@Tristan, per comment 4, yeah it can fail on attach and be logged here at ERROR level:
https://github.com/openstack/nova/blob/12.0.0/nova/virt/block_device.py#L259 ** Changed in: nova/juno Status: New => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1516765 Title: xenapi: volume_utils._parse_volume_info can leak connection password via StorageError Status in OpenStack Compute (nova): Fix Committed Status in OpenStack Compute (nova) juno series: Won't Fix Status in OpenStack Compute (nova) kilo series: In Progress Status in OpenStack Compute (nova) liberty series: Fix Committed Status in OpenStack Compute (nova) mitaka series: Fix Committed Status in OpenStack Security Advisory: Confirmed Bug description: This code dumps the connection_info dict into the StorageError message: https://github.com/openstack/nova/blob/12.0.0/nova/virt/xenapi/volume_utils.py#L85-L87 As can be seen a few lines later, auth_password can be in that dict: https://github.com/openstack/nova/blob/12.0.0/nova/virt/xenapi/volume_utils.py#L96 So the password would be leaked into the error message that's raised up. This could eventually get back to the logs or a user if not handled properly. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1516765/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
