Jump to: navigation, search

Difference between revisions of "Security/Juno/Marconi"

< Security‎ | Juno
(Passwords)
m (Passwords)
Line 52: Line 52:
 
API: The only thing passed to Marconi is a Keystone auth token.
 
API: The only thing passed to Marconi is a Keystone auth token.
  
Backend: The MongoDB driver does not support Mongo's authentication features. We are considering adding this support in Juno ([https://bugs.launchpad.net/marconi/+bug/1328720 bug]), but the work will likely slip to the K cycle.
+
Backend: The MongoDB driver does not support Mongo's authentication features. We are considering adding this support in Juno ([https://bugs.launchpad.net/marconi/+bug/1328720 bug]), but the work will likely slip to the K cycle. There are no plans to support authentication for any other backends at this time.
  
 
=== Potential Improvements ===
 
=== Potential Improvements ===

Revision as of 16:10, 11 June 2014

This page documents security related details for the Marconi project in the OpenStack Juno release.

Implemented Crypto

None. We would like to implement message signing for the K cycle, though. (TBD)

Used Crypto

Libraries

Marconi's only crypto is in the keystone middleware and in libraries that are used by backend drivers.

Keystone

Marconi uses the standard Keystone WSGI middleware for authentication.

Backends

Marconi currently relies on pymongo and SQLAlchemy to implement storage drivers. SQLAlchemy is only used for development, and will likely be removed at the end of the Juno cycle. On the other hand, pymongo will be retained. It uses Python's standard "ssl" package (source).

During Juno we are also experimenting with Redis, AMQP, and Kafka drivers.

  • The AMQP driver will use the Python bindings for qpid-proton, which uses OpenSSL.
  • Redis does not natively support TLS. It may be added by a proxy, but we are not planning on adding support for that to the Marconi driver at this time.
  • Kafka does not appear to support TLS either.

Encryption Algorithms

Algorithm Purpose Configurable Implementation Details Source
TLS Encrypted connection to MongoDB Yes pymongo SSL can be enabled by setting a flag in the mongodb connection string, configured in marconi.conf. We plan to also make the cert options configurable via marconi.conf https://github.com/mongodb/mongo-python-driver/blob/master/pymongo/pool.py
TLS Encrypted connection to an AMQP broker TBD qpid-proton TBD https://svn.apache.org/repos/asf/qpid/proton/trunk/proton-c/src/ssl/

Hashing Algorithms

Algorithm Purpose Configurable Implementation Details Source
CRC32 Shard queues across multiple MongoDB databases Number of databases "partitions" is configurable. binascii.crc32 Since we expect operators to only use a small number of partitions (2-4), it was thought that CRC32 would provide a reasonably even distribution. An attacker may be able to create many queues, named is such a way that they end up on the same partition. This threat will be examined in j-2. GitHub Link

Sensitive Data

Keys/Certificates

None

Passwords

API: The only thing passed to Marconi is a Keystone auth token.

Backend: The MongoDB driver does not support Mongo's authentication features. We are considering adding this support in Juno (bug), but the work will likely slip to the K cycle. There are no plans to support authentication for any other backends at this time.

Potential Improvements