Fuel for OpenStack

Hide all passwords from upgrade logs

Bug #1387164 reported by Sebastian Kalinowski
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Committed
High
Unassigned
Fuel for OpenStack 6.0

Bug Description

Upgrade scripts logs all configuration data into the log file like:

2014-08-12 09:33:03 DEBUG 20499 (cli) Configuration data: {'cobbler_container_config_path':
....
'keystone_credentials': {'username': 'admin', 'tenant_name': 'admin', 'password': 'admin', 'auth_url': 'http://10.108.0.2:5000/v2.0/tokens'}
....

Configuration contains password to various services/modules. All sensitive data must be removed/hidden from the configuration dump.

deactivateduser (deactivateduser-deactivatedaccount)
Changed in fuel:
assignee: Fuel Python Team (fuel-python) → Ivan Kliuk (ivankliuk)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-web (master)

Fix proposed to branch: master
Review: https://review.openstack.org/133314

Changed in fuel:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/135340

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-web (master)

Reviewed: https://review.openstack.org/135340
Committed: https://git.openstack.org/cgit/stackforge/fuel-web/commit/?id=109abbbdaf8ca11b39305699330599c3fd14badf
Submitter: Jenkins
Branch: master

commit 109abbbdaf8ca11b39305699330599c3fd14badf
Author: Ivan Kliuk <email address hidden>
Date: Tue Nov 18 18:17:12 2014 +0200

    Remove passwords reflection from logging messages

      Implement custom Logger class for sanitizing dict(), list() and
      fuel_upgrade.config.Config() instances.
      Add sanitizer() function which substitutes config data with mask
      based on keywords.
      Refactor all logger calls to use the sanitizer.

    Closes-Bug: 1387164
    Change-Id: I810610aed59f7a6a904b1bcfe4d89b674aba96fc

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-web (master)

Change abandoned by Ivan Kliuk (<email address hidden>) on branch: master
Review: https://review.openstack.org/133314
Reason: The functionality has been implemented here: https://review.openstack.org/#/c/135340/

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.