[coordination] backend_url should be secret

The backend_url option can sometimes contain secrets. For example when redis coordination backend is used and authentication is enabled in redis, the plain redis password is put as an URL element. [coordination] backend_url=redis://:password@127.0.0.1:6379 Closes-Bug: #2012246 Change-Id: I381999e669bfe7a603c9233f9c22b6e80abc708b
2023-11-27 10:11:46 +09:00 · 2023-11-27 10:11:46 +09:00 · a14b17fc0c
parent c26f02f03c
commit a14b17fc0c
2 changed files with 7 additions and 0 deletions
--- a/cinder/coordination.py
+++ b/cinder/coordination.py
@ -38,6 +38,7 @@ LOG = log.getLogger(__name__)

 coordination_opts = [
    cfg.StrOpt('backend_url',
+               secret=True,
               default='file://$state_path',
               help='The backend URL to use for distributed coordination.'),
 ]
--- a/releasenotes/notes/bug-2012246-292d7d93260a1fe5.yaml
+++ b/releasenotes/notes/bug-2012246-292d7d93260a1fe5.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    `Bug #2008017 <https://bugs.launchpad.net/cinder/+bug/2012246>`_: Hide
+    value of the `[coordination] backend_url` option from logs because it can
+    contain credential.