[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1823104] Related fix merged to nova (master)

Submitter: Zuul
Branch:    master

commit 88560094450bb4935909793965866b542d9ef3fe
Author: Matt Riedemann <mriedem.os at>
Date:   Thu Apr 4 10:20:32 2019 -0400

    Add docs on what not to include in notifications
    Based on bug 1823104 it's clear we should have some
    explicit wording in the notification reference docs
    about what not to include in versioned notification
    payloads, so this change attempts to start that with
    the most obvious thing - don't expose access credentials
    to the nova deployment.
    This also adds a reminder to think about what is being
    added / mirrored from internal objects and determine if
    consumers really need it and if they aren't asking, opt
    to not including it until requested.
    Change-Id: I326aa39d963091282a5d0b70ba222abfe8ccfdac
    Related-Bug: #1823104

You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.

  CellMappingPayload in select_destinations versioned notification sends
  sensitive database_connection and transport_url information

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) stein series:
  In Progress

Bug description:
  As of this change in Stein: at 334

  Which is not yet officially released, but is in the, the
  select_destinations versioned notification payload during a move
  operation (resize, cold/live migrate, unshelve, evacuate) will send
  the cell database_connection URL and MQ transport_url information
  which contains credentials to connect directly to the cell DB and MQ,
  which even though notifications are meant to be internal within
  openstack services, seems like a pretty bad idea. IOW, just because
  it's internal to openstack doesn't mean nova needs to give ceilometer
  the keys to it's cell databases.

  There seems to be no justification in the change for *why* this
  information was needed in the notification payload, it seemed to be
  added simply for completeness.

To manage notifications about this bug go to: