[release-4.9] Bug 2009849: Avoid logging BMC password when creds change #183
Commits on Oct 1, 2021
-
Avoid logging BMC password when creds change
Since b8dba2c we use the nodeUpdater with its built-in logging to update the ironic node when the credentials change. This inadvertantly meant the BMC credentials will be logged in this case (which is very rare; credentials don't often change). To prevent this, sanitise new values as they are being logged. Ironic does not return existing values for passwords, so there is no danger of them being logged through that route. Currently password fields are only redacted if they are set as part of a map; in practice this will be safe for the foreseeable future as the bmc credentials are always set through a map returned from the driver and not individually. (cherry picked from commit a08d0b6)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.