From 15755b8e9a5f8019e8d19b709b86d582d8b6e0c2 Mon Sep 17 00:00:00 2001
From: Tiago Pasqualini <tiagop.silva@fit-tecnologia.org.br>
Date: Wed, 2 Sep 2015 14:58:03 -0300
Subject: [PATCH] Fix HDS HNAS driver logging password as plain text

HDS HNAS driver logs every command that is sent to HNAS. Some
commands need the HNAS password, so the driver ends up logging
this password as plain text. This patch changes these commands
syntax so that oslo_utils.strutils.mask_password can successfully
mask this password.

Change-Id: I720701d8ee2b944ad498917f668160894f1f07cc
Closes-Bug: #1491524
---
 cinder/volume/drivers/hitachi/hnas_backend.py | 2 +-
 cinder/volume/drivers/hitachi/hnas_iscsi.py   | 4 +++-
 cinder/volume/drivers/hitachi/hnas_nfs.py     | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/cinder/volume/drivers/hitachi/hnas_backend.py b/cinder/volume/drivers/hitachi/hnas_backend.py
index f53466d8c..a0374549b 100644
--- a/cinder/volume/drivers/hitachi/hnas_backend.py
+++ b/cinder/volume/drivers/hitachi/hnas_backend.py
@@ -56,7 +56,7 @@ class HnasBackend(object):
 
         if self.drv_configs['ssh_enabled'] != 'True':
             # Direct connection via ssc
-            args = (cmd, '-u', user, '-p', pw, ip0) + args
+            args = (cmd, '--user', user, '--password', pw, ip0) + args
 
             try:
                 out, err = utils.execute(*args, **kwargs)
diff --git a/cinder/volume/drivers/hitachi/hnas_iscsi.py b/cinder/volume/drivers/hitachi/hnas_iscsi.py
index bc8cfb6f0..158b87c78 100644
--- a/cinder/volume/drivers/hitachi/hnas_iscsi.py
+++ b/cinder/volume/drivers/hitachi/hnas_iscsi.py
@@ -77,7 +77,9 @@ def _xml_read(root, element, check=None):
 
     try:
         val = root.findtext(element)
-        LOG.info(_LI("%(element)s: %(val)s"), {'element': element, 'val': val})
+        LOG.info(_LI("%(element)s: %(val)s"),
+                 {'element': element,
+                  'val': val if element != 'password' else '***'})
         if val:
             return val.strip()
         if check:
diff --git a/cinder/volume/drivers/hitachi/hnas_nfs.py b/cinder/volume/drivers/hitachi/hnas_nfs.py
index 55daa86c4..c87f9127a 100644
--- a/cinder/volume/drivers/hitachi/hnas_nfs.py
+++ b/cinder/volume/drivers/hitachi/hnas_nfs.py
@@ -65,7 +65,9 @@ def _xml_read(root, element, check=None):
 
     try:
         val = root.findtext(element)
-        LOG.info(_LI("%(element)s: %(val)s"), {'element': element, 'val': val})
+        LOG.info(_LI("%(element)s: %(val)s"),
+                 {'element': element,
+                  'val': val if element != 'password' else '***'})
         if val:
             return val.strip()
         if check:
-- 
2.45.2