This is also a problem in python-cinderclient which logs the response body:
https://github.com/openstack/python- cinderclient/blob/84346b5dba784bfeb3a53ae83d400ba264263cf6/cinderclient/apiclient/client.py#L141 ** Also affects: python-cinderclient Importance: Undecided Status: New ** Changed in: python-cinderclient Status: New => Triaged ** Changed in: python-cinderclient Importance: Undecided => High -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1685678 Title: swap volume operation may leak credentials into debug logs Status in OpenStack Compute (nova): In Progress Status in OpenStack Security Advisory: Won't Fix Bug description: The swap volume code in the compute service logs old and new volume connection_info dicts to debug here: https://github.com/openstack/nova/blob/1ad41c0b0c844b65424251dbc3399039789b064f/nova/compute/manager.py#L4930 The new connection_info comes from Cinder: https://github.com/openstack/nova/blob/1ad41c0b0c844b65424251dbc3399039789b064f/nova/compute/manager.py#L4901 That's a plain dict from the response which may contain credentials. The old connection_info comes from the nova.objects.block_device.BlockDeviceMapping object, which uses SensitiveStringField to sanitize the field's value when logged: https://github.com/openstack/nova/blob/1ad41c0b0c844b65424251dbc3399039789b064f/nova/compute/manager.py#L4904 https://github.com/openstack/oslo.versionedobjects/blob/1.23.0/oslo_versionedobjects/fields.py#L280 The new connection_info could contain credentials though, so we should mask those when logging it, even at debug level. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1685678/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
