Do not pass credentials to the ramdisk on cleaning

Currently the driver_info is passed as is to the ramdisk when calling get_clean_steps or execute_clean_step. This may lead to their exposure, as ironic<->ramdisk communication is currently not secure. This change applies the same logic we use in the API to filter the fields. Change-Id: I4fd44786fea6c7092d2b0029cea6d680d31babde Closes-Bug: #1744836
author: Dmitry Tantsur <divius.inside@gmail.com> 2018-01-23 16:13:29 +0100
committer: Dmitry Tantsur <divius.inside@gmail.com> 2018-02-07 12:22:26 +0100
commit: c2185469c4a9246fa62ceae76676a08ed84e686d (patch)
tree: 408d6c9bcd1510cbf2c7a9cef51c823d90c01bc1 /releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml
parent: ccf5e167733f0c989eac4de82273372d94cbc534 (diff)
download: ironic-c2185469c4a9246fa62ceae76676a08ed84e686d.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml b/releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml
new file mode 100644
index 000000000..ca4829afa
--- /dev/null
+++ b/releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml
@@ -0,0 +1,5 @@
+---
+security:
+  - |
+    Sensitive information is now removed from a node's ``driver_info`` and
+    ``instance_info`` fields before sending it to the ramdisk during cleaning.
author	Dmitry Tantsur <divius.inside@gmail.com>	2018-01-23 16:13:29 +0100
committer	Dmitry Tantsur <divius.inside@gmail.com>	2018-02-07 12:22:26 +0100
commit	c2185469c4a9246fa62ceae76676a08ed84e686d (patch)
tree	408d6c9bcd1510cbf2c7a9cef51c823d90c01bc1 /releasenotes/notes/node-credentials-cleaning-b1903f49ffeba029.yaml
parent	ccf5e167733f0c989eac4de82273372d94cbc534 (diff)
download	ironic-c2185469c4a9246fa62ceae76676a08ed84e686d.tar.gz