Public bug reported: As of this change in Stein:
https://review.openstack.org/#/c/508506/28/nova/notifications/objects/request_spec.py@334 Which is not yet officially released, but is in the 19.0.0.0rc1, the select_destinations versioned notification payload during a move operation (resize, cold/live migrate, unshelve, evacuate) will send the cell database_connection URL and MQ transport_url information which contains credentials to connect directly to the cell DB and MQ, which even though notifications are meant to be internal within openstack services, seems like a pretty bad idea. IOW, just because it's internal to openstack doesn't mean nova needs to give ceilometer the keys to it's cell databases. There seems to be no justification in the change for *why* this information was needed in the notification payload, it seemed to be added simply for completeness. ** Affects: nova Importance: High Assignee: Matt Riedemann (mriedem) Status: Triaged ** Affects: nova/stein Importance: Undecided Status: New ** Tags: notifications security stein-rc-potential ** Changed in: nova Assignee: (unassigned) => Matt Riedemann (mriedem) ** Also affects: nova/stein Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1823104 Title: CellMappingPayload in select_destinations versioned notification sends sensitive database_connection and transport_url information Status in OpenStack Compute (nova): Triaged Status in OpenStack Compute (nova) stein series: New Bug description: As of this change in Stein: https://review.openstack.org/#/c/508506/28/nova/notifications/objects/request_spec.py@334 Which is not yet officially released, but is in the 19.0.0.0rc1, the select_destinations versioned notification payload during a move operation (resize, cold/live migrate, unshelve, evacuate) will send the cell database_connection URL and MQ transport_url information which contains credentials to connect directly to the cell DB and MQ, which even though notifications are meant to be internal within openstack services, seems like a pretty bad idea. IOW, just because it's internal to openstack doesn't mean nova needs to give ceilometer the keys to it's cell databases. There seems to be no justification in the change for *why* this information was needed in the notification payload, it seemed to be added simply for completeness. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1823104/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
