diff options
| author | Rick Harris <rconradharris@gmail.com> | 2012-01-23 23:08:04 +0000 |
|---|---|---|
| committer | Rick Harris <rconradharris@gmail.com> | 2012-01-23 23:19:32 +0000 |
| commit | ccbc940211c348940ca9766ef60328302a080f9a (patch) | |
| tree | 387ef84b345dbbe54a0129e31ba3e3a549c15c5c | |
| parent | 9019b096e3c2eef33c08402b7775dc333521ce82 (diff) | |
| download | nova-ccbc940211c348940ca9766ef60328302a080f9a.tar.gz nova-ccbc940211c348940ca9766ef60328302a080f9a.tar.xz nova-ccbc940211c348940ca9766ef60328302a080f9a.zip | |
Remove sensitive info from rpc logging.
Fixes bug 920687
Change-Id: Ic83145adcfe73c29a85e7916f2fda48d1bb5ccea
| -rw-r--r-- | nova/rpc/common.py | 17 | ||||
| -rw-r--r-- | nova/rpc/impl_carrot.py | 2 | ||||
| -rw-r--r-- | nova/rpc/impl_kombu.py | 2 |
3 files changed, 19 insertions, 2 deletions
diff --git a/nova/rpc/common.py b/nova/rpc/common.py index 76a761f5b..dbec572ea 100644 --- a/nova/rpc/common.py +++ b/nova/rpc/common.py @@ -17,6 +17,7 @@ # License for the specific language governing permissions and limitations # under the License. +import copy from nova import exception from nova import flags @@ -102,3 +103,19 @@ class Connection(object): pool for dispatching the messages to the proxy objects. """ raise NotImplementedError() + + +def _safe_log(log_func, msg, msg_data): + """Sanitizes the msg_data field before logging.""" + SANITIZE = {'set_admin_password': ('new_pass',)} + method = msg_data['method'] + if method in SANITIZE: + msg_data = copy.deepcopy(msg_data) + args_to_sanitize = SANITIZE[method] + for arg in args_to_sanitize: + try: + msg_data['args'][arg] = "<SANITIZED>" + except KeyError: + pass + + return log_func(msg, msg_data) diff --git a/nova/rpc/impl_carrot.py b/nova/rpc/impl_carrot.py index bfd48773e..1dbec177d 100644 --- a/nova/rpc/impl_carrot.py +++ b/nova/rpc/impl_carrot.py @@ -258,7 +258,7 @@ class AdapterConsumer(Consumer): # the previous context is stored in local.store.context if hasattr(local.store, 'context'): del local.store.context - LOG.debug(_('received %s') % message_data) + rpc_common._safe_log(LOG.debug, _('received %s'), message_data) # This will be popped off in _unpack_context msg_id = message_data.get('_msg_id', None) ctxt = _unpack_context(message_data) diff --git a/nova/rpc/impl_kombu.py b/nova/rpc/impl_kombu.py index f6f0c0495..b93230f44 100644 --- a/nova/rpc/impl_kombu.py +++ b/nova/rpc/impl_kombu.py @@ -700,7 +700,7 @@ class ProxyCallback(object): # the previous context is stored in local.store.context if hasattr(local.store, 'context'): del local.store.context - LOG.debug(_('received %s') % message_data) + rpc_common._safe_log(LOG.debug, _('received %s'), message_data) ctxt = _unpack_context(message_data) method = message_data.get('method') args = message_data.get('args', {}) |