Open Stack

Reviewed:  https://review.openstack.org/269372
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=877ddce29191c2bfdade1d298e7b86c87d945025
Submitter: Jenkins
Branch:    stable/liberty

commit 877ddce29191c2bfdade1d298e7b86c87d945025
Author: Brant Knudson <bknudson at us.ibm.com>
Date:   Thu Jan 14 16:43:55 2016 -0600

    Mark password/secret options as secret
    
    Password, token, and secret options should be marked as secret=True
    so that when the value is logged the logger knows to obfuscate the
    value.
    
    Conflicts:
    	keystoneauth1/extras/_saml2/_loading.py
    	keystoneauth1/loading/_plugins/identity/v3.py
    
    - There was no saml2 plugin in keystoneauth1.
    - The OpenIDConnectPassword and OpenIDConnectAuthorizationCode
      plugins didn't exist.
    
    Change-Id: I4818c4cc04cc6a4e1e3cf09d5e0b7b4ffefbb892
    Closes-Bug: 1534299
    (cherry picked from commit fcd9538eaf2b374ec5188426454a5c598621b902)


** Tags added: in-stable-liberty

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1534299

Title:
  keystoneclient needs to mark secret config options

Status in keystoneauth:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix
Status in python-keystoneclient:
  Fix Released

Bug description:
  oslo_config allows marking config options such as password as
  "secret", such that when/if the config options are logged they're
  masked out of the logs.

  keystoneclient defines several options for auth plugins that should be
  secret but are not, such as the user's password in the identity, oidc,
  and saml2 plugins.

  I don't know if these really need to be private security but might as
  well start out that way.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystoneauth/+bug/1534299/+subscriptions