magnum/magnum
Johannes Grassler e93d82e8b3 Fix CVE-2016-7404
This commit addresses multiple potential vulnerabilities in
Magnum. It makes the following changes:

* Permissions for /etc/sysconfig/heat-params inside Magnum
  created instances are tightened to 0600 (used to be 0755).
* Certificate retrieval is modified to work without the need
  for a Keystone trust.
* The cluster's Keystone trust id is only passed into
  instances for clusters where that is actually needed. This
  prevents the trustee user from consuming the trust in cases
  where it is not needed.
* The configuration setting trust/cluster_user_trust (False by
  default) is introduced. It needs to be explicitely enabled
  by the cloud operator to allow clusters that need the
  trust_id to be passed into instances to work. Without this
  setting, attempts to create such clusters will fail.

Please note, that none of these changes apply to existing
clusters. They will have to be deleted and rebuilt to benefit
from these changes.

Change-Id: I643d408cde0d6e30812cf6429fb7118184793400
2017-02-09 16:44:27 +01:00
..
api Merge "Resource Quota - Limit clusters per project" 2017-01-26 22:15:52 +00:00
cmd Integrate OSProfiler in Magnum 2017-01-24 07:43:31 +07:00
common Fix CVE-2016-7404 2017-02-09 16:44:27 +01:00
conductor Fix CVE-2016-7404 2017-02-09 16:44:27 +01:00
conf Fix CVE-2016-7404 2017-02-09 16:44:27 +01:00
db Fix CVE-2016-7404 2017-02-09 16:44:27 +01:00
drivers Fix CVE-2016-7404 2017-02-09 16:44:27 +01:00
hacking Add i18n translation for Log messages 2016-08-15 11:44:08 +05:30
objects Resource Quota - Limit clusters per project 2017-01-25 08:55:45 -06:00
service Integrate OSProfiler in Magnum 2017-01-24 07:43:31 +07:00
servicegroup Cleanup MagnumService Object usage 2016-01-29 15:39:28 +08:00
tests Fix CVE-2016-7404 2017-02-09 16:44:27 +01:00
__init__.py Initial commit from github (squashed) 2014-11-18 09:23:37 -05:00
i18n.py Setup for translation 2015-05-24 03:13:55 +00:00
version.py Remove coding:utf-8 2015-08-03 23:28:22 +08:00