From 54458334136b284bb0c45373e7cacf5c1fa0ab99 Mon Sep 17 00:00:00 2001
From: Brad Pokorny <bpokorny@us.ibm.com>
Date: Fri, 16 May 2014 03:59:36 +0000
Subject: [PATCH] Mask node.session.auth.password in volume.py _run_iscsiadm
 debug logs

The iscsi_command object passed to _run_iscsiadm can contain passwords
that get logged at debug level, so we need to sanitize the message
getting logged.

Adds a test to ensure the logged message is properly sanitized.

Closes-Bug: #1320028

Change-Id: I33f1a5b698368504721b41e56266162a713b3ce6
---
 nova/tests/virt/libvirt/test_volume.py | 20 ++++++++++++++++++++
 nova/virt/libvirt/volume.py            |  7 +++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/nova/tests/virt/libvirt/test_volume.py b/nova/tests/virt/libvirt/test_volume.py
index 65c3456b88e4..e022dc3fb605 100644
--- a/nova/tests/virt/libvirt/test_volume.py
+++ b/nova/tests/virt/libvirt/test_volume.py
@@ -343,6 +343,26 @@ class LibvirtVolumeTestCase(test.NoDBTestCase):
                                             ['-f', 'fake-multipath-devname'],
                                             check_exit_code=[0, 1])
 
+    def test_sanitize_log_run_iscsiadm(self):
+        # Tests that the parameters to the _run_iscsiadm function are sanitized
+        # for passwords when logged.
+        def fake_debug(*args, **kwargs):
+            self.assertIn('node.session.auth.password', args[0])
+            self.assertNotIn('scrubme', args[0])
+
+        libvirt_driver = volume.LibvirtISCSIVolumeDriver(self.fake_conn)
+        connection_info = self.iscsi_connection(self.vol, self.location,
+                                                self.iqn)
+        iscsi_properties = connection_info['data']
+        with mock.patch.object(volume.LOG, 'debug',
+                               side_effect=fake_debug) as debug_mock:
+            libvirt_driver._iscsiadm_update(iscsi_properties,
+                                            'node.session.auth.password',
+                                            'scrubme')
+            # we don't care what the log message is, we just want to make sure
+            # our stub method is called which asserts the password is scrubbed
+            self.assertTrue(debug_mock.called)
+
     def iser_connection(self, volume, location, iqn):
         return {
                 'driver_volume_type': 'iser',
diff --git a/nova/virt/libvirt/volume.py b/nova/virt/libvirt/volume.py
index 1f4f85cb034c..775822d4ef4e 100644
--- a/nova/virt/libvirt/volume.py
+++ b/nova/virt/libvirt/volume.py
@@ -231,8 +231,11 @@ class LibvirtISCSIVolumeDriver(LibvirtBaseVolumeDriver):
                                    '-p', iscsi_properties['target_portal'],
                                    *iscsi_command, run_as_root=True,
                                    check_exit_code=check_exit_code)
-        LOG.debug("iscsiadm %(command)s: stdout=%(out)s stderr=%(err)s",
-                  {'command': iscsi_command, 'out': out, 'err': err})
+        msg = ('iscsiadm %(command)s: stdout=%(out)s stderr=%(err)s' %
+               {'command': iscsi_command, 'out': out, 'err': err})
+        # NOTE(bpokorny): iscsi_command can contain passwords so we need to
+        # sanitize the password in the message.
+        LOG.debug(logging.mask_password(msg))
         return (out, err)
 
     def _iscsiadm_update(self, iscsi_properties, property_key, property_value,