From: Eric Brown <browne@vmware.com>
Date: Wed, 25 Feb 2015 23:36:59 +0000 (-0800)
Subject: Password config options should be marked secret
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=df63520f17061cedfc1d9289c7905db33536dadd;p=openstack-build%2Fneutron-build.git

Password config options should be marked secret

If passwords are not marked secret, there is the potential for
them to be logged in a world readable location.

Link to the OSSG guideline (may change in the future):
https://github.com/hyakuhei/OSSG-Security-Practices/blob/master/sensitive_config_file_options.md

Oslo.config descriptions:
http://docs.openstack.org/developer/oslo.config/cfg.html#special-handling-instructions

SecImpact

Change-Id: I6d5c80b7610d593fdd331c726039f1456d2c5bf7
---

diff --git a/neutron/plugins/cisco/db/l3/device_handling_db.py b/neutron/plugins/cisco/db/l3/device_handling_db.py
index da5c90ef4..e8c3a8187 100644
--- a/neutron/plugins/cisco/db/l3/device_handling_db.py
+++ b/neutron/plugins/cisco/db/l3/device_handling_db.py
@@ -77,7 +77,7 @@ CSR1KV_OPTS = [
                       'becomes operational.')),
     cfg.StrOpt('csr1kv_username', default='stack',
                help=_('Username to use for CSR1kv configurations.')),
-    cfg.StrOpt('csr1kv_password', default='cisco',
+    cfg.StrOpt('csr1kv_password', default='cisco', secret=True,
                help=_('Password to use for CSR1kv configurations.'))
 ]