diff options
author | Dmitry Tantsur <divius.inside@gmail.com> | 2018-01-23 16:13:29 +0100 |
---|---|---|
committer | Dmitry Tantsur <divius.inside@gmail.com> | 2018-02-07 12:22:26 +0100 |
commit | c2185469c4a9246fa62ceae76676a08ed84e686d (patch) | |
tree | 408d6c9bcd1510cbf2c7a9cef51c823d90c01bc1 /releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml | |
parent | ccf5e167733f0c989eac4de82273372d94cbc534 (diff) | |
download | ironic-c2185469c4a9246fa62ceae76676a08ed84e686d.tar.gz |
Do not pass credentials to the ramdisk on cleaning
Currently the driver_info is passed as is to the ramdisk when calling
get_clean_steps or execute_clean_step. This may lead to their exposure,
as ironic<->ramdisk communication is currently not secure.
This change applies the same logic we use in the API to filter
the fields.
Change-Id: I4fd44786fea6c7092d2b0029cea6d680d31babde
Closes-Bug: #1744836
Diffstat (limited to 'releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml')
-rw-r--r-- | releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml b/releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml new file mode 100644 index 000000000..ca4829afa --- /dev/null +++ b/releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml @@ -0,0 +1,5 @@ +--- +security: + - | + Sensitive information is now removed from a node's ``driver_info`` and + ``instance_info`` fields before sending it to the ramdisk during cleaning. |