Esempio n. 1
0
    def test_dictionary(self):
        payload = {'password': '******'}
        expected = {'password': '******'}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'user': '******', 'password': '******'}
        expected = {'user': '******', 'password': '******'}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'strval': 'somestring',
                   'dictval': {'user': '******', 'password': '******'}}
        expected = {'strval': 'somestring',
                    'dictval': {'user': '******', 'password': '******'}}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'strval': '--password abc',
                   'dont_change': 'this is fine',
                   'dictval': {'user': '******', 'password': b'TL0EfN33'}}
        expected = {'strval': '--password ***',
                    'dont_change': 'this is fine',
                    'dictval': {'user': '******', 'password': '******'}}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'ipmi_password': '******'}
        expected = {'ipmi_password': '******'}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))
Esempio n. 2
0
    def test_dictionary(self):
        payload = {'password': '******'}
        expected = {'password': '******'}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'user': '******', 'password': '******'}
        expected = {'user': '******', 'password': '******'}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'strval': 'somestring',
                   'dictval': {'user': '******', 'password': '******'}}
        expected = {'strval': 'somestring',
                    'dictval': {'user': '******', 'password': '******'}}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'strval': '--password abc',
                   'dont_change': 'this is fine',
                   'dictval': {'user': '******', 'password': b'TL0EfN33'}}
        expected = {'strval': '--password ***',
                    'dont_change': 'this is fine',
                    'dictval': {'user': '******', 'password': '******'}}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'ipmi_password': '******'}
        expected = {'ipmi_password': '******'}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))
Esempio n. 3
0
    def test_dictionary(self):
        payload = {'password': '******'}
        expected = {'password': '******'}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'user': '******', 'password': '******'}
        expected = {'user': '******', 'password': '******'}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'strval': 'somestring',
                   'dictval': {'user': '******', 'password': '******'}}
        expected = {'strval': 'somestring',
                    'dictval': {'user': '******', 'password': '******'}}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'strval': '--password abc',
                   'dont_change': 'this is fine',
                   'dictval': {'user': '******', 'password': b'mypassword'}}
        expected = {'strval': '--password ***',
                    'dont_change': 'this is fine',
                    'dictval': {'user': '******', 'password': '******'}}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))
Esempio n. 4
0
    def attach_volume(self, connection_info, instance_name,
                      disk_bus=constants.CTRL_TYPE_SCSI):
        tries_left = CONF.hyperv.volume_attach_retry_count + 1

        while tries_left:
            try:
                self._attach_volume(connection_info,
                                    instance_name,
                                    disk_bus)
                break
            except Exception as ex:
                tries_left -= 1
                if not tries_left:
                    LOG.exception(
                        _("Failed to attach volume %(connection_info)s "
                          "to instance %(instance_name)s. "),
                        {'connection_info':
                            strutils.mask_dict_password(connection_info),
                         'instance_name': instance_name})

                    self.disconnect_volume(connection_info)
                    raise exception.VolumeAttachFailed(
                        volume_id=connection_info['serial'],
                        reason=ex)
                else:
                    LOG.warning(
                        "Failed to attach volume %(connection_info)s "
                        "to instance %(instance_name)s. "
                        "Tries left: %(tries_left)s.",
                        {'connection_info': strutils.mask_dict_password(
                             connection_info),
                         'instance_name': instance_name,
                         'tries_left': tries_left})

                    time.sleep(CONF.hyperv.volume_attach_retry_interval)
Esempio n. 5
0
 def as_dict(self, secure=False):
     d = super(Node, self).as_dict()
     if secure:
         d['driver_info'] = strutils.mask_dict_password(
             d.get('driver_info', {}), "******")
         d['instance_info'] = strutils.mask_dict_password(
             d.get('instance_info', {}), "******")
     return d
Esempio n. 6
0
    def test_do_no_harm(self):
        payload = {}
        expected = {}
        self.assertEqual(expected, strutils.mask_dict_password(payload))

