Has this code been security audited at all? It seems to me that the
billing portion of OpenStack will likely be a high priority target
for attackers (and naughty users/etc.).
The security story for Ceilometer definitely needs to be hardened ...
- the usage-related notifications emitted by the openstack services
(nova, glance, cinder ... etc.) are implicitly trusted, i.e. auth
doesn't go beyond the user/password-style mechanisms implemented
by the AMQP provider
- metering messages between ceilometer agents are signed using
a secret stored in plain text in the config file
- the ceilometer API service is not integrated with keystone as yet
so does not do token validation or role-based policy verification
The ceilometer team intends to make progress on the auth story in
the Grizzly timeframe.
Cheers,
Eoghan