From: Eric Brown Date: Tue, 24 Feb 2015 07:15:40 +0000 (-0800) Subject: Password config options should be marked secret X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=4fa6fb7e5c0f388b998f7e21a52a7ed2459846f8;p=openstack-build%2Fcinder-build.git Password config options should be marked secret If passwords are not marked secret, there is the potential for them to be logged in a world readable location. SecImpact Change-Id: I3204d12622cf0e5684e7e9ecc5f3755031503d3a --- diff --git a/cinder/backup/drivers/tsm.py b/cinder/backup/drivers/tsm.py index 2ebb69f0f..54364c5b0 100644 --- a/cinder/backup/drivers/tsm.py +++ b/cinder/backup/drivers/tsm.py @@ -46,7 +46,8 @@ tsm_opts = [ help='Volume prefix for the backup id when backing up to TSM'), cfg.StrOpt('backup_tsm_password', default='password', - help='TSM password for the running username'), + help='TSM password for the running username', + secret=True), cfg.BoolOpt('backup_tsm_compression', default=True, help='Enable or Disable compression for backups'), diff --git a/cinder/common/config.py b/cinder/common/config.py index e5cd31578..0c4f57bad 100644 --- a/cinder/common/config.py +++ b/cinder/common/config.py @@ -194,7 +194,8 @@ global_opts = [ cfg.StrOpt('os_privileged_user_password', default=None, help='Password associated with the OpenStack privileged ' - 'account.'), + 'account.', + secret=True), cfg.StrOpt('os_privileged_user_tenant', default=None, help='Tenant name associated with the OpenStack privileged ' diff --git a/cinder/volume/drivers/coraid.py b/cinder/volume/drivers/coraid.py index ea8c4fdf8..1e16d699d 100644 --- a/cinder/volume/drivers/coraid.py +++ b/cinder/volume/drivers/coraid.py @@ -53,7 +53,8 @@ coraid_opts = [ ' (must have admin privilege)'), cfg.StrOpt('coraid_password', default='password', - help='Password to connect to Coraid ESM'), + help='Password to connect to Coraid ESM', + secret=True), cfg.StrOpt('coraid_repository_key', default='coraid_repository', help='Volume Type key name to store ESM Repository Name'), diff --git a/cinder/volume/drivers/hitachi/hbsd_horcm.py b/cinder/volume/drivers/hitachi/hbsd_horcm.py index d061bec01..6175d2d63 100644 --- a/cinder/volume/drivers/hitachi/hbsd_horcm.py +++ b/cinder/volume/drivers/hitachi/hbsd_horcm.py @@ -107,7 +107,8 @@ volume_opts = [ help='Username of storage system for HORCM'), cfg.StrOpt('hitachi_horcm_password', default=None, - help='Password of storage system for HORCM'), + help='Password of storage system for HORCM', + secret=True), cfg.BoolOpt('hitachi_horcm_add_conf', default=True, help='Add to HORCM configuration'), diff --git a/cinder/volume/drivers/hitachi/hbsd_iscsi.py b/cinder/volume/drivers/hitachi/hbsd_iscsi.py index 14be4e633..558a27d43 100644 --- a/cinder/volume/drivers/hitachi/hbsd_iscsi.py +++ b/cinder/volume/drivers/hitachi/hbsd_iscsi.py @@ -46,7 +46,7 @@ volume_opts = [ help='iSCSI authentication username'), cfg.StrOpt('hitachi_auth_password', default='%sCHAP-password' % basic_lib.NAME_PREFIX, - help='iSCSI authentication password'), + help='iSCSI authentication password', secret=True), ] CONF = cfg.CONF diff --git a/cinder/volume/drivers/zfssa/zfssaiscsi.py b/cinder/volume/drivers/zfssa/zfssaiscsi.py index 34c073e6a..7a5cf5584 100644 --- a/cinder/volume/drivers/zfssa/zfssaiscsi.py +++ b/cinder/volume/drivers/zfssa/zfssaiscsi.py @@ -55,7 +55,7 @@ ZFSSA_OPTS = [ cfg.StrOpt('zfssa_initiator_user', default='', help='iSCSI initiator CHAP user.'), cfg.StrOpt('zfssa_initiator_password', default='', - help='iSCSI initiator CHAP password.'), + help='iSCSI initiator CHAP password.', secret=True), cfg.StrOpt('zfssa_initiator_config', default='', help='iSCSI initiators configuration.'), cfg.StrOpt('zfssa_target_group', default='tgt-grp', @@ -63,7 +63,7 @@ ZFSSA_OPTS = [ cfg.StrOpt('zfssa_target_user', default='', help='iSCSI target CHAP user.'), cfg.StrOpt('zfssa_target_password', default='', - help='iSCSI target CHAP password.'), + help='iSCSI target CHAP password.', secret=True), cfg.StrOpt('zfssa_target_portal', help='iSCSI target portal (Data-IP:Port, w.x.y.z:3260).'), cfg.StrOpt('zfssa_target_interfaces',