Barbican

Barbican debug logs database connection password

Bug #1604921 reported by Arun Kant
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Barbican
Fix Released
Low
Unassigned
Barbican newton-3 "n3"

Bug Description

This is similar to https://bugs.launchpad.net/barbican/+bug/1567500 (already released) but in different code. So adding new bug for this.

In logs we see this.

"(oslo_service.service): 2016-07-19 16:08:19,688 DEBUG cfg log_opt_values sql_connection = mysql://barbican:ukCS8uW0DTtq@m1-cp1-vip-FND-MDB-mgmt/barbican"

DEBUG level printing of config parameter should not print this which can be accomplished by setting
secret=True in https://github.com/openstack/barbican/blob/master/barbican/common/config.py#L57

Revision history for this message
Arun Kant (arukant) wrote :

As barbican does not use oslo db library that's why we need to mark this property secret in barbican code. In oslo db, this property is already marked as secret=True (https://github.com/openstack/oslo.db/blob/master/oslo_db/options.py#L36). So we need to follow similar behavior on barbican side.

Revision history for this message
Douglas Mendizábal (dougmendizabal) wrote :

I think this is Low priority since it only happens with the DEBUG setting. A wishlist fix would be to migrate to oslo.db.

Changed in barbican:
status: New → Triaged
importance: Undecided → Low
milestone: none → newton-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to barbican (master)

Reviewed: https://review.openstack.org/344993
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=2323fcf018f940754bccb3b4a1f26849e006621e
Submitter: Jenkins
Branch: master

commit 2323fcf018f940754bccb3b4a1f26849e006621e
Author: Arun Kant <email address hidden>
Date: Wed Jul 20 11:58:22 2016 -0700

    Marking database connection config property as secret.

    This is needed in barbican side as barbican is currenly not leveraging
    oslo db library which already has this property with secret=True

    Closes-Bug: #1604921

    Change-Id: I81b197ee72322684b8b696db3d6c02531fa854dd

Changed in barbican:
status: Triaged → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/barbican 3.0.0.0b3

This issue was fixed in the openstack/barbican 3.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.