Merge "Fix several instances of chap secret being output to logs."
This commit is contained in:
commit
02f589f45e
|
@ -134,7 +134,8 @@ class XtremIOClient(object):
|
|||
self.update_url(params, self.cluster_id)
|
||||
if method != 'GET':
|
||||
self.update_data(data, self.cluster_id)
|
||||
LOG.debug('data: %s', data)
|
||||
# data may include chap password
|
||||
LOG.debug('data: %s', strutils.mask_password(data))
|
||||
LOG.debug('%(type)s %(url)s', {'type': method, 'url': url})
|
||||
try:
|
||||
response = requests.request(
|
||||
|
|
|
@ -21,6 +21,7 @@ import time
|
|||
|
||||
from lxml import etree
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import strutils
|
||||
from oslo_utils import units
|
||||
import requests
|
||||
import six
|
||||
|
@ -206,8 +207,9 @@ class DotHillClient(object):
|
|||
If the status is OK, returns the XML data for further processing.
|
||||
"""
|
||||
url = self._build_request_url(path, *args, **kargs)
|
||||
LOG.debug("Array Request URL: %s (session %s)",
|
||||
url, self._session_key)
|
||||
# Don't log the created URL since it may contain chap secret
|
||||
LOG.debug("Array Request path: %s, args: %s, kargs: %s (session %s)",
|
||||
path, args, strutils.mask_password(kargs), self._session_key)
|
||||
headers = {'dataType': 'api', 'sessionKey': self._session_key}
|
||||
try:
|
||||
xml = requests.get(url, headers=headers,
|
||||
|
|
|
@ -23,6 +23,7 @@ import uuid
|
|||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import excutils
|
||||
from oslo_utils import strutils
|
||||
from oslo_utils import units
|
||||
|
||||
from cinder import context
|
||||
|
@ -1981,7 +1982,7 @@ class HuaweiISCSIDriver(HuaweiBaseDriver, driver.ISCSIDriver):
|
|||
properties['auth_password'] = chap_password
|
||||
|
||||
LOG.info("initialize_connection success. Return data: %s.",
|
||||
properties)
|
||||
strutils.mask_password(properties))
|
||||
return {'driver_volume_type': 'iscsi', 'data': properties}
|
||||
|
||||
@coordination.synchronized('huawei-mapping-{connector[host]}')
|
||||
|
|
|
@ -163,12 +163,14 @@ class StorwizeSSH(object):
|
|||
return CLIResponse(raw, ssh_cmd=ssh_cmd, delim=delim,
|
||||
with_header=with_header)
|
||||
|
||||
def run_ssh_assert_no_output(self, ssh_cmd):
|
||||
def run_ssh_assert_no_output(self, ssh_cmd, log_cmd=None):
|
||||
"""Run an SSH command and assert no output returned."""
|
||||
out, err = self._run_ssh(ssh_cmd)
|
||||
if len(out.strip()) != 0:
|
||||
if not log_cmd:
|
||||
log_cmd = ' '.join(ssh_cmd)
|
||||
msg = (_('Expected no output from CLI command %(cmd)s, '
|
||||
'got %(out)s.') % {'cmd': ' '.join(ssh_cmd), 'out': out})
|
||||
'got %(out)s.') % {'cmd': log_cmd, 'out': out})
|
||||
LOG.error(msg)
|
||||
raise exception.VolumeBackendAPIException(data=msg)
|
||||
|
||||
|
@ -256,7 +258,8 @@ class StorwizeSSH(object):
|
|||
|
||||
def add_chap_secret(self, secret, host):
|
||||
ssh_cmd = ['svctask', 'chhost', '-chapsecret', secret, '"%s"' % host]
|
||||
self.run_ssh_assert_no_output(ssh_cmd)
|
||||
log_cmd = 'svctask chhost -chapsecret *** %s' % host
|
||||
self.run_ssh_assert_no_output(ssh_cmd, log_cmd)
|
||||
|
||||
def lsiscsiauth(self):
|
||||
ssh_cmd = ['svcinfo', 'lsiscsiauth', '-delim', '!']
|
||||
|
|
|
@ -38,6 +38,7 @@ import collections
|
|||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import excutils
|
||||
from oslo_utils import strutils
|
||||
|
||||
from cinder import exception
|
||||
from cinder.i18n import _
|
||||
|
@ -200,10 +201,11 @@ class StorwizeSVCISCSIDriver(storwize_common.StorwizeSVCCommonDriver):
|
|||
'%(conn)s.\n', {'vol': volume,
|
||||
'conn': connector})
|
||||
|
||||
# properties may contain chap secret so must be masked
|
||||
LOG.debug('leave: initialize_connection:\n volume: %(vol)s\n '
|
||||
'connector: %(conn)s\n properties: %(prop)s',
|
||||
{'vol': volume.id, 'conn': connector,
|
||||
'prop': properties})
|
||||
'prop': strutils.mask_password(properties)})
|
||||
|
||||
return {'driver_volume_type': 'iscsi', 'data': properties, }
|
||||
|
||||
|
@ -285,11 +287,12 @@ class StorwizeSVCISCSIDriver(storwize_common.StorwizeSVCCommonDriver):
|
|||
discovery_auth_method='CHAP',
|
||||
discovery_auth_username=connector['initiator'],
|
||||
discovery_auth_password=chap_secret)
|
||||
# properties may contain chap secret so must be masked
|
||||
LOG.debug('leave: _get_single_iscsi_data:\n volume: %(vol)s\n '
|
||||
'connector: %(conn)s\n lun_id: %(lun_id)s\n '
|
||||
'properties: %(prop)s',
|
||||
{'vol': volume.id, 'conn': connector, 'lun_id': lun_id,
|
||||
'prop': properties})
|
||||
'prop': strutils.mask_password(properties)})
|
||||
return properties
|
||||
|
||||
def _get_multi_iscsi_data(self, volume, connector, lun_id, properties,
|
||||
|
@ -335,11 +338,12 @@ class StorwizeSVCISCSIDriver(storwize_common.StorwizeSVCCommonDriver):
|
|||
LOG.error(msg)
|
||||
raise exception.VolumeBackendAPIException(data=msg)
|
||||
|
||||
# properties may contain chap secret so must be masked
|
||||
LOG.debug('leave: _get_multi_iscsi_data:\n volume: %(vol)s\n '
|
||||
'connector: %(conn)s\n lun_id: %(lun_id)s\n '
|
||||
'properties: %(prop)s',
|
||||
{'vol': volume.id, 'conn': connector, 'lun_id': lun_id,
|
||||
'prop': properties})
|
||||
'prop': strutils.mask_password(properties)})
|
||||
|
||||
return properties
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ This driver requires VPSA with API version 15.07 or higher.
|
|||
from lxml import etree
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import strutils
|
||||
import requests
|
||||
import six
|
||||
|
||||
|
@ -645,7 +646,7 @@ class ZadaraVPSAISCSIDriver(driver.ISCSIDriver):
|
|||
properties['auth_password'] = ctrl['chap_passwd']
|
||||
|
||||
LOG.debug('Attach properties: %(properties)s',
|
||||
{'properties': properties})
|
||||
{'properties': strutils.mask_password(properties)})
|
||||
return {'driver_volume_type':
|
||||
('iser' if (self.configuration.safe_get('zadara_use_iser'))
|
||||
else 'iscsi'), 'data': properties}
|
||||
|
|
|
@ -20,6 +20,7 @@ import ssl
|
|||
import time
|
||||
|
||||
from oslo_log import log
|
||||
from oslo_utils import strutils
|
||||
import six
|
||||
from six.moves import http_client
|
||||
from six.moves import urllib
|
||||
|
@ -272,7 +273,8 @@ class RestClientURL(object):
|
|||
{'request': request, 'url': zfssaurl})
|
||||
LOG.debug('Out headers: %s', out_hdrs)
|
||||
if body and body != '':
|
||||
LOG.debug('Body: %s', body)
|
||||
# body may contain chap secret so must be masked
|
||||
LOG.debug('Body: %s', strutils.mask_password(body))
|
||||
|
||||
context = None
|
||||
if hasattr(ssl, '_create_unverified_context'):
|
||||
|
|
Loading…
Reference in New Issue