From 33661ece808a6c32ad36aee0acb46a3c0624d7ce Mon Sep 17 00:00:00 2001
From: tony-saad <tony.saad@dell.com>
Date: Thu, 15 Jun 2023 18:30:22 +0000
Subject: [PATCH] Dell PowerFlex password appears in plain text when creating a
 volume from an image

This patch fixes the issue of password getting writen in plain text in
logs while creating a new volume. It created a new logger with default
log level at error.

Closes-Bug: #2003179
Change-Id: I0292a30f402e5acddd8bbc31dfaef12ce24bf0b9
---
 os_brick/__init__.py                                 | 2 ++
 os_brick/privileged/__init__.py                      | 8 ++++++++
 os_brick/privileged/scaleio.py                       | 2 +-
 releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml | 7 +++++++
 4 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml

diff --git a/os_brick/__init__.py b/os_brick/__init__.py
index 602a8ccae..e939cd3b9 100644
--- a/os_brick/__init__.py
+++ b/os_brick/__init__.py
@@ -17,6 +17,8 @@ from os_brick import opts
 
 
 LOG = logging.getLogger(__name__)
+SECURE_LOG = logging.getLogger('brick-privsep-hide-output')
+SECURE_LOG.setLevel(logging.ERROR)
 
 
 def setup(conf, **kwargs):
diff --git a/os_brick/privileged/__init__.py b/os_brick/privileged/__init__.py
index 4fc348c75..cf3513dcb 100644
--- a/os_brick/privileged/__init__.py
+++ b/os_brick/privileged/__init__.py
@@ -33,3 +33,11 @@ default = priv_context.PrivContext(
     capabilities=capabilities,
     logger_name=__name__,
 )
+
+brick_privsep_hide_output = priv_context.PrivContext(
+    __name__,
+    cfg_section='privsep_osbrick',
+    pypath=__name__ + '.default',
+    capabilities=capabilities,
+    logger_name='brick_privsep_hide_output',
+)
diff --git a/os_brick/privileged/scaleio.py b/os_brick/privileged/scaleio.py
index 4b619b45f..15969e939 100644
--- a/os_brick/privileged/scaleio.py
+++ b/os_brick/privileged/scaleio.py
@@ -74,7 +74,7 @@ def rescan_vols(op_code):
         ioctl(fd, op_code, struct.pack('Q', 0))
 
 
-@privileged.default.entrypoint
+@privileged.brick_privsep_hide_output.entrypoint
 def get_connector_password(filename, config_group, failed_over):
     """Read ScaleIO connector configuration file and get appropriate password.
 
diff --git a/releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml b/releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml
new file mode 100644
index 000000000..a1f3f7334
--- /dev/null
+++ b/releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    `Bug #2003179  <https://bugs.launchpad.net/cinder/+bug/2003179>`_: Fixed
+    issue with the ScaleIO connector where privsep was logging
+    password in plaintext. This was fixed by creating a new logger for the
+    ScaleIO connector with default log level set to ERROR.