Porting changes from Release 0.2
* Fix leaking password in murano-api logs (resolved: MRN-861) * Added function to clean deployment description * Updated SQLAlchemy requirement * Changed default values of vhost, login, password (resolved: MRN-880) * Updated requirements for murano-common Now murano-common is installed from pypi and has correct version requirements Change-Id: I765808820b0ccbdb1d24c776cbe674c00822a3e4
This commit is contained in:
Timur Sufiev
Serg Melikyan
parent
bc87e2f8a7
commit
10650817a9
@ -45,13 +45,16 @@ ssl = False
|
|||||||
ca_certs =
|
ca_certs =
|
||||||
|
|
||||||
# RabbitMQ credentials. Fresh RabbitMQ installation has "guest" account with "guest" password
|
# RabbitMQ credentials. Fresh RabbitMQ installation has "guest" account with "guest" password
|
||||||
# It is recommended to create dedicated user account for Murano using RabbitMQ web console or command line utility
|
# It's assumed here that default credentials were changed in accordance with this config.
|
||||||
login = guest
|
# You can use rabbitmqctl add_user ... command for that.
|
||||||
password = guest
|
# It is recommended to change default credentials for Murano using RabbitMQ web console or command line utility.
|
||||||
|
login = muranouser
|
||||||
|
password = murano
|
||||||
|
|
||||||
#RabbitMQ virtual host (vhost). Fresh RabbitMQ installation has "/" vhost preconfigured.
|
# RabbitMQ virtual host (vhost). Fresh RabbitMQ installation has "/" vhost preconfigured.
|
||||||
# It is recommended to create dedicated vhost for Murano using RabbitMQ web console or command line utility
|
# It's assumed here that default vhost was changed in accordance with this config.
|
||||||
virtual_host = /
|
# You can use rabbitmqctl add_vhost ... command for that.
|
||||||
|
virtual_host = muranovhost
|
||||||
|
|
||||||
[ssl]
|
[ssl]
|
||||||
#Parameters to configure SSL for trusted HTTPS connection
|
#Parameters to configure SSL for trusted HTTPS connection
|
||||||
|
|||||||
@ -19,6 +19,7 @@ from muranoapi import utils
|
|||||||
from muranoapi.db.services.core_services import CoreServices
|
from muranoapi.db.services.core_services import CoreServices
|
||||||
from muranoapi.openstack.common import wsgi
|
from muranoapi.openstack.common import wsgi
|
||||||
from muranoapi.openstack.common import log as logging
|
from muranoapi.openstack.common import log as logging
|
||||||
|
from muranocommon.helpers.token_sanitizer import TokenSanitizer
|
||||||
|
|
||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
|
|
||||||
@ -55,8 +56,9 @@ class Controller(object):
|
|||||||
@utils.verify_session
|
@utils.verify_session
|
||||||
@normalize_path
|
@normalize_path
|
||||||
def post(self, request, environment_id, path, body):
|
def post(self, request, environment_id, path, body):
|
||||||
|
secure_data = TokenSanitizer().sanitize(body)
|
||||||
log.debug(_('Services:Post <EnvId: {0}, Path: {2}, '
|
log.debug(_('Services:Post <EnvId: {0}, Path: {2}, '
|
||||||
'Body: {1}>'.format(environment_id, body, path)))
|
'Body: {1}>'.format(environment_id, secure_data, path)))
|
||||||
|
|
||||||
post_data = CoreServices.post_data
|
post_data = CoreServices.post_data
|
||||||
session_id = request.context.session
|
session_id = request.context.session
|
||||||
|
|||||||
@ -17,6 +17,7 @@ from muranoapi.db.models import Status, Session, Environment, Deployment
|
|||||||
from muranoapi.db.session import get_session
|
from muranoapi.db.session import get_session
|
||||||
from muranoapi.openstack.common import log as logging, timeutils, service
|
from muranoapi.openstack.common import log as logging, timeutils, service
