Merge "Stop logging sensitive login information" into stable/yoga

2022-07-06 19:08:37 +00:00 · 2022-07-06 19:08:37 +00:00 · 3a4f78be9b
parent 00987a12d3 48f4bf6a16
commit 3a4f78be9b
2 changed files with 6 additions and 5 deletions
--- a/manila/utils.py
+++ b/manila/utils.py
@ -124,14 +124,10 @@ class SSHPool(pools.Pool):
        elif self.password:
            look_for_keys = False
        try:
-            LOG.debug("ssh.connect: ip: %s, port: %s, username: %s, "
-                      "password: %s, key_filename: %s, look_for_keys: %s, "
+            LOG.debug("ssh.connect: ip: %s, port: %s, look_for_keys: %s, "
                      "timeout: %s, banner_timeout: %s",
                      self.ip,
                      self.port,
-                      self.login,
-                      self.password,
-                      self.path_to_private_key,
                      look_for_keys,
                      self.conn_timeout,
                      self.conn_timeout)
--- a/releasenotes/notes/bug-1976370-stop-logging-login-information-b726d05ee805df27.yaml
+++ b/releasenotes/notes/bug-1976370-stop-logging-login-information-b726d05ee805df27.yaml
@ -0,0 +1,5 @@
+---
+security:
+  - |
+    The SSH utility module no longer logs usernames and passwords as
+    debug information.