From f4a694f60775eecdce4e52e446113630a5d75654 Mon Sep 17 00:00:00 2001
From: Gerrit User 9816 <9816@4a232e18-c5a9-48ee-94c0-e04e7cca6543>
Date: Tue, 5 Mar 2024 02:51:16 +0000
Subject: [PATCH] Update patch set 2

Patch Set 2:

(1 comment)

Patch-set: 2
Attention: {"person_ident":"Gerrit User 36396 \u003c36396@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"ADD","reason":"\u003cGERRIT_ACCOUNT_9816\u003e replied on the change"}
Attention: {"person_ident":"Gerrit User 9816 \u003c9816@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"REMOVE","reason":"\u003cGERRIT_ACCOUNT_9816\u003e replied on the change"}
---
 463b4bf5fdaf15775269da9ed9335d259b5ef852 | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/463b4bf5fdaf15775269da9ed9335d259b5ef852 b/463b4bf5fdaf15775269da9ed9335d259b5ef852
index 13992e7..c84c147 100644
--- a/463b4bf5fdaf15775269da9ed9335d259b5ef852
+++ b/463b4bf5fdaf15775269da9ed9335d259b5ef852
@@ -158,6 +158,30 @@
       "revId": "463b4bf5fdaf15775269da9ed9335d259b5ef852",
       "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
     },
+    {
+      "unresolved": true,
+      "key": {
+        "uuid": "4e22ed25_407c9704",
+        "filename": "oslo_privsep/daemon.py",
+        "patchSetId": 2
+      },
+      "lineNbr": 499,
+      "author": {
+        "id": 9816
+      },
+      "writtenOn": "2024-03-05T02:51:16Z",
+      "side": 1,
+      "message": "\u003e it is possible that other sensitive information could be logged. For example, /etc/iscsi/iscsid.conf containing CHAP secrets). What do you think?\n\nCinder (or other services using os-brick) does not read iscsid.conf directly but read it within iscsiadm command so the content of iscsid.conf is not dumped unless iscsiadm does.\n\nThe current problem is now specific to scaleio connector and is caused by the implementation in scaleio connector which uses rootwrap to read password from scaleio config file. I wonder if that is really required. Can\u0027t we require users to add nova/cinder user to the group which has read access to the scale io config file ? I think that is much simpler approach.\n\nAnother option may be to implement a logic within os-brick to encrypt the output of get_eonnector_password and then decrypt it at _get_password_token(like b64encode/decode)",
+      "parentUuid": "ec697925_79e5717d",
+      "range": {
+        "startLine": 499,
+        "startChar": 54,
+        "endLine": 499,
+        "endChar": 75
+      },
+      "revId": "463b4bf5fdaf15775269da9ed9335d259b5ef852",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
     {
       "unresolved": true,
       "key": {