mask_password is overzealous

Was there a problem creating the volume, or just with the logging of the operation?

Neither... the volume was created, but I was unable to delete it. I suspect this is the cause, and may cause other issues as well.

I don't think volume attach would work on this volume, since the lsvdisk call here [1] should hit this problem:

def get_vdisk_attributes(self, vdisk):
    attrs = self.ssh.lsvdisk(vdisk)
    return attrs

Etc.

[1] https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/ibm/storwize_svc/helpers.py#L633

Is this still a valid issue, from the bug description, it likes cinder use mask_password. We usuall use this method to log something. Can you point out how to use it in Cinder ?

No response for more info. Please reopen if this is still seen.

[Expired for oslo.utils because there has been no activity for 60 days.]

any update ?

Same issue is seen in my environment i.e. volume details are masked by stdout = strutils.mask_password(stdout) at [0] when "password" string exists in its name. In cinder, oslo_concurrency/processutils.ssh_execute() at [1] is being invoked at many places to run a command over ssh session and parse the returned output from it to get required information but due to above masking behavior before output is parsed(outside of processutils.ssh_execute()) causing an issue.

[0] https://github.com/openstack/oslo.concurrency/blob/master/oslo_concurrency/processutils.py#L540
[1] https://github.com/openstack/oslo.concurrency/blob/master/oslo_concurrency/processutils.py#L504

mask_password is just a mess. See comments in https://review.openstack.org/#/c/385197/ . At this point I'm convinced that we should have more specific methods for different cases, e.g. ssh_execute here, instead of a general method that tries to cover too many cases and thus can't handle any of them very well, which is what mask_password is today.

Fix proposed to branch: master
Review: https://review.openstack.org/537823

Reviewed: https://review.openstack.org/537823
Committed: https://git.openstack.org/cgit/openstack/oslo.concurrency/commit/?id=21ae27e66d77f276c23a7ca2eaa8869438fb4d31
Submitter: Zuul
Branch: master

commit 21ae27e66d77f276c23a7ca2eaa8869438fb4d31
Author: prashkre <email address hidden>
Date: Thu Jan 25 13:41:42 2018 +0530

    Mask passwords only when command execution fails

    At many places, processutils.ssh_execute() is being invoked to run
    a command over ssh and output returned is parsed to get appropriate
    information. In this flow, unsanitized output is being expected
    where processutils.ssh_execute() was invoked but found that
    output like volume details(containing "password" string in its name)
    is being masked away with strutils.mask_password(stdout) even though
    no error occured during command execution.

    This is regression issue from patch[0]. In this fix, stdout and stderr
    in processutils.ssh_execute() will be masked only when
    ProcessExecutionError exception is thrown i.e. command execution failed
    due to some reasons.

    [0] https://github.com/openstack/oslo.concurrency/commit/
    ae9e05bfc3d7ec867bd6ec78c301f11c2bdd0d5f

    Change-Id: I2ce344330905eef437ef3f89a2a01169a30df8ab
    Closes-Bug: #1482382

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/547388

Reviewed: https://review.openstack.org/547388
Committed: https://git.openstack.org/cgit/openstack/oslo.concurrency/commit/?id=0c4718fcb77e9f4e3a22ae458869b7294b7bc91f
Submitter: Zuul
Branch: stable/queens

commit 0c4718fcb77e9f4e3a22ae458869b7294b7bc91f
Author: prashkre <email address hidden>
Date: Thu Jan 25 13:41:42 2018 +0530

    Mask passwords only when command execution fails

    At many places, processutils.ssh_execute() is being invoked to run
    a command over ssh and output returned is parsed to get appropriate
    information. In this flow, unsanitized output is being expected
    where processutils.ssh_execute() was invoked but found that
    output like volume details(containing "password" string in its name)
    is being masked away with strutils.mask_password(stdout) even though
    no error occured during command execution.

    This is regression issue from patch[0]. In this fix, stdout and stderr
    in processutils.ssh_execute() will be masked only when
    ProcessExecutionError exception is thrown i.e. command execution failed
    due to some reasons.

    [0] https://github.com/openstack/oslo.concurrency/commit/
    ae9e05bfc3d7ec867bd6ec78c301f11c2bdd0d5f

    Change-Id: I2ce344330905eef437ef3f89a2a01169a30df8ab
    Closes-Bug: #1482382
    (cherry picked from commit 21ae27e66d77f276c23a7ca2eaa8869438fb4d31)

Fix proposed to branch: master
Review: https://review.openstack.org/549323

This issue was fixed in the openstack/oslo.concurrency 3.26.0 release.

This issue was fixed in the openstack/oslo.concurrency 3.25.1 release.

This issue was fixed in the openstack/cinder 14.0.0.0rc1 release candidate.

This issue was fixed in the openstack/requirements rocky-eol release.

This issue was fixed in the openstack/requirements stein-eol release.

This issue was fixed in the openstack/requirements yoga-eom release.

This issue was fixed in the openstack/requirements train-eol release.

This issue was fixed in the openstack/requirements ussuri-eol release.

This issue was fixed in the openstack/requirements victoria-eom release.

This issue was fixed in the openstack/requirements wallaby-eom release.

This issue was fixed in the openstack/requirements xena-eom release.

This issue was fixed in the openstack/requirements zed-eom release.