[Openstack-security] [Bug 1451931] Re: ironic password config not marked as secret

OpenStack Infra 1451931 at bugs.launchpad.net
Wed Jul 1 23:00:35 UTC 2015


Reviewed:  https://review.openstack.org/194290
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=3b9ae165f7f93424b489bfb992f935d5d5e749f2
Submitter: Jenkins
Branch:    stable/juno

commit 3b9ae165f7f93424b489bfb992f935d5d5e749f2
Author: Joe Gordon <joe.gordon0 at gmail.com>
Date:   Mon May 4 11:19:33 2015 -0700

    Mark ironic credential config as secret
    
    Mark ironic credentials as secret so we don't log the values.
    
    Detected with bandit while testing out:
    I3026b81317f0a6322acfc94784899a7453af586f
    
    Change-Id: Icfd13b3294a9fa0881a5ab01f50864ebcbce393e
    Closes-Bug: #1451931


** Changed in: nova/juno
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1451931

Title:
  ironic password config not marked as secret

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) juno series:
  Fix Committed
Status in OpenStack Compute (nova) kilo series:
  Fix Committed
Status in OpenStack Security Advisories:
  Won't Fix
Status in OpenStack Security Notes:
  New

Bug description:
  The ironic config option for the password and auth token are not
  marked as secret so the values will get logged during startup in debug
  mode.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1451931/+subscriptions




More information about the Openstack-security mailing list