We failed to properly update this bug with context related to the fix.
What we found is that oslo.messaging's notification support only filters sensitive information (almost the entire request context is filtered, in fact) when notifications are logged. When those same notifications are sent to a message bug (amqp or kafka), they contain secrets including an auth token.
Once that fix is in, we need to update requirements or the services in question to ensure they will install the newer oslo.messaging. I am unsure of the correct mechanism for this change.
[at this point the bug is resolved]
Once that is done, we will move on to stage 2, which is mostly cleaning up tech debt caused by the coarse, backportable approach taken by the initial patch. This involves updating, and releasing, oslo.context to include a method to get a sanitized copy of the context. The follow-on oslo.messaging fix will use that context method instead of filtering manually.
The only changes that will be needed in Ironic/Nova or other impacted OpenStack services will be something to ensure that only fixed versions of oslo.messaging will be installed with them.
We failed to properly update this bug with context related to the fix.
What we found is that oslo.messaging's notification support only filters sensitive information (almost the entire request context is filtered, in fact) when notifications are logged. When those same notifications are sent to a message bug (amqp or kafka), they contain secrets including an auth token.
The first-stage fix, https:/ /review. opendev. org/c/openstack /oslo.messaging /+/891096/ 11/oslo_ messaging/ notify/ notifier. py#174, filters the context for secrets before passing the context onto the messaging bus. This should be backported as far back in oslo.messaging as possible. (this is where we are now; this patch is landed in master and pending review as far back as victoria).
Once that fix is in, we need to update requirements or the services in question to ensure they will install the newer oslo.messaging. I am unsure of the correct mechanism for this change.
[at this point the bug is resolved]
Once that is done, we will move on to stage 2, which is mostly cleaning up tech debt caused by the coarse, backportable approach taken by the initial patch. This involves updating, and releasing, oslo.context to include a method to get a sanitized copy of the context. The follow-on oslo.messaging fix will use that context method instead of filtering manually.
The only changes that will be needed in Ironic/Nova or other impacted OpenStack services will be something to ensure that only fixed versions of oslo.messaging will be installed with them.