keystoneauth

print the password in the log

Bug #1704515 reported by zhangdaolong
This bug report is a duplicate of:  Bug #1638978: Debug data isn't sanitized. Edit Remove
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
keystoneauth
In Progress
Low
zhangdaolong

Bug Description

 We should not let the password output log file.
 --------------------------------
 RESP BODY: {"connection_info": {"driver_volume_type": "iscsi", "data": {"auth_password": "3DyBmwSnBfLjJi7p", "target_discovered": false, "encrypted": false, "qos_specs": null, "target_iqn": "iqn.2010-10.org.openstack:volume-60f3818e-2d68-4443-90de-841b955c5a92", "target_portal": "172.16.34.86:3260", "volume_id": "60f3818e-2d68-4443-90de-841b955c5a92", "target_lun": 0, "access_mode": "rw", "auth_username": "nTxY6pvVU6eVyarcPknM", "auth_method": "CHAP"}}} _http_log_response /usr/lib/python2.7/site-packages/keystoneauth1/session.py

OpenStack Infra (hudson-openstack)
Changed in keystoneauth:
assignee: nobody → zhangdaolong (zhangdaolong)
status: New → In Progress
Samuel de Medeiros Queiroz (samueldmq)
Changed in keystoneauth:
importance: Undecided → High
Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

Changing to low priority, this is debug output.

Changed in keystoneauth:
importance: High → Low
Revision history for this message
Lance Bragstad (lbragstad) wrote :

The echo what was left of the current patch in review [0]. Keystoneauth is designed to have super minimal dependencies, which means the solution can't rely on code that can already handle this in oslo (unfortunately).

[0] https://review.openstack.org/#/c/483771/5

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystoneauth (master)

Change abandoned by zhangdaolong (<email address hidden>) on branch: master
Review: https://review.openstack.org/483771

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.