Porting changes from Release 0.2

* Fix leaking password in murano-api logs (resolved: MRN-861) * Added function to clean deployment description * Updated SQLAlchemy requirement * Changed default values of vhost, login, password (resolved: MRN-880) * Updated requirements for murano-common Now murano-common is installed from pypi and has correct version requirements Change-Id: I765808820b0ccbdb1d24c776cbe674c00822a3e4
2013-09-03 19:14:00 +04:00 · 2013-09-03 19:14:00 +04:00 · 10650817a9
commit 10650817a9
parent bc87e2f8a7
5 changed files with 19 additions and 17 deletions
--- a/etc/murano-api.conf
+++ b/etc/murano-api.conf
@ -45,13 +45,16 @@ ssl = False
 ca_certs =

 # RabbitMQ credentials. Fresh RabbitMQ installation has "guest" account with "guest" password
-# It is recommended to create dedicated user account for Murano using RabbitMQ web console or command line utility
-login = guest
-password = guest
+# It's assumed here that default credentials were changed in accordance with this config.
+# You can use rabbitmqctl add_user ... command for that.
+# It is recommended to change default credentials for Murano using RabbitMQ web console or command line utility.
+login = muranouser
+password = murano

-#RabbitMQ virtual host (vhost). Fresh RabbitMQ installation has "/" vhost preconfigured.
-# It is recommended to create dedicated vhost for Murano using RabbitMQ web console or command line utility
-virtual_host = /
+# RabbitMQ virtual host (vhost). Fresh RabbitMQ installation has "/" vhost preconfigured.
+# It's assumed here that default vhost was changed in accordance with this config.
+# You can use rabbitmqctl add_vhost ... command for that.
+virtual_host = muranovhost

 [ssl]
 #Parameters to configure SSL for trusted HTTPS connection
--- a/muranoapi/api/v1/services.py
+++ b/muranoapi/api/v1/services.py
@ -19,6 +19,7 @@ from muranoapi import utils
 from muranoapi.db.services.core_services import CoreServices
 from muranoapi.openstack.common import wsgi
 from muranoapi.openstack.common import log as logging
+from muranocommon.helpers.token_sanitizer import TokenSanitizer

 log = logging.getLogger(__name__)

@ -55,8 +56,9 @@ class Controller(object):
    @utils.verify_session
    @normalize_path
    def post(self, request, environment_id, path, body):
+        secure_data = TokenSanitizer().sanitize(body)
        log.debug(_('Services:Post <EnvId: {0}, Path: {2}, '
-                    'Body: {1}>'.format(environment_id, body, path)))
+                    'Body: {1}>'.format(environment_id, secure_data, path)))

        post_data = CoreServices.post_data
        session_id = request.context.session
--- a/muranoapi/common/service.py
+++ b/muranoapi/common/service.py
@ -17,6 +17,7 @@ from muranoapi.db.models import Status, Session, Environment, Deployment
 from muranoapi.db.session import get_session
 from muranoapi.openstack.common import log as logging, timeutils, service
 from muranoapi.common import config
+from muranocommon.helpers.token_sanitizer import TokenSanitizer
 from muranocommon.messaging import MqClient
 from sqlalchemy import desc
 import eventlet
@ -83,8 +84,9 @@ class TaskResultHandlerService(service.Service):
 def handle_result(message):
    try:
        environment_result = message.body
+        secure_result = TokenSanitizer().sanitize(environment_result)
        log.debug(_('Got result message from '
-                    'orchestration engine:\n{0}'.format(environment_result)))
+                    'orchestration engine:\n{0}'.format(secure_result)))

        if 'deleted' in environment_result:
            log.debug(_('Result for environment {0} is dropped. Environment '
--- a/muranoapi/db/services/sessions.py
+++ b/muranoapi/db/services/sessions.py
@ -19,7 +19,6 @@ from muranoapi.db.session import get_session
 from muranocommon.helpers.token_sanitizer import TokenSanitizer
 from muranocommon.messaging import MqClient, Message

-
 rabbitmq = config.CONF.rabbitmq

 SessionState = namedtuple('SessionState', ['open', 'deploying', 'deployed'])(
@ -27,11 +26,6 @@ SessionState = namedtuple('SessionState', ['open', 'deploying', 'deployed'])(
 )


-def secure_description(description):
-    sanitizer = TokenSanitizer()
-    return sanitizer.sanitize(description)
-
-
 class SessionServices(object):
    @staticmethod
    def get_sessions(environment_id, state=None):
@ -131,7 +125,8 @@ class SessionServices(object):
        session.state = SessionState.deploying
        deployment = Deployment()
        deployment.environment_id = environment['id']
-        deployment.description = secure_description(dict(session.description))
+        deployment.description = TokenSanitizer().sanitize(
+            dict(session.description))
        status = Status()
        status.text = "Deployment scheduled"
        status.level = "info"
--- a/requirements.txt
+++ b/requirements.txt
@ -1,7 +1,7 @@
 d2to1>=0.2.10,<0.3
 pbr>=0.5,<0.6
 Babel
-SQLAlchemy>=0.7,<=0.7.9
+SQLAlchemy>=0.7.5,<=0.7.9
 anyjson
 eventlet>=0.9.12
 PasteDeploy
@ -31,4 +31,4 @@ passlib
 jsonschema==2.0.0
 python-keystoneclient>=0.2.0
 oslo.config
-http://tarballs.openstack.org/murano-common/murano-common-release-0.2.tar.gz#egg=muranocommon-dev
+murano-common>=0.2.2