From 88ad9a7bbfccfd7ac3405df86ceaf37c696031cf Mon Sep 17 00:00:00 2001 From: Mahnoor Asghar Date: Wed, 24 Jul 2024 05:53:13 -0400 Subject: [PATCH] Log node UUID and not entire node instance to avoid logging its driver_info field Change-Id: I07eed090920c777046fe29618d5d8be42618a0f6 --- ironic/conductor/cleaning.py | 2 +- ...ve-node-object-from-log-statement-f1b92a8ca26686c2.yaml | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/remove-node-object-from-log-statement-f1b92a8ca26686c2.yaml diff --git a/ironic/conductor/cleaning.py b/ironic/conductor/cleaning.py index 7fea76263b..8f8f0020b2 100644 --- a/ironic/conductor/cleaning.py +++ b/ironic/conductor/cleaning.py @@ -54,7 +54,7 @@ def do_node_clean(task, clean_steps=None, disable_ramdisk=False): how = ('API' if node.automated_clean is False else 'configuration') LOG.info('Automated cleaning is disabled via %(how)s, node %(node)s ' 'has been successfully moved to AVAILABLE state', - {'how': how, 'node': node}) + {'how': how, 'node': node.uuid}) return # NOTE(dtantsur): this is only reachable during automated cleaning, diff --git a/releasenotes/notes/remove-node-object-from-log-statement-f1b92a8ca26686c2.yaml b/releasenotes/notes/remove-node-object-from-log-statement-f1b92a8ca26686c2.yaml new file mode 100644 index 0000000000..93d091f68e --- /dev/null +++ b/releasenotes/notes/remove-node-object-from-log-statement-f1b92a8ca26686c2.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + Log the node UUID instead of the full node object in + ironic/conductor/cleaning.py, to avoid logging the node's driver_info + property (containing its BMC username and password). +