openstack/glance
Code Issues Proposed changes

Remove S3 credentials from debug log

Browse Source 
While sorting image locations using store weight, glance logs a
debug message which logs secret and access key for s3 backend.

Removing the debug log to avoid leaking of the s3 credentials.

Closes-Bug: #2095304
SecurityImpact

Change-Id: I24073c1b1e5ea92357d9a774e6c9c9cbf0980a44
(cherry picked from commit 33fa9596eb)
(cherry picked from commit d1cc917a29)
This commit is contained in:
Abhishek Kekane
2025-01-22 07:03:28 +00:00
parent d0be1beded
commit 265ad47616
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
glance/common/utils.py
View File

@@ -733,5 +733,9 @@ def sort_image_locations(locations):
return store.weight if store is not None else 0
sorted_locations = sorted(locations, key=get_store_weight, reverse=True)
LOG.debug(('Sorted locations: %s'), sorted_locations)
scrubbed = []
for loc in sorted_locations:
scrubbed.append({'store_name': loc["metadata"].get("store")})
LOG.debug(('Sorted locations: %s'), scrubbed)
return sorted_locations