2022-06-03 13:31:09 |
Pavlo Shchelokovskyy |
bug |
|
|
added bug |
2022-06-03 13:31:09 |
Pavlo Shchelokovskyy |
attachment added |
|
0001-Do-not-log-sensitive-info-in-OIDC.patch https://bugs.launchpad.net/bugs/1977516/+attachment/5594651/+files/0001-Do-not-log-sensitive-info-in-OIDC.patch |
|
2022-06-27 15:39:05 |
Jeremy Stanley |
bug task added |
|
ossa |
|
2022-06-27 15:39:18 |
Jeremy Stanley |
ossa: status |
New |
Incomplete |
|
2022-06-27 15:44:15 |
Jeremy Stanley |
description |
This might lead to unintended password disclosure, so marking as security vulnerability
What I have now using self-deployed keycloak as IdP (hence insecure: true)
$ cat ~/.config/openstack/clouds.yaml
clouds:
federated:
auth_type: v3oidcpassword
auth:
auth_url: https://keystone.it.just.works/v3
project_name: admin
project_domain_name: Default
identity-provider: keycloak
protocol: mapped
client-id: os
client-secret: someRandomClientSecretMightBeNull
openid-scope: openid
access-token-endpoint: https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token
discovery-endpoint: https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration
username: pshchelokovskyy
password: "CLEAR TEXT PASSWORD!!!"
region_name: RegionOne
insecure: true
identity_api_version: 3
$ openstack --os-cloud federated --debug token issue
...
Using auth plugin: v3oidcpassword
Using parameters {'scope': 'openid', 'auth_url': 'https://keystone.it.just.works/v3', 'project_name': 'admin', 'project_domain_name': 'Default', 'identity_provider': 'keycloak', 'protocol': 'mapped', 'client_id': 'os', 'client_secret': '***', 'access_token_endpoint': 'https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token', 'discovery_endpoint': 'https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration', 'username': 'pshchelokovskyy', 'password': '***'}
Turning off SSL warnings for federated:RegionOne since verify=False
Turning off Insecure SSL warnings since verify=False
Get auth_ref
REQ: curl -g -i --insecure -X GET https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration -H "User-Agent: openstacksdk/0.52.0 keystoneauth1/4.2.1 python-requests/2.25.0 CPython/3.6.9"
Starting new HTTPS connection (1): keycloak.it.just.works:443
https://keycloak.it.just.works:443 "GET /auth/realms/iam/.well-known/openid-configuration HTTP/1.1" 200 2578
RESP: [200] Cache-Control: no-cache, must-revalidate, no-transform, no-store Connection: keep-alive Content-Length: 2578 Content-Type: application/json Date: Thu, 03 Dec 2020 14:25:29 GMT
RESP BODY: {"issuer":"https://keycloak.it.just.works/auth/realms/iam","authorization_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/auth","token_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token","token_introspection_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/userinfo","end_session_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/logout","jwks_uri":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/certs","check_session_iframe":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA1_5"],"id_token_encryption_enc_values_supported":["A128GCM","A128CBC-HS256"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","ES256","RS256","ES512","PS256","PS512","RS512","none"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"https://keycloak.it.just.works/auth/realms/iam/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email"],"claim_types_supported":["normal"],"claims_parameter_supported":false,"scopes_supported":["openid","profile","web-origins","offline_access","email","roles","phone","address","microprofile-jwt"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"code_challenge_methods_supported":["plain","S256"],"tls_client_certificate_bound_access_tokens":true,"introspection_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token/introspect"}
REQ: curl -g -i --insecure -X POST https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token -H "User-Agent: openstacksdk/0.52.0 keystoneauth1/4.2.1 python-requests/2.25.0 CPython/3.6.9" -d '{'username': 'pshchelokovskyy', 'password': 'CLEAR TEXT PASSWORD!!!', 'scope': 'openid', 'grant_type': 'password'}'
...
Notice how the password is masked when just logging args (Using parameters ... log line) but is printed unmasked when logging the curl equivalent of the request.
Initially filed quite some time ago for python-openstackclient, but now I came back to it and found some time to dig thru to the actual cause.
