Stop revealing sensitive store info

Use simpler error messages and log the details.

Fixes bug: 1012268

Change-Id: I3c4d98c81dee6676916c60e71a749037ae1edc81

glance/common/exception.py

@@ -69,7 +69,7 @@ class UnknownScheme(GlanceException):
 
 
 class BadStoreUri(GlanceException):
-    message = _("The Store URI %(uri)s was malformed. Reason: %(reason)s")
+    message = _("The Store URI was malformed.")
 
 
 class Duplicate(GlanceException):

glance/db/sqlalchemy/migrate_repo/versions/015_quote_swift_credentials.py

@@ -15,6 +15,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import logging
 import types
 import urlparse
 
@@ -23,6 +24,8 @@ import sqlalchemy
 from glance.common import exception
 import glance.store.swift
 
+logger = logging.getLogger(__name__)
+
 
 def upgrade(migrate_engine):
     migrate_location_credentials(migrate_engine, to_quoted=True)
@@ -109,7 +112,9 @@ def legacy_parse_uri(self, uri):
                 "like so: "
                 "swift+http://user:pass@authurl.com/v1/container/obj"
                 )
-        raise exception.BadStoreUri(uri=uri, reason=reason)
+
+        logger.error(_("Invalid store uri %(uri)s: %(reason)s") % locals())
+        raise exception.BadStoreUri(message=reason)
 
     pieces = urlparse.urlparse(uri)
     assert pieces.scheme in ('swift', 'swift+http', 'swift+https')
@@ -140,7 +145,8 @@ def legacy_parse_uri(self, uri):
         if len(cred_parts) == 1:
             reason = (_("Badly formed credentials '%(creds)s' in Swift "
                         "URI") % locals())
-            raise exception.BadStoreUri(uri=uri, reason=reason)
+            logger.error(reason)
+            raise exception.BadStoreUri()
         elif len(cred_parts) == 3:
             user = ':'.join(cred_parts[0:2])
         else:
@@ -159,5 +165,6 @@ def legacy_parse_uri(self, uri):
             path_parts.insert(0, netloc)
             self.authurl = '/'.join(path_parts)
     except IndexError:
-        reason = _("Badly formed Swift URI")
-        raise exception.BadStoreUri(uri=uri, reason=reason)
+        reason = _("Badly formed S3 URI: %s") % uri
+        logger.error(message=reason)
+        raise exception.BadStoreUri()

glance/store/filesystem.py

@@ -62,8 +62,9 @@ class StoreLocation(glance.store.location.StoreLocation):
         self.scheme = pieces.scheme
         path = (pieces.netloc + pieces.path).strip()
         if path == '':
-            reason = _("No path specified")
-            raise exception.BadStoreUri(uri=uri, reason=reason)
+            reason = _("No path specified in URI: %s") % uri
+            logger.error(reason)
+            raise exception.BadStoreUri('No path specified')
         self.path = path
 
 

glance/store/http.py

@@ -16,12 +16,15 @@
 #    under the License.
 
 import httplib
+import logging
 import urlparse
 
 from glance.common import exception
 import glance.store.base
 import glance.store.location
 
+logger = logging.getLogger(__name__)
+
 
 class StoreLocation(glance.store.location.StoreLocation):
 
@@ -75,12 +78,14 @@ class StoreLocation(glance.store.location.StoreLocation):
             except ValueError:
                 reason = (_("Credentials '%s' not well-formatted.")
                           % "".join(creds))
-                raise exception.BadStoreUri(uri=uri, reason=reason)
+                logger.error(reason)
+                raise exception.BadStoreUri()
         else:
             self.user = None
         if netloc == '':
             reason = _("No address specified in HTTP URL")
-            raise exception.BadStoreUri(uri=uri, reason=reason)
+            logger.error(reason)
+            raise exception.BadStoreUri(message=reason)
         self.netloc = netloc
         self.path = path
 

glance/store/rbd.py

@@ -70,8 +70,9 @@ class StoreLocation(glance.store.location.StoreLocation):
 
     def parse_uri(self, uri):
         if not uri.startswith('rbd://'):
-            raise exception.BadStoreUri(uri=uri,
-                                        reason=_('URI must start with rbd://'))
+            reason = _('URI must start with rbd://')
+            logger.error(_("Invalid URI: %(uri), %(reason)") % locals())
+            raise exception.BadStoreUri(message=reason)
         self.image = uri[6:]
 
