[Openstack] UnifiedCLI suggestion
Ken Thomas
krt at yahoo-inc.com
Mon Jun 25 22:19:30 UTC 2012
Greetings all,
Our security folks have an issue with putting passwords on the command
line or in the environment. I wrote up a blueprint that gives the
details on their objections as well as a proposed short-term fix for
keystone
(https://blueprints.launchpad.net/keystone/+spec/prompt-for-password).
We'd like to see this same change get into UnifiedCLI as a longer term fix.
The change is minor. If no password was found on the command line or in
the env, just before the "expecting password" error is raised, we make
an attempt to prompt the user for it. If we get something, great! Our
security folks are happy and we keep processing. If we don't get the
password for any number of reasons (keystone wasn't being run from a
tty, the user hit Ctrl-C or Ctrl-D when prompted), then we raise the
error just as before.
I've already submitted the keystone changes for review
(https://review.openstack.org/#/c/8958/3/keystoneclient/shell.py) and
I'd be happy to make the same change to UnifiedCLI as well.
Thanks!
Ken
More information about the Openstack
mailing list