In the attached patch I attempted to keep as much useful info at debug level as possible. If it is deemed not so useful, patch could be made much shorter |
This issue is being treated as a potential security risk under
embargo. Please do not make any public mention of embargoed
(private) security vulnerabilities before their coordinated
publication by the OpenStack Vulnerability Management Team in the
form of an official OpenStack Security Advisory. This includes
discussion of the bug or associated fixes in public forums such as
mailing lists, code review systems and bug trackers. Please also
avoid private disclosure to other individuals not already approved
for access to this information, and provide this same reminder to
those who are made aware of the issue prior to publication. All
discussion should remain confined to this private bug report, and
any proposed fixes should be added to the bug as attachments. This
embargo shall not extend past 2022-09-25 and will be made
public by or on that date even if no fix is identified.
This might lead to unintended password disclosure, so marking as security vulnerability
What I have now using self-deployed keycloak as IdP (hence insecure: true)
$ cat ~/.config/openstack/clouds.yaml
clouds:
federated:
auth_type: v3oidcpassword
auth:
auth_url: https://keystone.it.just.works/v3
project_name: admin
project_domain_name: Default
identity-provider: keycloak
protocol: mapped
client-id: os
client-secret: someRandomClientSecretMightBeNull
openid-scope: openid
access-token-endpoint: https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token
discovery-endpoint: https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration
username: pshchelokovskyy
password: "CLEAR TEXT PASSWORD!!!"
region_name: RegionOne
insecure: true
identity_api_version: 3
$ openstack --os-cloud federated --debug token issue
...
Using auth plugin: v3oidcpassword
Using parameters {'scope': 'openid', 'auth_url': 'https://keystone.it.just.works/v3', 'project_name': 'admin', 'project_domain_name': 'Default', 'identity_provider': 'keycloak', 'protocol': 'mapped', 'client_id': 'os', 'client_secret': '***', 'access_token_endpoint': 'https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token', 'discovery_endpoint': 'https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration', 'username': 'pshchelokovskyy', 'password': '***'}
Turning off SSL warnings for federated:RegionOne since verify=False
Turning off Insecure SSL warnings since verify=False
Get auth_ref
REQ: curl -g -i --insecure -X GET https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration -H "User-Agent: openstacksdk/0.52.0 keystoneauth1/4.2.1 python-requests/2.25.0 CPython/3.6.9"
Starting new HTTPS connection (1): keycloak.it.just.works:443
https://keycloak.it.just.works:443 "GET /auth/realms/iam/.well-known/openid-configuration HTTP/1.1" 200 2578
RESP: [200] Cache-Control: no-cache, must-revalidate, no-transform, no-store Connection: keep-alive Content-Length: 2578 Content-Type: application/json Date: Thu, 03 Dec 2020 14:25:29 GMT
RESP BODY: {"issuer":"https://keycloak.it.just.works/auth/realms/iam","authorization_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/auth","token_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token","token_introspection_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/userinfo","end_session_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/logout","jwks_uri":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/certs","check_session_iframe":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA1_5"],"id_token_encryption_enc_values_supported":["A128GCM","A128CBC-HS256"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","ES256","RS256","ES512","PS256","PS512","RS512","none"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"https://keycloak.it.just.works/auth/realms/iam/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email"],"claim_types_supported":["normal"],"claims_parameter_supported":false,"scopes_supported":["openid","profile","web-origins","offline_access","email","roles","phone","address","microprofile-jwt"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"code_challenge_methods_supported":["plain","S256"],"tls_client_certificate_bound_access_tokens":true,"introspection_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token/introspect"}
REQ: curl -g -i --insecure -X POST https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token -H "User-Agent: openstacksdk/0.52.0 keystoneauth1/4.2.1 python-requests/2.25.0 CPython/3.6.9" -d '{'username': 'pshchelokovskyy', 'password': 'CLEAR TEXT PASSWORD!!!', 'scope': 'openid', 'grant_type': 'password'}'
...
Notice how the password is masked when just logging args (Using parameters ... log line) but is printed unmasked when logging the curl equivalent of the request.
Initially filed quite some time ago for python-openstackclient, but now I came back to it and found some time to dig thru to the actual cause.
