kolla

Bandit B105 fails in keystone fernet script

Bug #1828416 reported by Mark Goddard
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla
Fix Released
Critical
Mark Goddard
kolla 9.0.0 "Train"
Rocky
Fix Released
Critical
Mark Goddard
kolla 7.0.3 "rocky"
Stein
Fix Released
Critical
Mark Goddard
kolla 8.0.0 "Stein"
Train
Fix Released
Critical
Mark Goddard
kolla 9.0.0 "Train"

Bug Description

Currently breaking CI:

>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '/etc/keystone/fernet-keys'
   Severity: Low Confidence: Medium
      Location: docker/keystone/keystone-fernet/fetch_fernet_tokens.py:27
         More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html

See original description
Mark Goddard (mgoddard)
Changed in kolla:
importance: Undecided → Critical
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (master)

Reviewed: https://review.opendev.org/658078
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=e6387634c6a7170e96606b9a8ff680f08d81e801
Submitter: Zuul
Branch: master

commit e6387634c6a7170e96606b9a8ff680f08d81e801
Author: Mark Goddard <email address hidden>
Date: Thu May 9 14:28:21 2019 +0100

    Fix bandit failure B105 in keystone fernet

    >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '/etc/keystone/fernet-keys'
       Severity: Low Confidence: Medium
          Location: docker/keystone/keystone-fernet/fetch_fernet_tokens.py:27
             More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html

    Ignore bandit failures on this line.

    Change-Id: I9828c23e4bcec7553a69aa5f20e990e0ef0538ea
    Closes-Bug: #1828416

Changed in kolla:
status: New → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/658168

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (stable/rocky)

Reviewed: https://review.opendev.org/658169
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=0eb7f031c29a5d4c6e05c1787af2e6a7d09749f5
Submitter: Zuul
Branch: stable/rocky

commit 0eb7f031c29a5d4c6e05c1787af2e6a7d09749f5
Author: Mark Goddard <email address hidden>
Date: Thu May 9 14:28:21 2019 +0100

    Fix bandit failure B105 in keystone fernet

    >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '/etc/keystone/fernet-keys'
       Severity: Low Confidence: Medium
          Location: docker/keystone/keystone-fernet/fetch_fernet_tokens.py:27
             More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html

    Ignore bandit failures on this line.

    Change-Id: I9828c23e4bcec7553a69aa5f20e990e0ef0538ea
    Closes-Bug: #1828416
    (cherry picked from commit e6387634c6a7170e96606b9a8ff680f08d81e801)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (stable/stein)

Reviewed: https://review.opendev.org/658168
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=2b2218448f2562598c684b3dc4ca5ea1847b4ac7
Submitter: Zuul
Branch: stable/stein

commit 2b2218448f2562598c684b3dc4ca5ea1847b4ac7
Author: Mark Goddard <email address hidden>
Date: Thu May 9 14:28:21 2019 +0100

    Fix bandit failure B105 in keystone fernet

    >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '/etc/keystone/fernet-keys'
       Severity: Low Confidence: Medium
          Location: docker/keystone/keystone-fernet/fetch_fernet_tokens.py:27
             More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html

    Ignore bandit failures on this line.

    Change-Id: I9828c23e4bcec7553a69aa5f20e990e0ef0538ea
    Closes-Bug: #1828416
    (cherry picked from commit e6387634c6a7170e96606b9a8ff680f08d81e801)

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/659855

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (stable/queens)

Reviewed: https://review.opendev.org/659855
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=916198a9e91a463f0334fefce950273bb203d9fd
Submitter: Zuul
Branch: stable/queens

commit 916198a9e91a463f0334fefce950273bb203d9fd
Author: Mark Goddard <email address hidden>
Date: Thu May 9 14:28:21 2019 +0100

    Fix bandit failure B105 in keystone fernet

    >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '/etc/keystone/fernet-keys'
       Severity: Low Confidence: Medium
          Location: docker/keystone/keystone-fernet/fetch_fernet_tokens.py:27
             More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html

    Ignore bandit failures on this line.

    Change-Id: I9828c23e4bcec7553a69aa5f20e990e0ef0538ea
    Closes-Bug: #1828416
    (cherry picked from commit e6387634c6a7170e96606b9a8ff680f08d81e801)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla 6.2.2

This issue was fixed in the openstack/kolla 6.2.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla 7.0.3

This issue was fixed in the openstack/kolla 7.0.3 release.

Mark Goddard (mgoddard)
Changed in kolla:
assignee: nobody → Mark Goddard (mgoddard)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.opendev.org/668625

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (stable/pike)

Reviewed: https://review.opendev.org/668625
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=658090a3af8756f625ea9db08ea0826953b9264a
Submitter: Zuul
Branch: stable/pike

commit 658090a3af8756f625ea9db08ea0826953b9264a
Author: Mark Goddard <email address hidden>
Date: Thu May 9 14:28:21 2019 +0100

    Fix bandit failure B105 in keystone fernet

    >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '/etc/keystone/fernet-keys'
       Severity: Low Confidence: Medium
          Location: docker/keystone/keystone-fernet/fetch_fernet_tokens.py:27
             More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html

    Ignore bandit failures on this line.

    Change-Id: I9828c23e4bcec7553a69aa5f20e990e0ef0538ea
    Closes-Bug: #1828416
    (cherry picked from commit e6387634c6a7170e96606b9a8ff680f08d81e801)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla 8.0.0.0rc2

This issue was fixed in the openstack/kolla 8.0.0.0rc2 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla pike-eol

This issue was fixed in the openstack/kolla pike-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla 9.0.0.0rc1

This issue was fixed in the openstack/kolla 9.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.