From d6de852447bd7646306fdaf479ff4f6cb629da38 Mon Sep 17 00:00:00 2001 From: Jake Yip Date: Wed, 18 May 2022 17:44:56 +1000 Subject: [PATCH] Obsolete removed manila config nova_api_insecure, cinder_api_insecure were deprecated in Train[1] and removed in Ussuri[2] There is no mention of neutron_api_insecure, but a grep of the source does not reflect anything so I assume this has been removed too, or is a typo, as there is a 'api_insecure' under [neutron] that has also been removed. [1] https://review.opendev.org/c/openstack/manila/+/626506 [2] https://review.opendev.org/c/openstack/manila/+/745206 Change-Id: I8cbce18eb1fa03471d15fa90bf7fac171903c41e --- security-guide/source/shared-file-systems/checklist.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/security-guide/source/shared-file-systems/checklist.rst b/security-guide/source/shared-file-systems/checklist.rst index cff90544..1a500d5a 100644 --- a/security-guide/source/shared-file-systems/checklist.rst +++ b/security-guide/source/shared-file-systems/checklist.rst @@ -128,6 +128,9 @@ Identity API endpoint starting with ``https://`` or value of parameter Check-Shared-05: Does Shared File Systems contact with Compute over TLS? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. note:: This item only applies to OpenStack releases Train and before as + ``auth_strategy`` was deprecated in Ussuri. + OpenStack components communicate with each other using various protocols and the communication might involve sensitive or confidential data. An attacker may try to eavesdrop on the channel in order to get access to sensitive @@ -145,6 +148,9 @@ section in ``manila.conf`` is set to ``True``. Check-Shared-06: Does Shared File Systems contact with Networking over TLS? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. note:: This item only applies to OpenStack releases Train and before as + ``auth_strategy`` was deprecated in Ussuri. + Similar to previous check (:ref:`check_shared_fs_05`), it is recommended all the components must communicate with each other using a secured communication protocol. @@ -160,6 +166,9 @@ section in ``manila.conf`` is set to ``True``. Check-Shared-07: Does Shared File Systems contact with Block Storage over TLS? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. note:: This item only applies to OpenStack releases Train and before as + ``auth_strategy`` was deprecated in Ussuri. + Similar to previous check (:ref:`check_shared_fs_05`), it is recommended all the components must communicate with each other using a secured communication protocol.