Remove sensitive info from rpc logging.

Fixes bug 920687

Change-Id: Ic83145adcfe73c29a85e7916f2fda48d1bb5ccea

nova/rpc/common.py

@@ -17,6 +17,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import copy
 
 from nova import exception
 from nova import flags
@@ -102,3 +103,19 @@ class Connection(object):
         pool for dispatching the messages to the proxy objects.
         """
         raise NotImplementedError()
+
+
+def _safe_log(log_func, msg, msg_data):
+    """Sanitizes the msg_data field before logging."""
+    SANITIZE = {'set_admin_password': ('new_pass',)}
+    method = msg_data['method']
+    if method in SANITIZE:
+        msg_data = copy.deepcopy(msg_data)
+        args_to_sanitize = SANITIZE[method]
+        for arg in args_to_sanitize:
+            try:
+                msg_data['args'][arg] = "<SANITIZED>"
+            except KeyError:
+                pass
+
+    return log_func(msg, msg_data)

nova/rpc/impl_carrot.py

@@ -258,7 +258,7 @@ class AdapterConsumer(Consumer):
         # the previous context is stored in local.store.context
         if hasattr(local.store, 'context'):
             del local.store.context
-        LOG.debug(_('received %s') % message_data)
+        rpc_common._safe_log(LOG.debug, _('received %s'), message_data)
         # This will be popped off in _unpack_context
         msg_id = message_data.get('_msg_id', None)
         ctxt = _unpack_context(message_data)

nova/rpc/impl_kombu.py

@@ -700,7 +700,7 @@ class ProxyCallback(object):
         # the previous context is stored in local.store.context
         if hasattr(local.store, 'context'):
             del local.store.context
-        LOG.debug(_('received %s') % message_data)
+        rpc_common._safe_log(LOG.debug, _('received %s'), message_data)
         ctxt = _unpack_context(message_data)
         method = message_data.get('method')
         args = message_data.get('args', {})