oslo.utils

encryption_key_id is not masked

Bug #1814365 reported by yenai on 2019-02-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	oslo.utils	Fix Released	Undecided	yenai

Bug Description

When attach an encrypted volume, os-brick will output a debug msg:

Jan 12 21:12:05 localhost.localdomain nova-compute[59989]: DEBUG os_brick.encryptors [None req-a75d8573-9141-414d-86dc-1c3bb9af6585 admin admin] Using volume encryption metadata '{u'cipher': u'aes-xts-plain64', u'encryption_key_id': u'00000000-0000-0000-0000-000000000000', u'provider': u'luks', u'key_size': 256, u'control_location': u'front-end'}' for connection: {'status': u'reserved', 'detached_at': u'', u'volume_id': u'399284b9-f750-4938-8c3f-cded1383ed74', 'attach_mode': u'null', 'driver_volume_type': u'iscsi', 'instance': u'e8f6d6ca-9a25-4ebf-bfaf-b613632f1764', 'attached_at': u'', 'serial': u'399284b9-f750-4938-8c3f-cded1383ed74', 'data': {u'access_mode': u'rw', u'target_discovered': False, u'encrypted': True, u'qos_specs': None, u'target_iqn': u'iqn.2010-10.org.openstack:volume-399284b9-f750-4938-8c3f-cded1383ed74', u'target_portal': u'192.168.43.139:3260', u'volume_id': u'399284b9-f750-4938-8c3f-cded1383ed74', u'target_lun': 0, u'auth_password': u'***', u'auth_username': u'GxLKPQf6qPXPGGtMDdQJ', u'auth_method': u'CHAP'}} {{(pid=59989) get_encryption_metadata /usr/lib/python2.7/site-packages/os_brick/encryptors/__init__.py:125}}

We should mask 'encryption_key_id' as well as 'auth_password'.

Tags:

yenai (yenai2008) on 2019-02-02

Changed in oslo.utils:
assignee:	nobody → yenai (yenai2008)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-02: Fix proposed to oslo.utils (master)

Fix proposed to branch: master
Review: https://review.openstack.org/634546

Changed in oslo.utils:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-27: Fix merged to oslo.utils (master)

Reviewed: https://review.openstack.org/634546
Committed: https://git.openstack.org/cgit/openstack/oslo.utils/commit/?id=08d76b5373dd19d0425d525983637f260d9be629
Submitter: Zuul
Branch: master

commit 08d76b5373dd19d0425d525983637f260d9be629
Author: yenai <email address hidden>
Date: Sat Feb 2 16:32:05 2019 +0800

Mask encryption_key_id

Change-Id: I9e684cd8bab85728ff0117f95a30eb7dbb5bf51c
Closes-Bug: #1814365

Changed in oslo.utils:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-26: Fix included in openstack/oslo.utils 3.41.0

This issue was fixed in the openstack/oslo.utils 3.41.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-11-13: Fix proposed to oslo.utils (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/694037

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-11-13: Fix proposed to oslo.utils (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/694038

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-11-13: Fix merged to oslo.utils (stable/stein)

Reviewed: https://review.opendev.org/694037
Committed: https://git.openstack.org/cgit/openstack/oslo.utils/commit/?id=3bd98032a2b7b6cc4a70d720e57dbd05265bc336
Submitter: Zuul
Branch: stable/stein

commit 3bd98032a2b7b6cc4a70d720e57dbd05265bc336
Author: yenai <email address hidden>
Date: Sat Feb 2 16:32:05 2019 +0800

Mask encryption_key_id

    Change-Id: I9e684cd8bab85728ff0117f95a30eb7dbb5bf51c
    Closes-Bug: #1814365
    (cherry picked from commit 08d76b5373dd19d0425d525983637f260d9be629)

tags:

added: in-stable-stein

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-11-13: Fix merged to oslo.utils (stable/rocky)

Reviewed: https://review.opendev.org/694038
Committed: https://git.openstack.org/cgit/openstack/oslo.utils/commit/?id=254d8e65471fedce1f17c6664f87c4f197ea7014
Submitter: Zuul
Branch: stable/rocky

commit 254d8e65471fedce1f17c6664f87c4f197ea7014
Author: yenai <email address hidden>
Date: Sat Feb 2 16:32:05 2019 +0800

Mask encryption_key_id

    Change-Id: I9e684cd8bab85728ff0117f95a30eb7dbb5bf51c
    Closes-Bug: #1814365
    (cherry picked from commit 08d76b5373dd19d0425d525983637f260d9be629)