| 2023-10-04 17:45:19 |
Rajat Dhasmana |
description |
When debug log is enabled, the IBM Storwize SVC driver logs the chap secret when executing the chhost command[1].
This is logged in oslo.concurrency[2].
The problem here seems to be that the chapsecret key is not in the list of sanitize keys in mask_password method of oslo utils[3]
DEBUG oslo_concurrency.processutils [] Running cmd (SSH): svctask chhost -chapsecret <secret> <host> ssh_execute /usr/lib/python3.9/site-packages/oslo_concurrency/processutils.py:542
[1] https://opendev.org/openstack/cinder/src/commit/95630360b2091409dc35eebd86d51d9aad2ab0fc/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_common.py#L314
[2] https://opendev.org/openstack/oslo.concurrency/src/commit/774f604c16b47ad4ce47e6390ec30f9fc8f30c67/oslo_concurrency/processutils.py#L542
[3] |
When debug log is enabled, the IBM Storwize SVC driver logs the chap secret when executing the chhost command[1].
This is logged in oslo.concurrency[2].
The problem here seems to be that the chapsecret key is not in the list of sanitize keys in mask_password method of oslo utils[3]
DEBUG oslo_concurrency.processutils [] Running cmd (SSH): svctask chhost -chapsecret <secret> <host> ssh_execute /usr/lib/python3.9/site-packages/oslo_concurrency/processutils.py:542
[1] https://opendev.org/openstack/cinder/src/commit/95630360b2091409dc35eebd86d51d9aad2ab0fc/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_common.py#L314
[2] https://opendev.org/openstack/oslo.concurrency/src/commit/774f604c16b47ad4ce47e6390ec30f9fc8f30c67/oslo_concurrency/processutils.py#L542
[3] https://opendev.org/openstack/oslo.utils/src/commit/a122f5c065c346c9ca2218a9131a2a352e6b380f/oslo_utils/strutils.py#L69-L79 |
|
