From 33661ece808a6c32ad36aee0acb46a3c0624d7ce Mon Sep 17 00:00:00 2001 From: tony-saad <tony.saad@dell.com> Date: Thu, 15 Jun 2023 18:30:22 +0000 Subject: [PATCH] Dell PowerFlex password appears in plain text when creating a volume from an image This patch fixes the issue of password getting writen in plain text in logs while creating a new volume. It created a new logger with default log level at error. Closes-Bug: #2003179 Change-Id: I0292a30f402e5acddd8bbc31dfaef12ce24bf0b9 --- os_brick/__init__.py | 2 ++ os_brick/privileged/__init__.py | 8 ++++++++ os_brick/privileged/scaleio.py | 2 +- releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml | 7 +++++++ 4 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml diff --git a/os_brick/__init__.py b/os_brick/__init__.py index 602a8ccae..e939cd3b9 100644 --- a/os_brick/__init__.py +++ b/os_brick/__init__.py @@ -17,6 +17,8 @@ from os_brick import opts LOG = logging.getLogger(__name__) +SECURE_LOG = logging.getLogger('brick-privsep-hide-output') +SECURE_LOG.setLevel(logging.ERROR) def setup(conf, **kwargs): diff --git a/os_brick/privileged/__init__.py b/os_brick/privileged/__init__.py index 4fc348c75..cf3513dcb 100644 --- a/os_brick/privileged/__init__.py +++ b/os_brick/privileged/__init__.py @@ -33,3 +33,11 @@ default = priv_context.PrivContext( capabilities=capabilities, logger_name=__name__, ) + +brick_privsep_hide_output = priv_context.PrivContext( + __name__, + cfg_section='privsep_osbrick', + pypath=__name__ + '.default', + capabilities=capabilities, + logger_name='brick_privsep_hide_output', +) diff --git a/os_brick/privileged/scaleio.py b/os_brick/privileged/scaleio.py index 4b619b45f..15969e939 100644 --- a/os_brick/privileged/scaleio.py +++ b/os_brick/privileged/scaleio.py @@ -74,7 +74,7 @@ def rescan_vols(op_code): ioctl(fd, op_code, struct.pack('Q', 0)) -@privileged.default.entrypoint +@privileged.brick_privsep_hide_output.entrypoint def get_connector_password(filename, config_group, failed_over): """Read ScaleIO connector configuration file and get appropriate password. diff --git a/releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml b/releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml new file mode 100644 index 000000000..a1f3f7334 --- /dev/null +++ b/releasenotes/notes/bug-2003179-44a6c90dd17c88f7.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + `Bug #2003179 <https://bugs.launchpad.net/cinder/+bug/2003179>`_: Fixed + issue with the ScaleIO connector where privsep was logging + password in plaintext. This was fixed by creating a new logger for the + ScaleIO connector with default log level set to ERROR.