From a0415ae7f54293a93366d979811331489282474c Mon Sep 17 00:00:00 2001
From: wangyu <wangyu@cmss.chinamobile.com>
Date: Tue, 14 Jan 2020 10:33:38 +0800
Subject: [PATCH] Remove password display for rabbitmq on connection log

When start karbor-protection and karbor-operationengine service,
Karbor will log rabbitmq password if debug is enabled. In a
production environment, this is pretty bad. This patch will fix it.

Change-Id: I11bd6db001739869fc6cddd005c9990d2943b809
Closes-Bug: #1859540
---
 karbor/service.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/karbor/service.py b/karbor/service.py
index 56b1f913..262f018d 100644
--- a/karbor/service.py
+++ b/karbor/service.py
@@ -417,6 +417,7 @@ def wait():
         # hide flag contents from log if contains a password
         # should use secret flag when switch over to openstack-common
         if ("_password" in flag or "_key" in flag or
+                (flag == "transport_url" and "rabbit:" in flag_get) or
                 (flag == "sql_connection" and
                     ("mysql:" in flag_get or "postgresql:" in flag_get))):
             LOG.debug('%s : FLAG SET ', flag)