In the attached patch I attempted to keep as much useful info at debug level as possible. If it is deemed not so useful, patch could be made much shorter |
|
2022-06-27 15:44:38 |
Jeremy Stanley |
bug |
|
|
added subscriber Keystone Core security contacts |
2022-10-18 17:24:28 |
Jeremy Stanley |
description |
This issue is being treated as a potential security risk under
embargo. Please do not make any public mention of embargoed
(private) security vulnerabilities before their coordinated
publication by the OpenStack Vulnerability Management Team in the
form of an official OpenStack Security Advisory. This includes
discussion of the bug or associated fixes in public forums such as
mailing lists, code review systems and bug trackers. Please also
avoid private disclosure to other individuals not already approved
for access to this information, and provide this same reminder to
those who are made aware of the issue prior to publication. All
discussion should remain confined to this private bug report, and
any proposed fixes should be added to the bug as attachments. This
embargo shall not extend past 2022-09-25 and will be made
public by or on that date even if no fix is identified.
This might lead to unintended password disclosure, so marking as security vulnerability
What I have now using self-deployed keycloak as IdP (hence insecure: true)
$ cat ~/.config/openstack/clouds.yaml
clouds:
federated:
auth_type: v3oidcpassword
auth:
auth_url: https://keystone.it.just.works/v3
project_name: admin
project_domain_name: Default
identity-provider: keycloak
protocol: mapped
client-id: os
client-secret: someRandomClientSecretMightBeNull
openid-scope: openid
access-token-endpoint: https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token
discovery-endpoint: https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration
username: pshchelokovskyy
password: "CLEAR TEXT PASSWORD!!!"
region_name: RegionOne
insecure: true
identity_api_version: 3
$ openstack --os-cloud federated --debug token issue
...
Using auth plugin: v3oidcpassword
Using parameters {'scope': 'openid', 'auth_url': 'https://keystone.it.just.works/v3', 'project_name': 'admin', 'project_domain_name': 'Default', 'identity_provider': 'keycloak', 'protocol': 'mapped', 'client_id': 'os', 'client_secret': '***', 'access_token_endpoint': 'https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token', 'discovery_endpoint': 'https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration', 'username': 'pshchelokovskyy', 'password': '***'}
Turning off SSL warnings for federated:RegionOne since verify=False
Turning off Insecure SSL warnings since verify=False
Get auth_ref
REQ: curl -g -i --insecure -X GET https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration -H "User-Agent: openstacksdk/0.52.0 keystoneauth1/4.2.1 python-requests/2.25.0 CPython/3.6.9"
Starting new HTTPS connection (1): keycloak.it.just.works:443
https://keycloak.it.just.works:443 "GET /auth/realms/iam/.well-known/openid-configuration HTTP/1.1" 200 2578
RESP: [200] Cache-Control: no-cache, must-revalidate, no-transform, no-store Connection: keep-alive Content-Length: 2578 Content-Type: application/json Date: Thu, 03 Dec 2020 14:25:29 GMT
RESP BODY: {"issuer":"https://keycloak.it.just.works/auth/realms/iam","authorization_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/auth","token_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token","token_introspection_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/userinfo","end_session_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/logout","jwks_uri":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/certs","check_session_iframe":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA1_5"],"id_token_encryption_enc_values_supported":["A128GCM","A128CBC-HS256"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","ES256","RS256","ES512","PS256","PS512","RS512","none"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"https://keycloak.it.just.works/auth/realms/iam/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email"],"claim_types_supported":["normal"],"claims_parameter_supported":false,"scopes_supported":["openid","profile","web-origins","offline_access","email","roles","phone","address","microprofile-jwt"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"code_challenge_methods_supported":["plain","S256"],"tls_client_certificate_bound_access_tokens":true,"introspection_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token/introspect"}
REQ: curl -g -i --insecure -X POST https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token -H "User-Agent: openstacksdk/0.52.0 keystoneauth1/4.2.1 python-requests/2.25.0 CPython/3.6.9" -d '{'username': 'pshchelokovskyy', 'password': 'CLEAR TEXT PASSWORD!!!', 'scope': 'openid', 'grant_type': 'password'}'
...
Notice how the password is masked when just logging args (Using parameters ... log line) but is printed unmasked when logging the curl equivalent of the request.
Initially filed quite some time ago for python-openstackclient, but now I came back to it and found some time to dig thru to the actual cause.
