[Openstack-security] [Bug 1380642] Re: Horizon should not log token

OpenStack Infra 1380642 at bugs.launchpad.net
Fri Oct 17 09:24:59 UTC 2014 

Reviewed:  https://review.openstack.org/128859
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=47f1d49690fe3787a356175a069723f33ca12cfd
Submitter: Jenkins
Branch:    master

commit 47f1d49690fe3787a356175a069723f33ca12cfd
Author: Akihiro Motoki <motoki at da.jp.nec.com>
Date:   Thu Oct 16 04:34:30 2014 +0900

    Do not log keystone token
    
    Previously token values are logged as DEBUG level when a new client
    object is instantiated. In other project and clients, token values
    are now not logged and is output as *REDACTED* instead.
    In Horizon these log lines do not have much meaning and
    we can simply remove them.
    
    Change-Id: I67617ac6424907574d79ec2a57b513a548e220d2
    Closes-Bug: #1380642


** Changed in: horizon
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1380642

Title:
  Horizon should not log token

Status in OpenStack Dashboard (Horizon):
  Fix Committed

Bug description:
  It is Horizon version of bug 1327019.
  Various modules in openstack_dashboard/api logs token.
  In other modules, token value is not logged now and is output as *REDACTED* or some similar string.
  In Horizon case, these log lines are simply removed to fix the issue as it seems this logging is unnecessary in most cases.

  I don't think this needs to be private based on the discussion in bug
  1327019.

    def novaclient(request):
      insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
      cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
      LOG.debug('novaclient connection created using token "%s" and url "%s"' %
                (request.user.token.id, base.url_for(request, 'compute')))
      c = nova_client.Client(request.user.username,
                             request.user.token.id,
                             project_id=request.user.tenant_id,
                             auth_url=base.url_for(request, 'compute'),
                             insecure=insecure,
                             cacert=cacert,
                             http_log_debug=settings.DEBUG)
      c.client.auth_token = request.user.token.id
      c.client.management_url = base.url_for(request, 'compute')
      return c

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1380642/+subscriptions

More information about the Openstack-security mailing list