-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove sensitive params (VmPassword, etc) from VMWork log #8553
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #8553 +/- ##
============================================
- Coverage 30.85% 30.78% -0.07%
+ Complexity 34048 33982 -66
============================================
Files 5341 5341
Lines 374861 375048 +187
Branches 54518 54557 +39
============================================
- Hits 115659 115457 -202
- Misses 243973 244332 +359
- Partials 15229 15259 +30
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
@blueorangutan package |
@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8418 |
@blueorangutan test |
@sureshanaparti a [SL] Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
[SF] Trillian test result (tid-8922)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
code LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM , tested manually by deploying a vm with a password enabled template
Before fix
2024-01-24 10:47:34,021 DEBUG [c.c.v.VmWorkJobHandlerProxy] (Work-Job-Executor-13:ctx-2cfca443 job-66/job-67 ctx-a58c4ec9) (logid:ee57b953) Execute VM work job: com.cloud.vm.VmWorkStart{"dcId":1,"podId":1,"clusterId":1,"hostId":1,"rawParams":{"VmPassword":"rO0ABXQABmg3VDlYSw"},"userId":2,"accountId":2,"vmId":8,"handlerName":"VirtualMachineManagerImpl"}
2024-01-24 10:48:25,567 DEBUG [c.c.v.VmWorkJobHandlerProxy] (Work-Job-Executor-13:ctx-2cfca443 job-66/job-67 ctx-a58c4ec9) (logid:ee57b953) Done executing VM work job: com.cloud.vm.VmWorkStart{"dcId":1,"podId":1,"clusterId":1,"hostId":1,"rawParams":{"VmPassword":"rO0ABXQABmg3VDlYSw"},"userId":2,"accountId":2,"vmId":8,"handlerName":"VirtualMachineManagerImpl"}
After fix
2024-01-24 11:49:32,315 DEBUG [c.c.v.VmWorkJobHandlerProxy] (Work-Job-Executor-3:ctx-7971f576 job-33/job-34 ctx-ec622985) (logid:0a621004) Execute VM work job: com.cloud.vm.VmWorkStart{"accountId":2,"dcId":1,"vmId":3,"hostId":1,"handlerName":"VirtualMachineManagerImpl","clusterId":1,"userId":2,"podId":1,"rawParams":{}}
2024-01-24 11:50:23,512 DEBUG [c.c.v.VmWorkJobHandlerProxy] (Work-Job-Executor-3:ctx-7971f576 job-33/job-34 ctx-ec622985) (logid:0a621004) Done executing VM work job: com.cloud.vm.VmWorkStart{"accountId":2,"dcId":1,"vmId":3,"hostId":1,"handlerName":"VirtualMachineManagerImpl","clusterId":1,"userId":2,"podId":1,"rawParams":{}}
LGTM - let's merge for 4.19.1.0, after the freeze/4.19.0.0 GA. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CLGTM
Description
The VM's password & other details sent via VM Details Map during VmWorkStart are logged as base64 encoded strings.
This PR improves VMWork log to not include any sensitive params (VmPassword, etc).
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
Tested VM start and reboot operations, confirmed 'VmPassword' not shown in the log.
Log before changes =>
Log after changes =>
How did you try to break this feature and the system with this change?