Public bug reported: It is Horizon version of bug 1327019. Various modules in openstack_dashboard/api logs token. In other modules, token value is not logged now and is output as *REDACTED* or some similar string. In Horizon case, these log lines are simply removed to fix the issue as it seems this logging is unnecessary in most cases.
I don't think this needs to be private based on the discussion in bug 1327019. def novaclient(request): insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) LOG.debug('novaclient connection created using token "%s" and url "%s"' % (request.user.token.id, base.url_for(request, 'compute'))) c = nova_client.Client(request.user.username, request.user.token.id, project_id=request.user.tenant_id, auth_url=base.url_for(request, 'compute'), insecure=insecure, cacert=cacert, http_log_debug=settings.DEBUG) c.client.auth_token = request.user.token.id c.client.management_url = base.url_for(request, 'compute') return c ** Affects: horizon Importance: High Assignee: Akihiro Motoki (amotoki) Status: New ** Tags: security -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1380642 Title: Horizon should not log token Status in OpenStack Dashboard (Horizon): New Bug description: It is Horizon version of bug 1327019. Various modules in openstack_dashboard/api logs token. In other modules, token value is not logged now and is output as *REDACTED* or some similar string. In Horizon case, these log lines are simply removed to fix the issue as it seems this logging is unnecessary in most cases. I don't think this needs to be private based on the discussion in bug 1327019. def novaclient(request): insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) LOG.debug('novaclient connection created using token "%s" and url "%s"' % (request.user.token.id, base.url_for(request, 'compute'))) c = nova_client.Client(request.user.username, request.user.token.id, project_id=request.user.tenant_id, auth_url=base.url_for(request, 'compute'), insecure=insecure, cacert=cacert, http_log_debug=settings.DEBUG) c.client.auth_token = request.user.token.id c.client.management_url = base.url_for(request, 'compute') return c To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1380642/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp