Do not show access_key in s3 driver
Avoid possible leakage of s3 access keys by not including them in log messages. This patch includes commitd6e531af48
(change I8dc564bed33d6fc71965f4f573ae9109b410b1d4), which addressed some more log messages that the original patch had missed. The two commits are squashed here for ease in backporting (and also to make sure that *both* are always backported). Closes-Bug: #2047688 Change-Id: I9193df38d613259b61bb369fa1040fb2c51a21d7 (cherry picked from commita5ba027922
) (cherry picked from commit1583aebb69
)
This commit is contained in:
parent
aae8199f82
commit
45ad5df01f
|
@ -539,10 +539,8 @@ class Store(glance_store.driver.Store):
|
|||
key = s3_client.get_object(Bucket=bucket, Key=key)
|
||||
|
||||
LOG.debug("Retrieved image object from S3 using s3_host=%(s3_host)s, "
|
||||
"access_key=%(accesskey)s, bucket=%(bucket)s, "
|
||||
"key=%(key)s)",
|
||||
{'s3_host': loc.s3serviceurl, 'accesskey': loc.accesskey,
|
||||
'bucket': bucket, 'key': key})
|
||||
"bucket=%(bucket)s key=%(key)s)",
|
||||
{'s3_host': loc.s3serviceurl, 'bucket': bucket, 'key': key})
|
||||
|
||||
cs = self.READ_CHUNKSIZE
|
||||
|
||||
|
@ -623,10 +621,8 @@ class Store(glance_store.driver.Store):
|
|||
raise glance_store.BackendException(msg)
|
||||
|
||||
LOG.debug("Adding image object to S3 using (s3_host=%(s3_host)s, "
|
||||
"access_key=%(access_key)s, bucket=%(bucket)s, "
|
||||
"key=%(key)s)",
|
||||
{'s3_host': self.s3_host, 'access_key': loc.accesskey,
|
||||
'bucket': bucket, 'key': key})
|
||||
"bucket=%(bucket)s, key=%(key)s)",
|
||||
{'s3_host': self.s3_host, 'bucket': bucket, 'key': key})
|
||||
|
||||
if not self._object_exists(s3_client, bucket, key):
|
||||
if image_size < self.s3_store_large_object_size:
|
||||
|
@ -830,9 +826,8 @@ class Store(glance_store.driver.Store):
|
|||
raise exceptions.NotFound(image=key)
|
||||
|
||||
LOG.debug("Deleting image object from S3 using s3_host=%(s3_host)s, "
|
||||
"accesskey=%(accesskey)s, bucket=%(bucket)s, key=%(key)s)",
|
||||
{'s3_host': loc.s3serviceurl, 'accesskey': loc.accesskey,
|
||||
'bucket': bucket, 'key': key})
|
||||
"bucket=%(bucket)s, key=%(key)s)",
|
||||
{'s3_host': loc.s3serviceurl, 'bucket': bucket, 'key': key})
|
||||
|
||||
return s3_client.delete_object(Bucket=bucket, Key=key)
|
||||
|
||||
|
|
Loading…
Reference in New Issue