yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1317100] Re: User data should be redacted when logging request spec

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Phil Day <1317100@xxxxxxxxxxxxxxxxxx>
Date: Wed, 09 Jul 2014 10:36:23 -0000
Reply-to: Bug 1317100 <1317100@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The change to drive provisioning from conductor now avoids the code path
that was logging user data, so the immediate concern has gone away.  Not
carrying user data in the instance object would still be a useful
optimization - but that's a different task.

** Changed in: nova
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1317100

Title:
  User data should be redacted when logging request spec

Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  The filter scheduler has a Debug level log for the request spec, which
  includes in the instance properties the base64 encoded user_data.

  Since this may be used by the user to pass credentials into the VM
  this field should be redacted in the log enrty.

  User data  is an opaque data blob as far as Nova is concerned (and
  hence of no practical use for debugging).

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1317100/+subscriptions

References

[Bug 1317100] [NEW] User data should be redacted when logging request spec
From: Phil Day, 2014-05-07