From b2a21fba08df7da1f7c82fd41e54797e38f2fd53 Mon Sep 17 00:00:00 2001
From: Jim Rollenhagen <jim@jimrollenhagen.com>
Date: Tue, 24 Feb 2015 21:56:53 +0000
Subject: [PATCH] Do not default pecan_debug to CONF.debug

Pecan's debug mode can be terribly insecure; 500 errors return a
Python traceback, the full list of environment variables, and a
button to replay the request with a breakpoint.

Deployers often run OpenStack services in debug mode; doing so should
not open the service up to these flaws. Defaulting pecan_debug to
CONF.debug makes this easy to accidentally do. So, default it to False
rather than riding on top of CONF.debug.

Change-Id: I70f9c9807d16aa50df4d5e16ba2a29575f8b165e
Closes-Bug: #1425206
DocImpact
---
 ceilometer/api/app.py            | 7 ++-----
 ceilometer/tests/api/test_app.py | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/ceilometer/api/app.py b/ceilometer/api/app.py
index b507eeb3b6..61eb94aa8e 100644
--- a/ceilometer/api/app.py
+++ b/ceilometer/api/app.py
@@ -46,9 +46,8 @@ OPTS = [
 
 API_OPTS = [
     cfg.BoolOpt('pecan_debug',
-                help='Toggle Pecan Debug Middleware. '
-                'If it is not set, global debug value will be used.'
-                ),
+                default=False,
+                help='Toggle Pecan Debug Middleware.'),
 ]
 
 CONF.register_opts(OPTS)
@@ -78,8 +77,6 @@ def setup_app(pecan_config=None, extra_hooks=None):
 
     pecan.configuration.set_config(dict(pecan_config), overwrite=True)
 
-    cfg.set_defaults(API_OPTS, pecan_debug=CONF.debug)
-
     # NOTE(sileht): pecan debug won't work in multi-process environment
     pecan_debug = CONF.api.pecan_debug
     if service.get_workers('api') != 1 and pecan_debug:
diff --git a/ceilometer/tests/api/test_app.py b/ceilometer/tests/api/test_app.py
index ca473ee648..ed7e84a328 100644
--- a/ceilometer/tests/api/test_app.py
+++ b/ceilometer/tests/api/test_app.py
@@ -50,7 +50,7 @@ class TestApp(base.BaseTestCase):
             self.assertEqual(expected, kwargs.get('debug'))
 
         _check_pecan_debug(g_debug=False, p_debug=None, expected=False)
-        _check_pecan_debug(g_debug=True, p_debug=None, expected=True)
+        _check_pecan_debug(g_debug=True, p_debug=None, expected=False)
         _check_pecan_debug(g_debug=True, p_debug=False, expected=False)
         _check_pecan_debug(g_debug=False, p_debug=True, expected=True)
         _check_pecan_debug(g_debug=True, p_debug=None, expected=False,