Avoid printing URIs which can contain credentials

Fix for bug 1233275.

Change-Id: I24d8b57418eb678767b33840973a632eb2132c6a

glance/api/middleware/version_negotiation.py

@@ -69,7 +69,7 @@ class VersionNegotiationFilter(wsgi.Middleware):
         req.environ['api.version'] = version
         req.path_info = ''.join(('/v', str(version), req.path_info))
         LOG.debug(_("Matched version: v%d"), version)
-        LOG.debug('new uri %s' % req.path_info)
+        LOG.debug('new path %s' % req.path_info)
         return None
 
     def _match_version_string(self, subject):

glance/db/sqlalchemy/migrate_repo/versions/015_quote_swift_credentials.py

@@ -53,13 +53,14 @@ def migrate_location_credentials(migrate_engine, to_quoted):
                                       'swift')).execute())
 
     for image in images:
-        fixed_uri = legacy_parse_uri(image['location'], to_quoted)
+        fixed_uri = legacy_parse_uri(image['location'], to_quoted,
+                                     image['id'])
         images_table.update()\
                     .where(images_table.c.id == image['id'])\
                     .values(location=fixed_uri).execute()
 
 
-def legacy_parse_uri(uri, to_quote):
+def legacy_parse_uri(uri, to_quote, image_id):
     """
     Parse URLs. This method fixes an issue where credentials specified
     in the URL are interpreted differently in Python 2.6.1+ than prior
@@ -87,7 +88,7 @@ def legacy_parse_uri(uri, to_quote):
                    "like so: "
                    "swift+http://user:pass@authurl.com/v1/container/obj")
 
-        LOG.error(_("Invalid store uri %(uri)s: %(reason)s") % locals())
+        LOG.error(_("Invalid store uri for image %s: %s") % (image_id, reason))
         raise exception.BadStoreUri(message=reason)
 
     pieces = urlparse.urlparse(uri)

glance/db/sqlalchemy/migrate_repo/versions/017_quote_encrypted_swift_credentials.py

@@ -80,7 +80,8 @@ def migrate_location_credentials(migrate_engine, to_quoted):
 
     for image in images:
         try:
-            fixed_uri = fix_uri_credentials(image['location'], to_quoted)
+            fixed_uri = fix_uri_credentials(image['location'], to_quoted,
+                                            image['id'])
             images_table.update()\
                         .where(images_table.c.id == image['id'])\
                         .values(location=fixed_uri).execute()
@@ -97,7 +98,7 @@ def encrypt_location(uri):
     return crypt.urlsafe_encrypt(CONF.metadata_encryption_key, uri, 64)
 
 
-def fix_uri_credentials(uri, to_quoted):
+def fix_uri_credentials(uri, to_quoted, image_id):
     """
     Fix the given uri's embedded credentials by round-tripping with
     StoreLocation.
@@ -119,10 +120,10 @@ def fix_uri_credentials(uri, to_quoted):
     except (TypeError, ValueError) as e:
         raise exception.Invalid(str(e))
 
-    return legacy_parse_uri(decrypted_uri, to_quoted)
+    return legacy_parse_uri(decrypted_uri, to_quoted, image_id)
 
 
-def legacy_parse_uri(uri, to_quote):
+def legacy_parse_uri(uri, to_quote, image_id):
     """
     Parse URLs. This method fixes an issue where credentials specified
     in the URL are interpreted differently in Python 2.6.1+ than prior
@@ -150,7 +151,7 @@ def legacy_parse_uri(uri, to_quote):
                    "like so: "
                    "swift+http://user:pass@authurl.com/v1/container/obj")
 
-        LOG.error(_("Invalid store uri %(uri)s: %(reason)s") % locals())
+        LOG.error(_("Invalid store uri for image %s: %s") % (image_id, reason))
         raise exception.BadStoreUri(message=reason)
 
     pieces = urlparse.urlparse(uri)

glance/store/__init__.py

@@ -272,14 +272,14 @@ def safe_delete_from_backend(context, uri, image_id, **kwargs):
     try:
         return delete_from_backend(context, uri, **kwargs)
     except exception.NotFound:
-        msg = _('Failed to delete image in store at URI: %s')
-        LOG.warn(msg % uri)
+        msg = _('Failed to delete image %s in store from URI')
+        LOG.warn(msg % image_id)
     except exception.StoreDeleteNotSupported as e:
         LOG.warn(str(e))
     except UnsupportedBackend:
         exc_type = sys.exc_info()[0].__name__
-        msg = (_('Failed to delete image at %s from store (%s)') %
-               (uri, exc_type))
+        msg = (_('Failed to delete image %s from store (%s)') %
+               (image_id, exc_type))
         LOG.error(msg)
 
 

glance/store/s3.py

@@ -122,7 +122,7 @@ class StoreLocation(glance.store.location.StoreLocation):
                        "s3+https:// scheme, like so: "
                        "s3+https://accesskey:secretkey@"
                        "s3.amazonaws.com/bucket/key-id")
-            LOG.debug(_("Invalid store uri %(uri)s: %(reason)s") % locals())
+            LOG.debug(_("Invalid store uri: %s") % reason)
             raise exception.BadStoreUri(message=reason)
 
         pieces = urlparse.urlparse(uri)

glance/store/scrubber.py

@@ -442,8 +442,8 @@ class Scrubber(object):
             uri = crypt.urlsafe_decrypt(CONF.metadata_encryption_key, uri)
 
         try:
-            LOG.debug(_("Deleting %(uri)s from image %(image_id)s.") %
-                      {'image_id': image_id, 'uri': uri})
+            LOG.debug(_("Deleting URI from image %(image_id)s.") %
+                      {'image_id': image_id})
 
             # Here we create a request context with credentials to support
             # delayed delete when using multi-tenant backend storage
@@ -455,8 +455,8 @@ class Scrubber(object):
 
             self.store_api.delete_from_backend(admin_context, uri)
         except Exception:
-            msg = _("Failed to delete image %(image_id)s from %(uri)s.")
-            LOG.error(msg % {'image_id': image_id, 'uri': uri})
+            msg = _("Failed to delete URI from image %(image_id)s")
+            LOG.error(msg % {'image_id': image_id})
 
     def _read_cleanup_file(self, file_path):
         """Reading cleanup to get latest cleanup timestamp.