Mask logging of connection info for iSCSI connector

The iSCSI Connector object could possibly log CHAP passwords
to the log file.  This patch uses the oslo strutils to mask out
any passwords that may get logged.

Change-Id: I3496377874bf5820afd919923282c846a956ef67

os_brick/initiator/connectors/iscsi.py

@@ -373,7 +373,8 @@ class ISCSIConnector(base.BaseLinuxConnector, base_iscsi.BaseISCSIConnector):
         Try and update the local kernel's size information
         for an iSCSI volume.
         """
-        LOG.info("Extend volume for %s", connection_properties)
+        LOG.info("Extend volume for %s",
+                 strutils.mask_dict_password(connection_properties))
 
         volume_paths = self.get_volume_paths(connection_properties)
         LOG.info("Found paths for volume %s", volume_paths)
@@ -382,7 +383,8 @@ class ISCSIConnector(base.BaseLinuxConnector, base_iscsi.BaseISCSIConnector):
         else:
             LOG.warning("Couldn't find any volume paths on the host to "
                         "extend volume for %(props)s",
-                        {'props': connection_properties})
+                        {'props': strutils.mask_dict_password(
+                            connection_properties)})
             raise exception.VolumePathsNotFound()
 
     @utils.trace

os_brick/tests/initiator/connectors/test_iscsi.py

@@ -1030,6 +1030,53 @@ Setting up iSCSI targets: unused
         new_size = self.connector.extend_volume(connection_info['data'])
         self.assertEqual(fake_new_size, new_size)
 
+    @mock.patch.object(iscsi.LOG, 'info')
+    @mock.patch.object(linuxscsi.LinuxSCSI, 'extend_volume')
+    @mock.patch.object(iscsi.ISCSIConnector, 'get_volume_paths')
+    def test_extend_volume_mask_password(self, mock_volume_paths,
+                                         mock_scsi_extend,
+                                         mock_log_info):
+        fake_new_size = 1024
+        mock_volume_paths.return_value = ['/dev/vdx']
+        mock_scsi_extend.return_value = fake_new_size
+        volume = {'id': 'fake_uuid'}
+        connection_info = self.iscsi_connection_chap(
+            volume, "10.0.2.15:3260", "fake_iqn",
+            'CHAP', 'fake_user', 'fake_password',
+            'CHAP1', 'fake_user1', 'fake_password1')
+        self.connector.extend_volume(connection_info['data'])
+
+        self.assertEqual(2, mock_log_info.call_count)
+        self.assertIn("'auth_password': '***'",
+                      str(mock_log_info.call_args_list[0]))
+        self.assertIn("'discovery_auth_password': '***'",
+                      str(mock_log_info.call_args_list[0]))
+
+    @mock.patch.object(iscsi.LOG, 'warning')
+    @mock.patch.object(linuxscsi.LinuxSCSI, 'extend_volume')
+    @mock.patch.object(iscsi.ISCSIConnector, 'get_volume_paths')
+    def test_extend_volume_mask_password_no_paths(self, mock_volume_paths,
+                                                  mock_scsi_extend,
+                                                  mock_log_warning):
+        fake_new_size = 1024
+        mock_volume_paths.return_value = []
+        mock_scsi_extend.return_value = fake_new_size
+        volume = {'id': 'fake_uuid'}
+        connection_info = self.iscsi_connection_chap(
+            volume, "10.0.2.15:3260", "fake_iqn",
+            'CHAP', 'fake_user', 'fake_password',
+            'CHAP1', 'fake_user1', 'fake_password1')
+
+        self.assertRaises(exception.VolumePathsNotFound,
+                          self.connector.extend_volume,
+                          connection_info['data'])
+
+        self.assertEqual(1, mock_log_warning.call_count)
+        self.assertIn("'auth_password': '***'",
+                      str(mock_log_warning.call_args_list[0]))
+        self.assertIn("'discovery_auth_password': '***'",
+                      str(mock_log_warning.call_args_list[0]))
+
     @mock.patch.object(os.path, 'isdir')
     def test_get_all_available_volumes_path_not_dir(self, mock_isdir):
         mock_isdir.return_value = False