In the attached patch I attempted to keep as much useful info at debug level as possible. If it is deemed not so useful, patch could be made much shorter |
This might lead to unintended password disclosure, so marking as security vulnerability
What I have now using self-deployed keycloak as IdP (hence insecure: true)
$ cat ~/.config/openstack/clouds.yaml
clouds:
federated:
auth_type: v3oidcpassword
auth:
auth_url: https://keystone.it.just.works/v3
project_name: admin
project_domain_name: Default
identity-provider: keycloak
protocol: mapped
client-id: os
client-secret: someRandomClientSecretMightBeNull
openid-scope: openid
access-token-endpoint: https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token
discovery-endpoint: https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration
username: pshchelokovskyy
password: "CLEAR TEXT PASSWORD!!!"
region_name: RegionOne
insecure: true
identity_api_version: 3
$ openstack --os-cloud federated --debug token issue
...
Using auth plugin: v3oidcpassword
Using parameters {'scope': 'openid', 'auth_url': 'https://keystone.it.just.works/v3', 'project_name': 'admin', 'project_domain_name': 'Default', 'identity_provider': 'keycloak', 'protocol': 'mapped', 'client_id': 'os', 'client_secret': '***', 'access_token_endpoint': 'https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token', 'discovery_endpoint': 'https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration', 'username': 'pshchelokovskyy', 'password': '***'}
Turning off SSL warnings for federated:RegionOne since verify=False
Turning off Insecure SSL warnings since verify=False
Get auth_ref
REQ: curl -g -i --insecure -X GET https://keycloak.it.just.works/auth/realms/iam/.well-known/openid-configuration -H "User-Agent: openstacksdk/0.52.0 keystoneauth1/4.2.1 python-requests/2.25.0 CPython/3.6.9"
Starting new HTTPS connection (1): keycloak.it.just.works:443
https://keycloak.it.just.works:443 "GET /auth/realms/iam/.well-known/openid-configuration HTTP/1.1" 200 2578
RESP: [200] Cache-Control: no-cache, must-revalidate, no-transform, no-store Connection: keep-alive Content-Length: 2578 Content-Type: application/json Date: Thu, 03 Dec 2020 14:25:29 GMT
RESP BODY: {"issuer":"https://keycloak.it.just.works/auth/realms/iam","authorization_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/auth","token_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token","token_introspection_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/userinfo","end_session_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/logout","jwks_uri":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/certs","check_session_iframe":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA1_5"],"id_token_encryption_enc_values_supported":["A128GCM","A128CBC-HS256"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","ES256","RS256","ES512","PS256","PS512","RS512","none"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"https://keycloak.it.just.works/auth/realms/iam/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email"],"claim_types_supported":["normal"],"claims_parameter_supported":false,"scopes_supported":["openid","profile","web-origins","offline_access","email","roles","phone","address","microprofile-jwt"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"code_challenge_methods_supported":["plain","S256"],"tls_client_certificate_bound_access_tokens":true,"introspection_endpoint":"https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token/introspect"}
REQ: curl -g -i --insecure -X POST https://keycloak.it.just.works/auth/realms/iam/protocol/openid-connect/token -H "User-Agent: openstacksdk/0.52.0 keystoneauth1/4.2.1 python-requests/2.25.0 CPython/3.6.9" -d '{'username': 'pshchelokovskyy', 'password': 'CLEAR TEXT PASSWORD!!!', 'scope': 'openid', 'grant_type': 'password'}'
...
Notice how the password is masked when just logging args (Using parameters ... log line) but is printed unmasked when logging the curl equivalent of the request.
Initially filed quite some time ago for python-openstackclient, but now I came back to it and found some time to dig thru to the actual cause.
In the attached patch I attempted to keep as much useful info at debug level as possible. If it is deemed not so useful, patch could be made much shorter |
|
2022-10-18 17:24:33 |
Jeremy Stanley |
information type |
Private Security |
Public |
|
2022-10-18 17:24:42 |
Jeremy Stanley |
tags |
|
security |
|
2022-10-18 17:24:49 |
Jeremy Stanley |
ossa: status |
Incomplete |
Won't Fix |
|
2022-10-19 16:56:06 |
OpenStack Infra |
keystoneauth: status |
New |
In Progress |
|