CellMappingPayload in select_destinations versioned notification sends sensitive database_connection and transport_url information
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Matt Riedemann | ||
Stein |
Fix Committed
|
High
|
Eric Fried |
Bug Description
As of this change in Stein:
https:/
Which is not yet officially released, but is in the 19.0.0.0rc1, the select_destinations versioned notification payload during a move operation (resize, cold/live migrate, unshelve, evacuate) will send the cell database_connection URL and MQ transport_url information which contains credentials to connect directly to the cell DB and MQ, which even though notifications are meant to be internal within openstack services, seems like a pretty bad idea. IOW, just because it's internal to openstack doesn't mean nova needs to give ceilometer the keys to it's cell databases.
There seems to be no justification in the change for *why* this information was needed in the notification payload, it seemed to be added simply for completeness.
Changed in nova: | |
assignee: | nobody → Matt Riedemann (mriedem) |
Fix proposed to branch: master /review. openstack. org/649775
Review: https:/