yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1524675] Re: lbaasv2-agent is logging credentials from barbican

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1524675@xxxxxxxxxxxxxxxxxx>
Date: Wed, 06 Jan 2016 06:13:19 -0000
Reply-to: Bug 1524675 <1524675@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/258204
Committed: https://git.openstack.org/cgit/openstack/neutron-lbaas/commit/?id=a326493ad9b2a10329a312658d27a607fc898614
Submitter: Jenkins
Branch:    master

commit a326493ad9b2a10329a312658d27a607fc898614
Author: Adam Harwell <flux.adam@xxxxxxxxx>
Date:   Tue Dec 15 16:31:59 2015 -0800

    Use keystoneauth to prevent logging sensitive data
    
    Change-Id: I00e260a28d043a27fb335ee8d8030b3c515bda9e
    Closes-Bug: #1524675


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1524675

Title:
  lbaasv2-agent is logging credentials from barbican

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  In liberty, a neutron-lbaasv2-agent is logging credentials retrieved
  from barbican when debug=True. (e.g. cert, private key, passphrase)

  this makes security issue.

  example: http://paste.openstack.org/show/481439/ (part of
  /var/log/neutron/neutron-lbaasv2-agent.log)

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1524675/+subscriptions

References

[Bug 1524675] [NEW] lbaasv2 is logging key that is on barbican
From: fujioka yuuichi, 2015-12-10