Karbor logs rabbitmq password on connection log

Bug #1859540 reported by wangyu on 2020-01-14
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Karbor
Undecided
Unassigned

Bug Description

Karbor may log rabbitmq password on connection when DEBUG is on.

Example on karbor-protection and karbor-operationengine log after enabling DEBUG:

2020-01-13 20:56:20.138 49854 DEBUG karbor.service [-] transport_url : rabbit://openstack:RABBIT_PASS@controller wait /usr/lib/python2.7/site-packages/karbor/service.py:425

In a production environment, this is pretty bad.

This bug report is similar to another cinder bug: https://bugs.launchpad.net/cinder/+bug/1750074

Reviewed: https://review.opendev.org/702326
Committed: https://git.openstack.org/cgit/openstack/karbor/commit/?id=a0415ae7f54293a93366d979811331489282474c
Submitter: Zuul
Branch: master

commit a0415ae7f54293a93366d979811331489282474c
Author: wangyu <email address hidden>
Date: Tue Jan 14 10:33:38 2020 +0800

    Remove password display for rabbitmq on connection log

    When start karbor-protection and karbor-operationengine service,
    Karbor will log rabbitmq password if debug is enabled. In a
    production environment, this is pretty bad. This patch will fix it.

    Change-Id: I11bd6db001739869fc6cddd005c9990d2943b809
    Closes-Bug: #1859540

Changed in karbor:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers