Snapshot download with authentication

Registered by Sylwester Brzeczkowski on 2015-06-18

It is possible to guess (by brute force) diagnostic snapshot name and as a
result get access to all logins and passwords.

Blueprint information

Status:
Started
Approver:
Tomasz 'Zen' Napierala
Priority:
High
Drafter:
Sylwester Brzeczkowski
Direction:
Approved
Assignee:
Sylwester Brzeczkowski
Definition:
Review
Series goal:
Accepted for 7.0.x
Implementation:
Good progress
Milestone target:
milestone icon 7.0
Started by
Łukasz Oleś on 2015-06-25

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/snapshot-download-with-auth,n,z

Addressed by: https://review.openstack.org/193109
    Blueprint: snapshot-download-with-auth

Addressed by: https://review.openstack.org/194701
    Snapshot download with authentication

Addressed by: https://review.openstack.org/195093
    Change /dump url to internal in nginx conf

Addressed by: https://review.openstack.org/195963
    Attach auth token to snapshot download request

Addressed by: https://review.openstack.org/200444
    Added tests for downloading diagnostic snapshot with auth

Addressed by: https://review.openstack.org/323341
    Snapshot download with authentication

Addressed by: https://review.openstack.org/323357
    Attach auth token to snapshot download request

Addressed by: https://review.openstack.org/323359
    Change /dump url to internal in nginx conf

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.