It would help debugging considerably if a failure in execute()
generated a message (at a client specified logging level). Such a
message, generated by execute() would only occur if the user requested
it by specifying a parameter (log_errors), and execute() were to throw
an exception. As an example, this change would address the issue being
addressed in bug 1340124 for the Trove project only.
DocImpact: New parameter added to processutils.execute(). The
possible values of the log_errors parameter are 'all' or 'final'. The
default value of None implies no logging. If it is set to 'final',
stdout and stderr are logged on the final failure. If it is set to
'all', stdout and stderr are logged on every failure.
Originally-submitted-in: If8180e042e1a05374ef705f5873cc0981243619f
Change-Id: Id9e94bd8d009b8f134f0b681da5dec5717d662ff
DocImpact:
Closes-Bug: #1342857
Suggested-By: Peter Stachowski <peter@tesora.com>
Reported-By: Ionuț Arțăriși <iartarisi@suse.cz>
When a ProcessExecutionError is thrown by processutils.ssh_execute(),
the exception may contain information such as password. Upstream
applications that just log the message (as several appear to do) could
inadvertently expose these passwords to a user with read access to the
log files. It is therefore considered prudent to invoke
strutils.mask_password() on the command, stdout and stderr in the
exception. A test case has been added to ensure that all three are
properly masked.
An earlier commit (e8199714) failed to address ssh_execute(). This
change set addresses ssh_execute.
OSSA is aware of this change request.
Change-Id: I0db9e98cbeb2a5e6f9ae0074f24717aa91cfc238
Closes-Bug: #1343604
Note that strutils is still used by jsonutils and log (used by
fileutils), so it isn't removed from openstack/common/.
Change-Id: I3a1e526c4310869747a4999e52a527604703e979
When a ProcessExecutionError is thrown by processutils.execute(), the
exception may contain information such as password. Upstream
applications that just log the message (as several appear to do) could
inadvertently expose these passwords to a user with read access to the
log files. It is therefore considered prudent to invoke
strutils.mask_password() on the command, stdout and stderr in the
exception. A test case has been added to ensure that all three are
properly masked.
OSSA is aware of this change request.
Originally-Submitted-In: I173dfb865e84eb7dee54a22c76db1e4f125a0a8a
Change-Id: Ie122db5f19802f519b96ed024ab3f2b5eede3eee
Closes-Bug: #1343604
