S3 & swift secrets leaked into logs

Bug #962385 reported by Eoghan Glynn
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Medium
Eoghan Glynn
glance (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned

Bug Description

Configuration option values are logged when debug is enabled, which is in turn exposed via the glance-logcapture nose plugin when tests fail in Jenkins.

We should allow options to be declared secret so that their value is obfuscated before logging.

Revision history for this message
Eoghan Glynn (eglynn) wrote :
Changed in glance:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Eoghan Glynn (eglynn)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/5691
Committed: http://github.com/openstack/glance/commit/801c39ace66c7866a80aea3f26f5848afb416ee8
Submitter: Jenkins
Branch: master

commit 801c39ace66c7866a80aea3f26f5848afb416ee8
Author: Eoghan Glynn <email address hidden>
Date: Thu Mar 22 16:02:19 2012 +0000

    Avoid leaking secrets into config logging.

    Fixes bug 962385

    Configuration option values are logged when debug is enabled,
    which is in turn exposed via the glance-logcapture nose plugin
    when tests fail in Jenkins.

    Allow options to be declared secret so that their value is
    obfuscated before logging.

    Also proposed to openstack-common as:

      https://review.openstack.org/5694

    Change-Id: Ifdd1696f40c069f83c160afb0bf399da21796b8a

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in glance:
milestone: none → essex-rc2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/5887

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (milestone-proposed)

Reviewed: https://review.openstack.org/5887
Committed: http://github.com/openstack/glance/commit/244359ec54052df7c1d95ac9c3c4e4470b5fc357
Submitter: Jenkins
Branch: milestone-proposed

commit 244359ec54052df7c1d95ac9c3c4e4470b5fc357
Author: Eoghan Glynn <email address hidden>
Date: Thu Mar 22 16:02:19 2012 +0000

    Avoid leaking secrets into config logging.

    Fixes bug 962385

    Configuration option values are logged when debug is enabled,
    which is in turn exposed via the glance-logcapture nose plugin
    when tests fail in Jenkins.

    Allow options to be declared secret so that their value is
    obfuscated before logging.

    Also proposed to openstack-common as:

      https://review.openstack.org/5694

    Change-Id: Ifdd1696f40c069f83c160afb0bf399da21796b8a

Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in glance:
milestone: essex-rc2 → 2012.1
Chuck Short (zulcss)
Changed in glance (Ubuntu):
status: New → Fix Released
Changed in glance (Ubuntu Precise):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.