[Openstack-security] [Bug 1750074] Related fix merged to manila (stable/ocata)
Author: Dustin Schoenbrun <dschoenb at redhat.com>
Date: Wed Feb 21 17:02:31 2018 -0500
Log config options with oslo.config
This removes some custom code inherited from Cinder which was handling
the output of secret options in a bad way. This patch utilizes Oslo's
existing utilities to output the Manila configuration options securely.
Filtering will be done with the "secret=True" option flag.
Major thanks to Eric Harney for introducing this fix to Cinder.
(cherry picked from commit 3d7909deb21a1f0be4cd6eca13dc9e8d070f71e2)
(cherry picked from commit 1949b403e9feb134d0fb2b9d65271292277351ee)
(cherry picked from commit 19aeba1f63f4e864eebda61bf16a078055c79cb0)
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
Cinder logs rabbitmq password on connection log
Status in Cinder:
Status in Manila:
Status in OpenStack Security Advisory:
Cinder may log rabbitmq password on connection when DEBUG is on.
Example on cinder-scheduler.log file after enabling DEBUG:
(Password has been replaced with XXX)
2018-02-05 19:21:52.721 35 DEBUG cinder.service [req-a2dbe0dd-
14c9-4123-a69a-3623e5f0a4d7 - - - - -] transport_url :
rabbit://guest:XXX at 10.10.10.1:5672,guest:XXX at 10.10.10.2:5672,guest:XXX at 10.10.10.3:5672
In a production environment, this is pretty bad.
To manage notifications about this bug go to: