From: Tiago Pasqualini <tiagop.silva@fit-tecnologia.org.br>
Date: Wed, 2 Sep 2015 17:58:03 +0000 (-0300)
Subject: Fix HDS HNAS driver logging password as plain text
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=15755b8e9a5f8019e8d19b709b86d582d8b6e0c2;p=openstack-build%2Fcinder-build.git

Fix HDS HNAS driver logging password as plain text

HDS HNAS driver logs every command that is sent to HNAS. Some
commands need the HNAS password, so the driver ends up logging
this password as plain text. This patch changes these commands
syntax so that oslo_utils.strutils.mask_password can successfully
mask this password.

Change-Id: I720701d8ee2b944ad498917f668160894f1f07cc
Closes-Bug: #1491524
---

diff --git a/cinder/volume/drivers/hitachi/hnas_backend.py b/cinder/volume/drivers/hitachi/hnas_backend.py
index f53466d8c..a0374549b 100644
--- a/cinder/volume/drivers/hitachi/hnas_backend.py
+++ b/cinder/volume/drivers/hitachi/hnas_backend.py
@@ -56,7 +56,7 @@ class HnasBackend(object):
 
         if self.drv_configs['ssh_enabled'] != 'True':
             # Direct connection via ssc
-            args = (cmd, '-u', user, '-p', pw, ip0) + args
+            args = (cmd, '--user', user, '--password', pw, ip0) + args
 
             try:
                 out, err = utils.execute(*args, **kwargs)
diff --git a/cinder/volume/drivers/hitachi/hnas_iscsi.py b/cinder/volume/drivers/hitachi/hnas_iscsi.py
index bc8cfb6f0..158b87c78 100644
--- a/cinder/volume/drivers/hitachi/hnas_iscsi.py
+++ b/cinder/volume/drivers/hitachi/hnas_iscsi.py
@@ -77,7 +77,9 @@ def _xml_read(root, element, check=None):
 
     try:
         val = root.findtext(element)
-        LOG.info(_LI("%(element)s: %(val)s"), {'element': element, 'val': val})
+        LOG.info(_LI("%(element)s: %(val)s"),
+                 {'element': element,
+                  'val': val if element != 'password' else '***'})
         if val:
             return val.strip()
         if check:
diff --git a/cinder/volume/drivers/hitachi/hnas_nfs.py b/cinder/volume/drivers/hitachi/hnas_nfs.py
index 55daa86c4..c87f9127a 100644
--- a/cinder/volume/drivers/hitachi/hnas_nfs.py
+++ b/cinder/volume/drivers/hitachi/hnas_nfs.py
@@ -65,7 +65,9 @@ def _xml_read(root, element, check=None):
 
     try:
         val = root.findtext(element)
-        LOG.info(_LI("%(element)s: %(val)s"), {'element': element, 'val': val})
+        LOG.info(_LI("%(element)s: %(val)s"),
+                 {'element': element,
+                  'val': val if element != 'password' else '***'})
         if val:
             return val.strip()
         if check: