Comment 0 for bug 2030976

Hi,

I have configured an OpenStack deployment to send Ironic service notifications using oslo_messaging_notifications[1] and noticed that Keystone tokens are being sent in the ['oslo.message']['_context_auth_token'] field of the message payload.

- I have confirmed that auth token is leaked using both a Kafka and RabbitMQ backed
- I have also confirmed that both messaging and messagingv2 options under oslo_messaging_notifications.driver are impacted[2]
- I am using the Victoria version of Openstack and I have not confirmed if this has been patched on newer versions

1) https://docs.openstack.org/ironic/latest/admin/notifications.html
2) https://docs.openstack.org/ironic/victoria/configuration/sample-config.html