        payload = {'somekey': 'somevalue', 'anotherkey': 'anothervalue'}
        expected = {'somekey': 'somevalue', 'anotherkey': 'anothervalue'}
        self.assertEqual(expected, strutils.mask_dict_password(payload))
Esempio n. 7
0
    def test_do_no_harm(self):
        payload = {}
        expected = {}
        self.assertEqual(expected, strutils.mask_dict_password(payload))

        payload = {"somekey": "somevalue", "anotherkey": "anothervalue"}
        expected = {"somekey": "somevalue", "anotherkey": "anothervalue"}
        self.assertEqual(expected, strutils.mask_dict_password(payload))
Esempio n. 8
0
 def as_dict(self, secure=False):
     d = super(Node, self).as_dict()
     if secure:
         d['driver_info'] = strutils.mask_dict_password(
             d.get('driver_info', {}), "******")
         d['instance_info'] = strutils.mask_dict_password(
             d.get('instance_info', {}), "******")
     return d
Esempio n. 9
0
 def test_argument_untouched(self):
     """Make sure that the argument passed in is not modified"""
     payload = {'password': '******', 'bool': True,
                'dict': {'cat': 'meow', 'password': "******"},
                'float': 0.1, 'int': 123, 'list': [1, 2], 'none': None,
                'str': 'foo'}
     pristine = copy.deepcopy(payload)
     # Send the payload into the function, to see if it gets modified
     strutils.mask_dict_password(payload)
     self.assertEqual(pristine, payload)
Esempio n. 10
0
 def test_argument_untouched(self):
     """Make sure that the argument passed in is not modified"""
     payload = {'password': '******', 'bool': True,
                'dict': {'cat': 'meow', 'password': "******"},
                'float': 0.1, 'int': 123, 'list': [1, 2], 'none': None,
                'str': 'foo'}
     pristine = copy.deepcopy(payload)
     # Send the payload into the function, to see if it gets modified
     strutils.mask_dict_password(payload)
     self.assertEqual(pristine, payload)
Esempio n. 11
0
def mask_secrets(payload):
    """Remove secrets from payload object."""
    mask = '******'
    if hasattr(payload, 'instance_info'):
        payload.instance_info = strutils.mask_dict_password(
            payload.instance_info, mask)
        if 'image_url' in payload.instance_info:
            payload.instance_info['image_url'] = mask
    if hasattr(payload, 'driver_info'):
        payload.driver_info = strutils.mask_dict_password(
            payload.driver_info, mask)
Esempio n. 12
0
def mask_secrets(payload):
    """Remove secrets from payload object."""
    mask = '******'
    if hasattr(payload, 'instance_info'):
        payload.instance_info = strutils.mask_dict_password(
            payload.instance_info, mask)
        if 'image_url' in payload.instance_info:
            payload.instance_info['image_url'] = mask
    if hasattr(payload, 'driver_info'):
        payload.driver_info = strutils.mask_dict_password(
            payload.driver_info, mask)
Esempio n. 13
0
    def test_do_no_harm(self):
        payload = {}
        expected = {}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))

        payload = {'somekey': 'somevalue',
                   'anotherkey': 'anothervalue'}
        expected = {'somekey': 'somevalue',
                    'anotherkey': 'anothervalue'}
        self.assertEqual(expected,
                         strutils.mask_dict_password(payload))
Esempio n. 14
0
 def as_dict(self, secure=False, mask_configdrive=True):
     d = super(Node, self).as_dict()
     if secure:
         d['driver_info'] = strutils.mask_dict_password(
             d.get('driver_info', {}), "******")
         iinfo = d.pop('instance_info', {})
         configdrive = iinfo.pop('configdrive', None)
         d['instance_info'] = strutils.mask_dict_password(iinfo, "******")
         if configdrive is not None:
             d['instance_info']['configdrive'] = (
                 "******" if mask_configdrive else configdrive)
         d['driver_internal_info'] = strutils.mask_dict_password(
             d.get('driver_internal_info', {}), "******")
     return d
Esempio n. 15
0
    def _handle_requests(self, func, name, params):
        """Convert arguments and call a method.

