Browse Source

Fix manila logging rabbitmq password in debug mode

Manila will display the rabbitmq password if debugging is enabled.
This patch will ensure that the rabbitmq password is no longer
displayed in the connection log for Manila when debugging is
enabled by looking for the rabbitmq key and not printing it.

There should likely be an effort to utilize Oslo's secret flag for
options to truly fix this issue for this and other sensitive options.

Change-Id: I97cc88354d9b54057350c70c4742055197540d1a
Closes-Bug: 1750074
(cherry picked from commit 05e4f14ea1)
Dustin Schoenbrun 1 year ago
parent
commit
be8580b350

+ 1
- 0
manila/service.py View File

@@ -393,6 +393,7 @@ def wait():
393 393
         # hide flag contents from log if contains a password
394 394
         # should use secret flag when switch over to openstack-common
395 395
         if ("_password" in flag or "_key" in flag or
396
+                (flag == "transport_url" and "rabbit:" in flag_get) or
396 397
                 (flag == "sql_connection" and "mysql:" in flag_get)):
397 398
             LOG.debug('%(flag)s : FLAG SET ', {"flag": flag})
398 399
         else:

+ 4
- 0
releasenotes/notes/bug-1750074-fix-rabbitmq-password-in-debug-mode-4e136ff86223c4ea.yaml View File

@@ -0,0 +1,4 @@
1
+---
2
+fixes:
3
+  - rabbitmq password is no longer exposed in the logs when debugging is
4
+    enabled.

Loading…
Cancel
Save