python-neutronclient

Limit logging of credentials in services using the client

Registered by Stanislaw Pitucha on 2013-06-28

Currently, debug settings cause logging of the credentials in services using neutronclient. This should be limited unless explicitly requested, as credentials will be stored in log files for a long time and most likely will be still usable after many days.

Shell utilities do not need to have the redaction enabled, since debug messages are not visible by default. Even when they're enabled, they're not stored permanently and may be useful for reproducing the exact action using curl.

Further removing all tokens could be useful, but since their usage is limited in time and they're used all over different parts of the code, it's a separate, much longer task.

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: None

Direction:: Needs approval

Assignee:: None

Definition:: New

Series goal:: Accepted for 2.0

Implementation:: Implemented

Milestone target:: 2.2.1-2.2.6

Started by: Akihiro Motoki on 2014-08-30

Completed by: Akihiro Motoki on 2014-08-30

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/limit-credentials-logging,n,z

Addressed by: https://review.openstack.org/29573
Don't log the credentials by default

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.