Remove sensitive data from store locations

Registered by Mark Washenberger on 2013-04-25

Glance should no longer store any sensitive information in image locations. This will require changes to the swift store at minimum, but may require changes to other stores as well.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Approved
Assignee:
Iccha Sethi
Definition:
Approved
Series goal:
Accepted for future
Implementation:
Unknown
Milestone target:
milestone icon next

Related branches

Sprints

Whiteboard

https://etherpad.openstack.org/remove-sensitive-location-info-glance

Gerrit topic: https://review.openstack.org/#q,topic:bp/remove-sensitive-data-from-locations,n,z

Addressed by: https://review.openstack.org/34801
    Remove user and key from location in swift

Addressed by: https://review.openstack.org/45221
    Fixes bug #1213197

Addressed by: https://review.openstack.org/46693
    Glance manage should parse glance-api.conf

Gerrit topic: https://review.openstack.org/#q,topic:bp/image-create-in-v1-with-location-should-validate-the-location-uri,n,z

Gerrit topic: https://review.openstack.org/#q,topic:bp/v1-image-create-should-validate-the-location-uri,n,z

Addressed by: https://review.openstack.org/72999
    Differentiate user and system created swift location

This received some attention at the mini summit, tracked here:
  https://etherpad.openstack.org/p/glance-swift-location (especially at the bottom of the pad)
I'm starting to get a bit concerned we haven't figured out all the gotchas with this plan. Can we regroup around that blueprint and try to come up with all the use cases we care about?

markwash more-info 2014-02-15

The general feeling here is that this has merit on its own even if it doesn't really help with the client distribution aspects. Assigning Iccha just because I know historically she has been the contact, but go ahead and fix the assignee if that change seems wrong. We just need an assignee if this is going to be targeted.

markwash untagged 2014-03-03

Addressed by: https://review.openstack.org/98722
    Remove user and key from location in swift

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.