Reviewed: https://review.openstack.org/546786 Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=3d7909deb21a1f0be4cd6eca13dc9e8d070f71e2 Submitter: Zuul Branch: master commit 3d7909deb21a1f0be4cd6eca13dc9e8d070f71e2 Author: Dustin Schoenbrun <dschoenb at redhat.com> Date: Wed Feb 21 17:02:31 2018 -0500 Log config options with oslo.config This removes some custom code inherited from Cinder which was handling the output of secret options in a bad way. This patch utilizes Oslo's existing utilities to output the Manila configuration options securely. Filtering will be done with the "secret=True" option flag. Major thanks to Eric Harney for introducing this fix to Cinder. Change-Id: I894e011680661c0b73b9592f70a6457e403f18c6 Related-Bug: #1750074 -- You received this bug notification because you are a member of OpenStack Security SIG, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1750074 Title: Cinder logs rabbitmq password on connection log Status in Cinder: Fix Released Status in Manila: Fix Released Status in OpenStack Security Advisory: Won't Fix Bug description: Cinder may log rabbitmq password on connection when DEBUG is on. Example on cinder-scheduler.log file after enabling DEBUG: (Password has been replaced with XXX) 2018-02-05 19:21:52.721 35 DEBUG cinder.service [req-a2dbe0dd- 14c9-4123-a69a-3623e5f0a4d7 - - - - -] transport_url : rabbit://guest:XXX@10.10.10.1:5672,guest:XXX@10.10.10.2:5672,guest:XXX@10.10.10.3:5672 wait /usr/lib/python2.7/site-packages/cinder/service.py:611 In a production environment, this is pretty bad. To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1750074/+subscriptions