GabrielBrascher edited a comment on issue #4355: URL: https://github.com/apache/cloudstack/issues/4355#issuecomment-704208233
Connected via remote debug on the JVM I was able to check the workflow. The password for Out of band response is obfuscated at _OutOfBandManagementResponse.java#L98_; then, the workflow will make that password as input to _obfuscatePassword_ . _constructor at OutOfBandManagementResponse.java#L98_ https://github.com/apache/cloudstack/blob/1d05fead49f5c856257a741b07122f5633d2e359/api/src/main/java/org/apache/cloudstack/api/response/OutOfBandManagementResponse.java#L98 _obfuscatePassword method at AsyncJobManagerImpl.java#L478_ https://github.com/apache/cloudstack/blob/0f3f2a09370a18301db28ec3d28efe746b6437c9/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L478 The _obfuscatePassword_ method removes `"` and causes the JSON issue. Why do we log the password? Even knowing that it is obfuscated I am not sure of why we should log it. With that said, I see two solutions for this bug: 1. fix _obfuscatePassword_, or 2. remove password from Host responses and log messages. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
