From 265ad47616f1ef8d762448705a0637931e04c33a Mon Sep 17 00:00:00 2001
From: Abhishek Kekane <akekane@redhat.com>
Date: Wed, 22 Jan 2025 07:03:28 +0000
Subject: [PATCH] Remove S3 credentials from debug log

While sorting image locations using store weight, glance logs a
debug message which logs secret and access key for s3 backend.

Removing the debug log to avoid leaking of the s3 credentials.

Closes-Bug: #2095304
SecurityImpact

Change-Id: I24073c1b1e5ea92357d9a774e6c9c9cbf0980a44
(cherry picked from commit 33fa9596ebbd7ed16e2bbdba5fab2f6eeb8eb5c2)
(cherry picked from commit d1cc917a29c9d2e87b1bad51a33a8a2500eb69c6)
---
 glance/common/utils.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/glance/common/utils.py b/glance/common/utils.py
index feb2c81565..aadb976104 100644
--- a/glance/common/utils.py
+++ b/glance/common/utils.py
@@ -733,5 +733,9 @@ def get_store_weight(location):
         return store.weight if store is not None else 0
 
     sorted_locations = sorted(locations, key=get_store_weight, reverse=True)
-    LOG.debug(('Sorted locations: %s'), sorted_locations)
+    scrubbed = []
+    for loc in sorted_locations:
+        scrubbed.append({'store_name': loc["metadata"].get("store")})
+
+    LOG.debug(('Sorted locations: %s'), scrubbed)
     return sorted_locations