discussion in bug
  1327019.

    def novaclient(request):
      insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
      cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
      LOG.debug('novaclient connection created using token "%s" and url "%s"' %
                (request.user.token.id, base.url_for(request, 'compute')))
      c = nova_client.Client(request.user.username,
                             request.user.token.id,
                             project_id=request.user.tenant_id,
                             auth_url=base.url_for(request, 'compute'),
                             insecure=insecure,
                             cacert=cacert,
                             http_log_debug=settings.DEBUG)
      c.client.auth_token = request.user.token.id
      c.client.management_url = base.url_for(request, 'compute')
      return c

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1380642/+subscriptions

More information about the Openstack-security mailing list