"Fossies" - the Fresh Open Source Software Archive
Member "ironic-12.1.1/releasenotes/notes/mask-configdrive-contents-77fc557d6bc63b2b.yaml" (6 Jun 2019, 1032 Bytes) of package /linux/misc/openstack/ironic-12.1.1.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Ansible YAML source code syntax highlighting (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
3 - Adds a new policy rule that may be used to mask
4 instance-specific secrets, such as configdrive contents or the temp URL
5 used to store a configdrive or instance image. This is similar to how
6 passwords are already masked.
8 - Instance secrets will now, by default, be masked in API
9 responses. Operators wishing to expose the configdrive or instance image
10 to specific users will need to update their policy.json file and grant the
11 relevant keystone roles.
13 - Configdrives often contain sensitive information. Users may upload their
14 own images, which could also contain sensitive information. The Agent
15 drivers may store this information in a Swift temp URL to allow access from
16 the Agent ramdisk. These URLs are considered sensitive information because
17 they grant unauthenticated access to sensitive information. Now,
18 we only selectively expose this information to privileged
19 users, whereas previously it was exposed to all authenticated users.