 

glance/store/s3.py

@@ -111,7 +111,8 @@ class StoreLocation(glance.store.location.StoreLocation):
                     "s3+https://accesskey:secretkey@s3.amazonaws.com/bucket/"
                     "key-id"
                       )
-            raise exception.BadStoreUri(uri=uri, reason=reason)
+            logger.error(_("Invalid store uri %(uri)s: %(reason)s") % locals())
+            raise exception.BadStoreUri(message=reason)
 
         pieces = urlparse.urlparse(uri)
         assert pieces.scheme in ('s3', 's3+http', 's3+https')
@@ -137,7 +138,8 @@ class StoreLocation(glance.store.location.StoreLocation):
                 self.secretkey = secret_key
             except IndexError:
                 reason = _("Badly formed S3 credentials %s") % creds
-                raise exception.BadStoreUri(uri=uri, reason=reason)
+                logger.error(reason)
+                raise exception.BadStoreUri()
         else:
             self.accesskey = None
             path = entire_path
@@ -149,10 +151,11 @@ class StoreLocation(glance.store.location.StoreLocation):
                 self.s3serviceurl = '/'.join(path_parts).strip('/')
             else:
                 reason = _("Badly formed S3 URI. Missing s3 service URL.")
-                raise exception.BadStoreUri(uri=uri, reason=reason)
+                raise exception.BadStoreUri()
         except IndexError:
-            reason = _("Badly formed S3 URI")
-            raise exception.BadStoreUri(uri=uri, reason=reason)
+            reason = _("Badly formed S3 URI: %s") % uri
+            logger.error(reason)
+            raise exception.BadStoreUri()
 
 
 class ChunkedFile(object):

glance/store/swift.py

@@ -128,7 +128,8 @@ class StoreLocation(glance.store.location.StoreLocation):
                     "like so: "
                     "swift+http://user:pass@authurl.com/v1/container/obj"
                     )
-            raise exception.BadStoreUri(uri=uri, reason=reason)
+            logger.error(_("Invalid store uri %(uri)s: %(reason)s") % locals())
+            raise exception.BadStoreUri(message=reason)
 
         pieces = urlparse.urlparse(uri)
         assert pieces.scheme in ('swift', 'swift+http', 'swift+https')
@@ -155,7 +156,8 @@ class StoreLocation(glance.store.location.StoreLocation):
             if len(cred_parts) != 2:
                 reason = (_("Badly formed credentials '%(creds)s' in Swift "
                             "URI") % locals())
-                raise exception.BadStoreUri(uri=uri, reason=reason)
+                logger.error(reason)
+                raise exception.BadStoreUri()
             user, key = cred_parts
             self.user = urllib.unquote(user)
             self.key = urllib.unquote(key)
@@ -170,8 +172,9 @@ class StoreLocation(glance.store.location.StoreLocation):
                 path_parts.insert(0, netloc)
                 self.authurl = '/'.join(path_parts)
         except IndexError:
-            reason = _("Badly formed Swift URI")
-            raise exception.BadStoreUri(uri=uri, reason=reason)
+            reason = _("Badly formed Swift URI: %s") % uri
+            logger.error(reason)
+            raise exception.BadStoreUri()
 
     @property
     def swift_auth_url(self):
@@ -313,7 +316,8 @@ class Store(glance.store.base.Store):
             if len(tenant_user) != 2:
                 reason = (_("Badly formed tenant:user '%(tenant_user)s' in "
                             "Swift URI") % locals())
-                raise exception.BadStoreUri(auth_url, reason)
+                logger.error(reason)
+                raise exception.BadStoreUri()
             (tenant_name, user) = tenant_user
 
         return swiftclient.Connection(