From 1af38387a24532c8c90bc3da5fef4fed7e5b76c9 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Fri, 5 Oct 2018 19:45:38 +0000
Subject: [PATCH] Document security considerations for detailed healthcheck

The detailed healthcheck output includes some potentially sensitive
information like stack traces of the service. This may be
unacceptable in some organizations and we should point it out in the
help for the option.

Change-Id: Ic10c29f39ef601e4c7873acb0d56e1ec8e4ebcb3
---
 oslo_middleware/healthcheck/opts.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/oslo_middleware/healthcheck/opts.py b/oslo_middleware/healthcheck/opts.py
index ff39e98..5e4dffe 100644
--- a/oslo_middleware/healthcheck/opts.py
+++ b/oslo_middleware/healthcheck/opts.py
@@ -20,7 +20,11 @@ HEALTHCHECK_OPTS = [
                help='The path to respond to healtcheck requests on.'),
     cfg.BoolOpt('detailed',
                 default=False,
-                help='Show more detailed information as part of the response'),
+                help='Show more detailed information as part of the response. '
+                     'Security note: Enabling this option may expose '
+                     'sensitive details about the service being monitored. '
+                     'Be sure to verify that it will not violate your '
+                     'security policies.'),
     cfg.ListOpt('backends',
                 default=[],
                 help='Additional backends that can perform health checks and '