]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commitdiff
Code Review / openstack-build / cinder-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8bb5554)
Password config options should be marked secret
authorEric Brown <browne@vmware.com>
Tue, 24 Feb 2015 07:15:40 +0000 (23:15 -0800)
committerEric Brown <browne@vmware.com>
Fri, 27 Feb 2015 23:11:09 +0000 (23:11 +0000)
If passwords are not marked secret, there is the potential for
them to be logged in a world readable location.

SecImpact

Change-Id: I3204d12622cf0e5684e7e9ecc5f3755031503d3a

cinder/backup/drivers/tsm.py patch | blob | history
cinder/common/config.py patch | blob | history
cinder/volume/drivers/coraid.py patch | blob | history
cinder/volume/drivers/hitachi/hbsd_horcm.py patch | blob | history
cinder/volume/drivers/hitachi/hbsd_iscsi.py patch | blob | history
cinder/volume/drivers/zfssa/zfssaiscsi.py patch | blob | history

diff --git a/cinder/backup/drivers/tsm.py b/cinder/backup/drivers/tsm.py
index 2ebb69f0fe991cc44b11cc679573a39315135ca3..54364c5b0f00cf64c8c15b6efd88903fdcade5e5 100644 (file)
--- a/cinder/backup/drivers/tsm.py
+++ b/cinder/backup/drivers/tsm.py
@@ -46,7 +46,8 @@ tsm_opts = [
                help='Volume prefix for the backup id when backing up to TSM'),
     cfg.StrOpt('backup_tsm_password',
                default='password',
-               help='TSM password for the running username'),
+               help='TSM password for the running username',
+               secret=True),
     cfg.BoolOpt('backup_tsm_compression',
                 default=True,
                 help='Enable or Disable compression for backups'),
diff --git a/cinder/common/config.py b/cinder/common/config.py
index e5cd3157892e17a5b1d2c6b7bff0fae39f0b45fc..0c4f57badfaa5e10a9aa4a5f228c30b8c3eb8ff2 100644 (file)
--- a/cinder/common/config.py
+++ b/cinder/common/config.py
@@ -194,7 +194,8 @@ global_opts = [
     cfg.StrOpt('os_privileged_user_password',
                default=None,
                help='Password associated with the OpenStack privileged '
-                    'account.'),
+                    'account.',
+               secret=True),
     cfg.StrOpt('os_privileged_user_tenant',
                default=None,
                help='Tenant name associated with the OpenStack privileged '
diff --git a/cinder/volume/drivers/coraid.py b/cinder/volume/drivers/coraid.py
index ea8c4fdf83d27cdf947002246c23e3fe77b1a4d9..1e16d699d10aa54e56f396d48030404cfe5d5a0e 100644 (file)
--- a/cinder/volume/drivers/coraid.py
+++ b/cinder/volume/drivers/coraid.py
@@ -53,7 +53,8 @@ coraid_opts = [
                ' (must have admin privilege)'),
     cfg.StrOpt('coraid_password',
                default='password',
-               help='Password to connect to Coraid ESM'),
+               help='Password to connect to Coraid ESM',
+               secret=True),
     cfg.StrOpt('coraid_repository_key',
                default='coraid_repository',
                help='Volume Type key name to store ESM Repository Name'),
diff --git a/cinder/volume/drivers/hitachi/hbsd_horcm.py b/cinder/volume/drivers/hitachi/hbsd_horcm.py
index d061bec016716210d799dcb0f127a918ec8d3519..6175d2d63bdd1aac5bb40989842dd7eb715af46b 100644 (file)
--- a/cinder/volume/drivers/hitachi/hbsd_horcm.py
+++ b/cinder/volume/drivers/hitachi/hbsd_horcm.py
@@ -107,7 +107,8 @@ volume_opts = [
                help='Username of storage system for HORCM'),
     cfg.StrOpt('hitachi_horcm_password',
                default=None,
-               help='Password of storage system for HORCM'),
+               help='Password of storage system for HORCM',
+               secret=True),
     cfg.BoolOpt('hitachi_horcm_add_conf',
                 default=True,
                 help='Add to HORCM configuration'),
diff --git a/cinder/volume/drivers/hitachi/hbsd_iscsi.py b/cinder/volume/drivers/hitachi/hbsd_iscsi.py
index 14be4e63339af2bfab8ed2b3ade2578b93c5a258..558a27d43af41d00f9cd83ca13fcc2ce1b6854f2 100644 (file)
--- a/cinder/volume/drivers/hitachi/hbsd_iscsi.py
+++ b/cinder/volume/drivers/hitachi/hbsd_iscsi.py
@@ -46,7 +46,7 @@ volume_opts = [
                help='iSCSI authentication username'),
     cfg.StrOpt('hitachi_auth_password',
                default='%sCHAP-password' % basic_lib.NAME_PREFIX,
-               help='iSCSI authentication password'),
+               help='iSCSI authentication password', secret=True),
 ]
 
 CONF = cfg.CONF
diff --git a/cinder/volume/drivers/zfssa/zfssaiscsi.py b/cinder/volume/drivers/zfssa/zfssaiscsi.py
index 34c073e6ac61f430e80db916567e289bd2a7499e..7a5cf558448aebfafad93158358f0320acef09af 100644 (file)
--- a/cinder/volume/drivers/zfssa/zfssaiscsi.py
+++ b/cinder/volume/drivers/zfssa/zfssaiscsi.py
@@ -55,7 +55,7 @@ ZFSSA_OPTS = [
     cfg.StrOpt('zfssa_initiator_user', default='',
                help='iSCSI initiator CHAP user.'),
     cfg.StrOpt('zfssa_initiator_password', default='',
-               help='iSCSI initiator CHAP password.'),
+               help='iSCSI initiator CHAP password.', secret=True),
     cfg.StrOpt('zfssa_initiator_config', default='',
                help='iSCSI initiators configuration.'),
     cfg.StrOpt('zfssa_target_group', default='tgt-grp',
@@ -63,7 +63,7 @@ ZFSSA_OPTS = [
     cfg.StrOpt('zfssa_target_user', default='',
                help='iSCSI target CHAP user.'),
     cfg.StrOpt('zfssa_target_password', default='',
-               help='iSCSI target CHAP password.'),
+               help='iSCSI target CHAP password.', secret=True),
     cfg.StrOpt('zfssa_target_portal',
                help='iSCSI target portal (Data-IP:Port, w.x.y.z:3260).'),
     cfg.StrOpt('zfssa_target_interfaces',