Added Swift location security.
When using swift as a backend store a request to the registry may display the swift user's credentials in plaintext. Change this to have the credentials encrypted.
Blueprint information
- Status:
- Complete
- Approver:
- Jay Pipes
- Priority:
- Medium
- Drafter:
- Stuart McLaren
- Direction:
- Approved
- Assignee:
- Stuart McLaren
- Definition:
- Approved
- Series goal:
- Accepted for essex
- Implementation:
- Implemented
- Milestone target:
- 2012.1
- Started by
- Thierry Carrez
- Completed by
- Thierry Carrez
Related branches
Related bugs
Sprints
Whiteboard
One potential way to do this would be as follows:
1) introduce a new parameter in glance-api.conf
swift_encryptio
If present this would signal both that the 'swift_store_key' is
encrypted, and the specified swift_encryptio
the encryption. The swift_encryptio
the swift 'Store'.
If absent behaviour would be unchanged from what it is currently.
2) store the encrypted swift_store_key rather than the plaintext in the
location parameter
3) decrypt the key when needed using the swift_encryptio
Note that this change is not intended to make the configuration file
more secure, just the location parameter.
Potentially the entire location could be encrypted, alternatively the
user's credentials (username/password) could be padded to a
minimum length.
There are some corner cases at the moment where swift credentials
containing characters which are not 'URL safe' eg '/',':' may not be handled properly.
I'm not intending to handle that here, but this feature should be implemented
not to introduce additional such corner cases if possible.
The python 'Crypto' library's AES function may be the way to go here -- note that this would
add an additional package dependency.
Some additional thoughts from Jay:
* Why just the Swift store? Any location field for any driver may contain sensitive information (creds, filepaths, etc). What about making the configuration file option just "location_
Gerrit topic: https:/
Addressed by: https:/
Adds option to encrypt 'location' metadata.