[Openstack-security] [Bug 1406191] Re: node-show discloses credentials as plain text in driver_info

Thierry Carrez thierry.carrez+lp at gmail.com
Thu Apr 30 10:05:30 UTC 2015 

** Changed in: ironic
    Milestone: kilo-2 => 2015.1.0

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1406191

Title:
  node-show discloses credentials as plain text in driver_info

Status in OpenStack Bare Metal Provisioning Service (Ironic):
  Fix Released

Bug description:
  
  [root at rhel7-vm ~]# ironic node-show b0860248-bf1d-4803-bdc3-5bb42852841c
  +------------------------+--------------------------------------------------------------------------+
  | Property               | Value                                                                    |
  +------------------------+--------------------------------------------------------------------------+
  | instance_uuid          | bdaf5cc9-de8f-407e-890a-d4b6c1e3e602                                     |
  | target_power_state     | None                                                                     |
  | properties             | {u'memory_mb': u'1024', u'cpu_arch': u'x86_64', u'local_gb': u'10',      |
  |                        | u'cpus': u'1'}                                                           |
  | maintenance            | False                                                                    |
  | driver_info            | {u'pxe_deploy_ramdisk': u'503e88d9-637c-4369-b8e0-2b2531c0eeb2',         |
  |                        | u'ipmi_terminal_port': u'1234', u'ipmi_username': u'username',             |
  |                        | u'ipmi_address': u'9.9.9.9', u'ipmi_password': u'password',          |
  |                        | u'pxe_deploy_kernel': u'1e676e34-1294-4a17-afba-cd5c358cd314'}           |
  | extra                  | {}                                                                       |
  | last_error             | None                                                                     |
  | created_at             | 2014-12-19T07:13:50+00:00                                                |
  | target_provision_state | deploy complete                                                          |
  | driver                 | pxe_ipmitool                                                             |
  | updated_at             | 2014-12-29T04:52:29+00:00                                                |
  | instance_info          | {u'ramdisk': u'b30a4441-b975-432d-8878-573de2aba297', u'kernel': u       |
  |                        | '490b7edd-dfe9-4842-80ed-033c788b37d1', u'root_gb': u'10',               |
  |                        | u'image_source': u'8d860e96-61f9-4070-8b09-4c8037c104c7', u'deploy_key': |
  |                        | u'2AX7KT8DXGU395SOA06J676YAC7AVA60', u'swap_mb': u'0'}                   |
  | chassis_uuid           |                                                                          |
  | provision_state        | wait call-back                                                           |
  | reservation            | None                                                                     |
  | power_state            | power on                                                                 |
  | console_enabled        | False                                                                    |
  | uuid                   | b0860248-bf1d-4803-bdc3-5bb42852841c                                     |
  +------------------------+--------------------------------------------------------------------------+
  [root at rhel7-vm ~]#

  
  Log file will not show the password - 'ipmi_password': '<SANITIZED>'

  So can we hide the password in ironic client side?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ironic/+bug/1406191/+subscriptions

More information about the Openstack-security mailing list