Mask logging of connection info for iSCSI connector
The iSCSI Connector object could possibly log CHAP passwords to the log file. This patch uses the oslo strutils to mask out any passwords that may get logged. Change-Id: I3496377874bf5820afd919923282c846a956ef67
This commit is contained in:
parent
c454d1c63a
commit
e9f318e9b6
|
@ -373,7 +373,8 @@ class ISCSIConnector(base.BaseLinuxConnector, base_iscsi.BaseISCSIConnector):
|
|||
Try and update the local kernel's size information
|
||||
for an iSCSI volume.
|
||||
"""
|
||||
LOG.info("Extend volume for %s", connection_properties)
|
||||
LOG.info("Extend volume for %s",
|
||||
strutils.mask_dict_password(connection_properties))
|
||||
|
||||
volume_paths = self.get_volume_paths(connection_properties)
|
||||
LOG.info("Found paths for volume %s", volume_paths)
|
||||
|
@ -382,7 +383,8 @@ class ISCSIConnector(base.BaseLinuxConnector, base_iscsi.BaseISCSIConnector):
|
|||
else:
|
||||
LOG.warning("Couldn't find any volume paths on the host to "
|
||||
"extend volume for %(props)s",
|
||||
{'props': connection_properties})
|
||||
{'props': strutils.mask_dict_password(
|
||||
connection_properties)})
|
||||
raise exception.VolumePathsNotFound()
|
||||
|
||||
@utils.trace
|
||||
|
|
|
@ -1030,6 +1030,53 @@ Setting up iSCSI targets: unused
|
|||
new_size = self.connector.extend_volume(connection_info['data'])
|
||||
self.assertEqual(fake_new_size, new_size)
|
||||
|
||||
@mock.patch.object(iscsi.LOG, 'info')
|
||||
@mock.patch.object(linuxscsi.LinuxSCSI, 'extend_volume')
|
||||
@mock.patch.object(iscsi.ISCSIConnector, 'get_volume_paths')
|
||||
def test_extend_volume_mask_password(self, mock_volume_paths,
|
||||
mock_scsi_extend,
|
||||
mock_log_info):
|
||||
fake_new_size = 1024
|
||||
mock_volume_paths.return_value = ['/dev/vdx']
|
||||
mock_scsi_extend.return_value = fake_new_size
|
||||
volume = {'id': 'fake_uuid'}
|
||||
connection_info = self.iscsi_connection_chap(
|
||||
volume, "10.0.2.15:3260", "fake_iqn",
|
||||
'CHAP', 'fake_user', 'fake_password',
|
||||
'CHAP1', 'fake_user1', 'fake_password1')
|
||||
self.connector.extend_volume(connection_info['data'])
|
||||
|
||||
self.assertEqual(2, mock_log_info.call_count)
|
||||
self.assertIn("'auth_password': '***'",
|
||||
str(mock_log_info.call_args_list[0]))
|
||||
self.assertIn("'discovery_auth_password': '***'",
|
||||
str(mock_log_info.call_args_list[0]))
|
||||
|
||||
@mock.patch.object(iscsi.LOG, 'warning')
|
||||
@mock.patch.object(linuxscsi.LinuxSCSI, 'extend_volume')
|
||||
@mock.patch.object(iscsi.ISCSIConnector, 'get_volume_paths')
|
||||
def test_extend_volume_mask_password_no_paths(self, mock_volume_paths,
|
||||
mock_scsi_extend,
|
||||
mock_log_warning):
|
||||
fake_new_size = 1024
|
||||
mock_volume_paths.return_value = []
|
||||
mock_scsi_extend.return_value = fake_new_size
|
||||
volume = {'id': 'fake_uuid'}
|
||||
connection_info = self.iscsi_connection_chap(
|
||||
volume, "10.0.2.15:3260", "fake_iqn",
|
||||
'CHAP', 'fake_user', 'fake_password',
|
||||
'CHAP1', 'fake_user1', 'fake_password1')
|
||||
|
||||
self.assertRaises(exception.VolumePathsNotFound,
|
||||
self.connector.extend_volume,
|
||||
connection_info['data'])
|
||||
|
||||
self.assertEqual(1, mock_log_warning.call_count)
|
||||
self.assertIn("'auth_password': '***'",
|
||||
str(mock_log_warning.call_args_list[0]))
|
||||
self.assertIn("'discovery_auth_password': '***'",
|
||||
str(mock_log_warning.call_args_list[0]))
|
||||
|
||||
@mock.patch.object(os.path, 'isdir')
|
||||
def test_get_all_available_volumes_path_not_dir(self, mock_isdir):
|
||||
mock_isdir.return_value = False
|
||||
|
|
Loading…
Reference in New Issue