summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDustin Schoenbrun <dschoenb@redhat.com>2018-02-21 10:53:41 -0500
committerDustin Schoenbrun <dschoenb@redhat.com>2018-02-21 19:57:18 +0000
commitbe8580b350c34c91494cb553eb15e6b61ef250b7 (patch)
treee9c376cccc684e71214cc65d4c47162523076683
parent4a40da15fe0e9688c363371fd998ef7c3ba321ee (diff)
Fix manila logging rabbitmq password in debug mode6.0.0.0rc36.0.0
Manila will display the rabbitmq password if debugging is enabled. This patch will ensure that the rabbitmq password is no longer displayed in the connection log for Manila when debugging is enabled by looking for the rabbitmq key and not printing it. There should likely be an effort to utilize Oslo's secret flag for options to truly fix this issue for this and other sensitive options. Change-Id: I97cc88354d9b54057350c70c4742055197540d1a Closes-Bug: 1750074 (cherry picked from commit 05e4f14ea1fbc7ce61c8f57a082080d09c63e357)
Notes
Notes (review): Code-Review+2: Tom Barron <tpb@dyncloud.net> Workflow+1: Tom Barron <tpb@dyncloud.net> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 22 Feb 2018 01:55:08 +0000 Reviewed-on: https://review.openstack.org/546755 Project: openstack/manila Branch: refs/heads/stable/queens
-rw-r--r--manila/service.py1
-rw-r--r--releasenotes/notes/bug-1750074-fix-rabbitmq-password-in-debug-mode-4e136ff86223c4ea.yaml4
2 files changed, 5 insertions, 0 deletions
diff --git a/manila/service.py b/manila/service.py
index d5c8159..eca2960 100644
--- a/manila/service.py
+++ b/manila/service.py
@@ -393,6 +393,7 @@ def wait():
393 # hide flag contents from log if contains a password 393 # hide flag contents from log if contains a password
394 # should use secret flag when switch over to openstack-common 394 # should use secret flag when switch over to openstack-common
395 if ("_password" in flag or "_key" in flag or 395 if ("_password" in flag or "_key" in flag or
396 (flag == "transport_url" and "rabbit:" in flag_get) or
396 (flag == "sql_connection" and "mysql:" in flag_get)): 397 (flag == "sql_connection" and "mysql:" in flag_get)):
397 LOG.debug('%(flag)s : FLAG SET ', {"flag": flag}) 398 LOG.debug('%(flag)s : FLAG SET ', {"flag": flag})
398 else: 399 else:
diff --git a/releasenotes/notes/bug-1750074-fix-rabbitmq-password-in-debug-mode-4e136ff86223c4ea.yaml b/releasenotes/notes/bug-1750074-fix-rabbitmq-password-in-debug-mode-4e136ff86223c4ea.yaml
new file mode 100644
index 0000000..59f2bbd
--- /dev/null
+++ b/releasenotes/notes/bug-1750074-fix-rabbitmq-password-in-debug-mode-4e136ff86223c4ea.yaml
@@ -0,0 +1,4 @@
1---
2fixes:
3 - rabbitmq password is no longer exposed in the logs when debugging is
4 enabled. \ No newline at end of file