|
||||||
from muranoapi.common import config
|
from muranoapi.common import config
|
||||||
|
from muranocommon.helpers.token_sanitizer import TokenSanitizer
|
||||||
from muranocommon.messaging import MqClient
|
from muranocommon.messaging import MqClient
|
||||||
from sqlalchemy import desc
|
from sqlalchemy import desc
|
||||||
import eventlet
|
import eventlet
|
||||||
@ -83,8 +84,9 @@ class TaskResultHandlerService(service.Service):
|
|||||||
def handle_result(message):
|
def handle_result(message):
|
||||||
try:
|
try:
|
||||||
environment_result = message.body
|
environment_result = message.body
|
||||||
|
secure_result = TokenSanitizer().sanitize(environment_result)
|
||||||
log.debug(_('Got result message from '
|
log.debug(_('Got result message from '
|
||||||
'orchestration engine:\n{0}'.format(environment_result)))
|
'orchestration engine:\n{0}'.format(secure_result)))
|
||||||
|
|
||||||
if 'deleted' in environment_result:
|
if 'deleted' in environment_result:
|
||||||
log.debug(_('Result for environment {0} is dropped. Environment '
|
log.debug(_('Result for environment {0} is dropped. Environment '
|
||||||
|
|||||||
@ -19,7 +19,6 @@ from muranoapi.db.session import get_session
|
|||||||
from muranocommon.helpers.token_sanitizer import TokenSanitizer
|
from muranocommon.helpers.token_sanitizer import TokenSanitizer
|
||||||
from muranocommon.messaging import MqClient, Message
|
from muranocommon.messaging import MqClient, Message
|
||||||
|
|
||||||
|
|
||||||
rabbitmq = config.CONF.rabbitmq
|
rabbitmq = config.CONF.rabbitmq
|
||||||
|
|
||||||
SessionState = namedtuple('SessionState', ['open', 'deploying', 'deployed'])(
|
SessionState = namedtuple('SessionState', ['open', 'deploying', 'deployed'])(
|
||||||
@ -27,11 +26,6 @@ SessionState = namedtuple('SessionState', ['open', 'deploying', 'deployed'])(
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def secure_description(description):
|
|
||||||
sanitizer = TokenSanitizer()
|
|
||||||
return sanitizer.sanitize(description)
|
|
||||||
|
|
||||||
|
|
||||||
class SessionServices(object):
|
class SessionServices(object):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_sessions(environment_id, state=None):
|
def get_sessions(environment_id, state=None):
|
||||||
@ -131,7 +125,8 @@ class SessionServices(object):
|
|||||||
session.state = SessionState.deploying
|
session.state = SessionState.deploying
|
||||||
deployment = Deployment()
|
deployment = Deployment()
|
||||||
deployment.environment_id = environment['id']
|
deployment.environment_id = environment['id']
|
||||||
deployment.description = secure_description(dict(session.description))
|
deployment.description = TokenSanitizer().sanitize(
|
||||||
|
dict(session.description))
|
||||||
status = Status()
|
status = Status()
|
||||||
status.text = "Deployment scheduled"
|
status.text = "Deployment scheduled"
|
||||||
status.level = "info"
|
status.level = "info"
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
d2to1>=0.2.10,<0.3
|
d2to1>=0.2.10,<0.3
|
||||||
pbr>=0.5,<0.6
|
pbr>=0.5,<0.6
|
||||||
Babel
|
Babel
|
||||||
SQLAlchemy>=0.7,<=0.7.9
|
SQLAlchemy>=0.7.5,<=0.7.9
|
||||||
anyjson
|
anyjson
|
||||||
eventlet>=0.9.12
|
eventlet>=0.9.12
|
||||||
PasteDeploy
|
PasteDeploy
|
||||||
@ -31,4 +31,4 @@ passlib
|
|||||||
jsonschema==2.0.0
|
jsonschema==2.0.0
|
||||||
python-keystoneclient>=0.2.0
|
python-keystoneclient>=0.2.0
|
||||||
oslo.config
|
oslo.config
|
||||||
http://tarballs.openstack.org/murano-common/murano-common-release-0.2.tar.gz#egg=muranocommon-dev
|
murano-common>=0.2.2
|
||||||
Loading…
Reference in New Issue
Block a user