]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commitdiff
Code Review / openstack-build / cinder-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 77d6bf6)
Fix HDS HNAS driver logging password as plain text
authorTiago Pasqualini <tiagop.silva@fit-tecnologia.org.br>
Wed, 2 Sep 2015 17:58:03 +0000 (14:58 -0300)
committerTiago Pasqualini <tiagop.silva@fit-tecnologia.org.br>
Fri, 4 Sep 2015 19:00:25 +0000 (16:00 -0300)
HDS HNAS driver logs every command that is sent to HNAS. Some
commands need the HNAS password, so the driver ends up logging
this password as plain text. This patch changes these commands
syntax so that oslo_utils.strutils.mask_password can successfully
mask this password.

Change-Id: I720701d8ee2b944ad498917f668160894f1f07cc
Closes-Bug: #1491524

cinder/volume/drivers/hitachi/hnas_backend.py patch | blob | history
cinder/volume/drivers/hitachi/hnas_iscsi.py patch | blob | history
cinder/volume/drivers/hitachi/hnas_nfs.py patch | blob | history

diff --git a/cinder/volume/drivers/hitachi/hnas_backend.py b/cinder/volume/drivers/hitachi/hnas_backend.py
index f53466d8caf18ee452e7374140ae7b4347e6b1e2..a0374549b355aeb8805d33406ac977886aba82d2 100644 (file)
--- a/cinder/volume/drivers/hitachi/hnas_backend.py
+++ b/cinder/volume/drivers/hitachi/hnas_backend.py
@@ -56,7 +56,7 @@ class HnasBackend(object):
 
         if self.drv_configs['ssh_enabled'] != 'True':
             # Direct connection via ssc
-            args = (cmd, '-u', user, '-p', pw, ip0) + args
+            args = (cmd, '--user', user, '--password', pw, ip0) + args
 
             try:
                 out, err = utils.execute(*args, **kwargs)
diff --git a/cinder/volume/drivers/hitachi/hnas_iscsi.py b/cinder/volume/drivers/hitachi/hnas_iscsi.py
index bc8cfb6f07307ef7fe3d2bcdb058263600c51514..158b87c787782aacd9cf251555a3d8daf41fefe3 100644 (file)
--- a/cinder/volume/drivers/hitachi/hnas_iscsi.py
+++ b/cinder/volume/drivers/hitachi/hnas_iscsi.py
@@ -77,7 +77,9 @@ def _xml_read(root, element, check=None):
 
     try:
         val = root.findtext(element)
-        LOG.info(_LI("%(element)s: %(val)s"), {'element': element, 'val': val})
+        LOG.info(_LI("%(element)s: %(val)s"),
+                 {'element': element,
+                  'val': val if element != 'password' else '***'})
         if val:
             return val.strip()
         if check:
diff --git a/cinder/volume/drivers/hitachi/hnas_nfs.py b/cinder/volume/drivers/hitachi/hnas_nfs.py
index 55daa86c47596147860119039c4eedfc9effcb68..c87f9127ab62911ce4f532eca02143e548e82aa7 100644 (file)
--- a/cinder/volume/drivers/hitachi/hnas_nfs.py
+++ b/cinder/volume/drivers/hitachi/hnas_nfs.py
@@ -65,7 +65,9 @@ def _xml_read(root, element, check=None):
 
     try:
         val = root.findtext(element)
-        LOG.info(_LI("%(element)s: %(val)s"), {'element': element, 'val': val})
+        LOG.info(_LI("%(element)s: %(val)s"),
+                 {'element': element,
+                  'val': val if element != 'password' else '***'})
         if val:
             return val.strip()
         if check: