> > Has this code been security audited at all? It seems to me that the > > billing portion of OpenStack will likely be a high priority target > > for attackers (and naughty users/etc.). > > The security story for Ceilometer definitely needs to be hardened ... > > - the usage-related notifications emitted by the openstack services > (nova, glance, cinder ... etc.) are implicitly trusted, i.e. auth > doesn't go beyond the user/password-style mechanisms implemented > by the AMQP provider I should have qualified that statement with the obvious observation that if the AMQP infrastructure is compromised in openstack, then all sorts of badness will ensue, not limited to the metering side (as the compute, volumes and networking fabric all rely heavily on RPC over AMQP). Cheers, Eoghan > - metering messages between ceilometer agents are signed using > a secret stored in plain text in the config file > > - the ceilometer API service is not integrated with keystone as yet > so does not do token validation or role-based policy verification > > The ceilometer team intends to make progress on the auth story in > the Grizzly timeframe. > > Cheers, > Eoghan > _______________________________________________ > cloud mailing list > cloud@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/cloud > _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud
