Permalink
Browse files

Merge "Mask node.session.auth.password in volume.py _run_iscsiadm deb…

…ug logs"
  • Loading branch information...
2 parents 8aade96 + 5445833 commit 495214cb16a157664485fbe1afc2005db2c85a00 Jenkins committed with openstack-gerrit Jul 19, 2014
Showing with 25 additions and 2 deletions.
  1. +20 −0 nova/tests/virt/libvirt/test_volume.py
  2. +5 −2 nova/virt/libvirt/volume.py
@@ -343,6 +343,26 @@ def test_libvirt_iscsi_driver_disconnect_multipath_error(self):
['-f', 'fake-multipath-devname'],
check_exit_code=[0, 1])
+ def test_sanitize_log_run_iscsiadm(self):
+ # Tests that the parameters to the _run_iscsiadm function are sanitized
+ # for passwords when logged.
+ def fake_debug(*args, **kwargs):
+ self.assertIn('node.session.auth.password', args[0])
+ self.assertNotIn('scrubme', args[0])
+
+ libvirt_driver = volume.LibvirtISCSIVolumeDriver(self.fake_conn)
+ connection_info = self.iscsi_connection(self.vol, self.location,
+ self.iqn)
+ iscsi_properties = connection_info['data']
+ with mock.patch.object(volume.LOG, 'debug',
+ side_effect=fake_debug) as debug_mock:
+ libvirt_driver._iscsiadm_update(iscsi_properties,
+ 'node.session.auth.password',
+ 'scrubme')
+ # we don't care what the log message is, we just want to make sure
+ # our stub method is called which asserts the password is scrubbed
+ self.assertTrue(debug_mock.called)
+
def iser_connection(self, volume, location, iqn):
return {
'driver_volume_type': 'iser',
@@ -231,8 +231,11 @@ def _run_iscsiadm(self, iscsi_properties, iscsi_command, **kwargs):
'-p', iscsi_properties['target_portal'],
*iscsi_command, run_as_root=True,
check_exit_code=check_exit_code)
- LOG.debug("iscsiadm %(command)s: stdout=%(out)s stderr=%(err)s",
- {'command': iscsi_command, 'out': out, 'err': err})
+ msg = ('iscsiadm %(command)s: stdout=%(out)s stderr=%(err)s' %
+ {'command': iscsi_command, 'out': out, 'err': err})
+ # NOTE(bpokorny): iscsi_command can contain passwords so we need to
+ # sanitize the password in the message.
+ LOG.debug(logging.mask_password(msg))
return (out, err)
def _iscsiadm_update(self, iscsi_properties, property_key, property_value,

0 comments on commit 495214c

Please sign in to comment.