puppet-ceilometer

Hard-coded passwords found in Puppet scripts

Bug #1785533 reported by Akond Rahman
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-ceilometer
New
Undecided
Unassigned

Bug Description

Detailed bug description:

I am a security researcher, who is looking for security smells in Puppet scripts.
I noticed instances of hard-coded passwords, which are against the best practices
recommended by Common Weakness Enumeration (CWE) [https://cwe.mitre.org/data/definitions/259.html] and also by other security practitioners.

Feedback is welcome.

I noticed hard-coded passwords in the following scripts. As all of these following scripts point to the same problem I am submitting one bug report instead of multiple bug reports for different projects.

fuel-library/deployment/puppet/fuel/examples/host.pp
fuel-library/deployment/puppet/fuel/manifests/params.pp
fuel-library/deployment/puppet/openstack_tasks/manifests/ironic/ironic_compute.pp
fuel-library/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp
fuel-library/deployment/puppet/openstack_tasks/manifests/ironic/keystone.pp
fuel-library/deployment/puppet/openstack/manifests/cinder.pp
fuel-library/deployment/puppet/openstack/manifests/network/neutron_agents.pp
fuel-library/deployment/puppet/openstack/tests/all.pp
fuel-library/deployment/puppet/osnailyfacter/manifests/ssh.pp
fuel-plugin-ci/puppet-manifests/modules/fuel_project/manifests/common.pp
fuel-plugin-cisco-aci/deployment_scripts/puppet/modules/cisco_aci/manifests/gbp_and_apic_gbp.pp
fuel-plugin-cisco-aci/deployment_scripts/puppet/modules/cisco_aci/manifests/generic_apic_ml2.pp
fuel-plugin-cisco-aci/deployment_scripts/puppet/modules/neutron/manifests/config_apic.pp
fuel-plugin-cisco-aci/deployment_scripts/puppet/modules/neutron/manifests/config_auth.pp
fuel-plugin-elasticsearch-kibana/deployment_scripts/puppet/modules/lma_logging_analytics/manifests/kibana_authentication.pp
fuel-plugin-elasticsearch-kibana/deployment_scripts/puppet/modules/lma_logging_analytics/manifests/params.pp
fuel-plugin-external-zabbix/deployment_scripts/puppet/modules/plugin_zabbix/manifests/db/mysql.pp
fuel-plugin-ironic/deployment_scripts/puppet/manifests/ironic-compute.pp
fuel-plugin-lma-infrastructure-alerting/deployment_scripts/puppet/modules/nagios/manifests/cgi.pp
fuel-plugin-lma-infrastructure-alerting/deployment_scripts/puppet/modules/nagios/manifests/params.pp
fuel-plugin-scaleio/deployment_scripts/puppet/manifests/cinder.pp
puppet-ceilometer-2018-06/examples/ceilometer_with_gnocchi.pp
puppet-cinder-2018-06/examples/cinder_volume_with_pacemaker.pp
 puppet-designate/example/all-in-one-keystone.pp
 puppet-glance/examples/glance_multi_store.pp
 puppet-glance/examples/glance_single_store.pp
 puppet-glance/tests/site.pp
 puppet-gnocchi/examples/site.pp
 puppet-heat/examples/site.pp
 puppet-heat/manifests/db/postgresql.pp
 puppet-ironic/examples/ironic.pp
 puppet-keystone/examples/apache_dropin.pp
 puppet-keystone/examples/apache_with_paths.pp
 puppet-keystone/examples/k2k_sp_shib.pp
 puppet-keystone/examples/ldap_backend.pp
 puppet-keystone/examples/ldap_full.pp
 puppet-keystone/examples/ldap_identity.pp
 puppet-keystone/examples/v3_basic.pp
 puppet-keystone/examples/v3_domain_configuration.pp
 puppet-keystone/manifests/federation/openidc.pp
 puppet-keystone/tests/site.pp
 puppet-magnum/examples/magnum.pp
 puppet-magnum/manifests/keystone/domain.pp
 puppet-manila/manifests/rabbitmq.pp
 puppet-midonet/manifests/cli.pp
 puppet-midonet/manifests/init.pp
 puppet-neutron/examples/cisco_ml2.pp
 puppet-neutron/examples/neutron_l3_with_to_uuid.pp
 puppet-neutron/examples/neutron_with_pacemaker.pp
 puppet-neutron/examples/neutron_wsgi.pp
 puppet-neutron/examples/neutron.pp
 puppet-nova/examples/nova_with_pacemaker.pp
 puppet-nova/examples/nova_wsgi.pp
 puppet-nova/manifests/ironic/common.pp
 puppet-nova/manifests/manage/cells.pp
 puppet-openstack-integration/manifests/aodh.pp
 puppet-openstack-integration/manifests/barbican.pp
 puppet-openstack-integration/manifests/ceilometer.pp
 puppet-openstack-integration/manifests/cinder.pp
 puppet-openstack-integration/manifests/designate.pp
 puppet-openstack-integration/manifests/ec2api.pp
 puppet-openstack-integration/manifests/glance.pp
 puppet-openstack-integration/manifests/gnocchi.pp
 puppet-openstack-integration/manifests/heat.pp
 puppet-openstack-integration/manifests/ironic.pp
 puppet-openstack-integration/manifests/keystone.pp
 puppet-openstack-integration/manifests/mistral.pp
 puppet-openstack-integration/manifests/murano.pp
 puppet-openstack-integration/manifests/neutron.pp
 puppet-openstack-integration/manifests/nova.pp
 puppet-openstack-integration/manifests/panko.pp
 puppet-openstack-integration/manifests/sahara.pp
 puppet-openstack-integration/manifests/swift.pp
 puppet-openstack-integration/manifests/tempest.pp
 puppet-openstack-integration/manifests/trove.pp
 puppet-openstack-integration/manifests/vitrage.pp
 puppet-openstack-integration/manifests/zaqar.pp
 puppet-pacemaker/manifests/params.pp
 puppet-pacemaker/manifests/stonith/fence_xvm.pp
 puppet-sahara/examples/basic.pp
 puppet-swift/manifests/keystone/auth.pp
 puppet-swift/manifests/keystone/dispersion.pp
 puppet-swift/manifests/proxy/authtoken.pp
 puppet-swift/manifests/proxy/ceilometer.pp
 puppet-trove/examples/site.pp
 puppet-vitrage/examples/vitrage.pp

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.