Dell PowerFlex password appears in plain text when creating a volume

from an image This patch fixes the issue of password getting writen in plain text in logs while creating a new volume. It created a new logger with default log level at error. Closes-Bug: #2003179 Change-Id: I0292a30f402e5acddd8bbc31dfaef12ce24bf0b9
2023-06-15 18:30:22 +00:00 · 2023-06-15 18:30:22 +00:00 · 33661ece80
parent ccda511ed5
commit 33661ece80
4 changed files with 18 additions and 1 deletions
--- a/os_brick/init.py
+++ b/os_brick/init.py
@ -17,6 +17,8 @@ from os_brick import opts


 LOG = logging.getLogger(__name__)
+SECURE_LOG = logging.getLogger('brick-privsep-hide-output')
+SECURE_LOG.setLevel(logging.ERROR)


 def setup(conf, **kwargs):
--- a/os_brick/privileged/init.py
+++ b/os_brick/privileged/init.py
@ -33,3 +33,11 @@ default = priv_context.PrivContext(
    capabilities=capabilities,
    logger_name=__name__,
 )
+
+brick_privsep_hide_output = priv_context.PrivContext(
+    __name__,
+    cfg_section='privsep_osbrick',
+    pypath=__name__ + '.default',
+    capabilities=capabilities,
+    logger_name='brick_privsep_hide_output',
+)
--- a/os_brick/privileged/scaleio.py
+++ b/os_brick/privileged/scaleio.py
@ -74,7 +74,7 @@ def rescan_vols(op_code):
        ioctl(fd, op_code, struct.pack('Q', 0))


-@privileged.default.entrypoint
+@privileged.brick_privsep_hide_output.entrypoint
 def get_connector_password(filename, config_group, failed_over):
    """Read ScaleIO connector configuration file and get appropriate password.

--- a/releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml
+++ b/releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    `Bug #2003179  <https://bugs.launchpad.net/cinder/+bug/2003179>`_: Fixed
+    issue with the ScaleIO connector where privsep was logging
+    password in plaintext. This was fixed by creating a new logger for the
+    ScaleIO connector with default log level set to ERROR.