Do not show access_key in s3 driver

Avoid possible leakage of s3 access keys by not including them in log messages. This patch includes commit d6e531af48 (change I8dc564bed33d6fc71965f4f573ae9109b410b1d4), which addressed some more log messages that the original patch had missed. The two commits are squashed here for ease in backporting (and also to make sure that *both* are always backported). Closes-Bug: #2047688 Change-Id: I9193df38d613259b61bb369fa1040fb2c51a21d7 (cherry picked from commit a5ba027922) (cherry picked from commit 1583aebb69)
2024-01-19 13:12:20 +08:00 · 2024-01-19 13:12:20 +08:00 · 45ad5df01f
parent aae8199f82
commit 45ad5df01f
1 changed files with 6 additions and 11 deletions
--- a/glance_store/_drivers/s3.py
+++ b/glance_store/_drivers/s3.py
@ -539,10 +539,8 @@ class Store(glance_store.driver.Store):
        key = s3_client.get_object(Bucket=bucket, Key=key)

        LOG.debug("Retrieved image object from S3 using s3_host=%(s3_host)s, "
-                  "access_key=%(accesskey)s, bucket=%(bucket)s, "
-                  "key=%(key)s)",
-                  {'s3_host': loc.s3serviceurl, 'accesskey': loc.accesskey,
-                   'bucket': bucket, 'key': key})
+                  "bucket=%(bucket)s key=%(key)s)",
+                  {'s3_host': loc.s3serviceurl, 'bucket': bucket, 'key': key})

        cs = self.READ_CHUNKSIZE

@ -623,10 +621,8 @@ class Store(glance_store.driver.Store):
                raise glance_store.BackendException(msg)

        LOG.debug("Adding image object to S3 using (s3_host=%(s3_host)s, "
-                  "access_key=%(access_key)s, bucket=%(bucket)s, "
-                  "key=%(key)s)",
-                  {'s3_host': self.s3_host, 'access_key': loc.accesskey,
-                   'bucket': bucket, 'key': key})
+                  "bucket=%(bucket)s, key=%(key)s)",
+                  {'s3_host': self.s3_host, 'bucket': bucket, 'key': key})

        if not self._object_exists(s3_client, bucket, key):
            if image_size < self.s3_store_large_object_size:
@ -830,9 +826,8 @@ class Store(glance_store.driver.Store):
            raise exceptions.NotFound(image=key)

        LOG.debug("Deleting image object from S3 using s3_host=%(s3_host)s, "
-                  "accesskey=%(accesskey)s, bucket=%(bucket)s, key=%(key)s)",
-                  {'s3_host': loc.s3serviceurl, 'accesskey': loc.accesskey,
-                   'bucket': bucket, 'key': key})
+                  "bucket=%(bucket)s, key=%(key)s)",
+                  {'s3_host': loc.s3serviceurl, 'bucket': bucket, 'key': key})

        return s3_client.delete_object(Bucket=bucket, Key=key)