At many places, processutils.ssh_execute() is being invoked to run
a command over ssh and output returned is parsed to get appropriate
information. In this flow, unsanitized output is being expected
where processutils.ssh_execute() was invoked but found that
output like volume details(containing "password" string in its name)
is being masked away with strutils.mask_password(stdout) even though
no error occured during command execution.
This is regression issue from patch[0]. In this fix, stdout and stderr
in processutils.ssh_execute() will be masked only when
ProcessExecutionError exception is thrown i.e. command execution failed
due to some reasons.
Reviewed: https:/ /review. openstack. org/547388 /git.openstack. org/cgit/ openstack/ oslo.concurrenc y/commit/ ?id=0c4718fcb77 e9f4e3a22ae4588 69b7294b7bc91f
Committed: https:/
Submitter: Zuul
Branch: stable/queens
commit 0c4718fcb77e9f4 e3a22ae458869b7 294b7bc91f
Author: prashkre <email address hidden>
Date: Thu Jan 25 13:41:42 2018 +0530
Mask passwords only when command execution fails
At many places, processutils. ssh_execute( ) is being invoked to run ssh_execute( ) was invoked but found that mask_password( stdout) even though
a command over ssh and output returned is parsed to get appropriate
information. In this flow, unsanitized output is being expected
where processutils.
output like volume details(containing "password" string in its name)
is being masked away with strutils.
no error occured during command execution.
This is regression issue from patch[0]. In this fix, stdout and stderr ssh_execute( ) will be masked only when utionError exception is thrown i.e. command execution failed
in processutils.
ProcessExec
due to some reasons.
[0] https:/ /github. com/openstack/ oslo.concurrenc y/commit/ 7ec867bd6ec78c3 01f11c2bdd0d5f
ae9e05bfc3d
Change-Id: I2ce344330905ee f437ef3f89a2a01 169a30df8ab 6c23a7ca2eaa886 9438fb4d31)
Closes-Bug: #1482382
(cherry picked from commit 21ae27e66d77f27