        :param func: Callable object.
        :param name: RPC call name for logging.
        :param params: Keyword arguments.
        :return: call result as JSON.
        """
        # TODO(dtantsur): server-side version check?
        params.pop('rpc.version', None)
        logged_params = strutils.mask_dict_password(params)

        try:
            context = params.pop('context')
        except KeyError:
            context = None
        else:
            # A valid context is required for deserialization
            if not isinstance(context, dict):
                raise InvalidParams(
                    _("Context must be a dictionary, if provided"))

            context = ir_context.RequestContext.from_dict(context)
            params = {
                key: self.serializer.deserialize_entity(context, value)
                for key, value in params.items()
            }
            params['context'] = context

        LOG.debug('RPC %s with %s', name, logged_params)
        try:
            result = func(**params)
        # FIXME(dtantsur): we could use the inspect module, but
        # oslo_messaging.expected_exceptions messes up signatures.
        except TypeError as exc:
            raise InvalidParams(params=', '.join(params),
                                method=name,
                                error=exc)

        if context is not None:
            # Currently it seems that we can serialize even with invalid
            # context, but I'm not sure it's guaranteed to be the case.
            result = self.serializer.serialize_entity(context, result)
        LOG.debug(
            'RPC %s returned %s', name,
            strutils.mask_dict_password(result)
            if isinstance(result, dict) else result)
        return result
Esempio n. 16
0
 def test_nested_non_dict(self):
     expected = {'nested': {'password': '******',
                            'foo': 'bar',
                            }
                 }
     payload = NestedMapping()
     self.assertEqual(expected, strutils.mask_dict_password(payload))
Esempio n. 17
0
 def test_other_non_str_values(self):
     payload = {
         'password': '******',
         'bool': True,
         'dict': {
             'cat': 'meow',
             'password': "******"
         },
         'float': 0.1,
         'int': 123,
         'list': [1, 2],
         'none': None,
         'str': 'foo'
     }
     expected = {
         'password': '******',
         'bool': True,
         'dict': {
             'cat': 'meow',
             'password': '******'
         },
         'float': 0.1,
         'int': 123,
         'list': [1, 2],
         'none': None,
         'str': 'foo'
     }
     self.assertEqual(expected, strutils.mask_dict_password(payload))
Esempio n. 18
0
 def test_non_dict(self):
     expected = {
         'password': '******',
         'foo': 'bar',
     }
     payload = TestMapping()
     self.assertEqual(expected, strutils.mask_dict_password(payload))
Esempio n. 19
0
    def data(self):
        values = {}

        for configItem in self.configuration_items:
            key = configItem.configuration_key
            value = configItem.configuration_value
            values[key] = value
        configuration_dict = {
            "id":
            self.configuration.id,
            "name":
            self.configuration.name,
            "description":
            self.configuration.description,
            "values":
            strutils.mask_dict_password(values),
            "created":
            self.configuration.created,
            "updated":
            self.configuration.updated,
            "instance_count":
            getattr(self.configuration, "instance_count", 0),
            "datastore_name":
            self.configuration.datastore.name,
            "datastore_version_id":
            self.configuration.datastore_version_id,
            "datastore_version_name":
            self.configuration.datastore_version.name,
            "datastore_version_number":
            self.configuration.datastore_version.version
        }

        return {"configuration": configuration_dict}
Esempio n. 20
0
    def get_iscsi_dict(self, device_info, volume):
        """Populate iscsi dict to pass to nova.

        :param device_info: device info dict
        :param volume: volume object
        :returns: iscsi dict
        """
        metro_ip_iqn, metro_host_lun = None, None
        try:
            ip_and_iqn = device_info['ip_and_iqn']
            is_multipath = device_info['is_multipath']
            host_lun_id = device_info['hostlunid']
        except KeyError as e:
            exception_message = (_("Cannot get iSCSI ipaddresses, multipath "
                                   "flag, or hostlunid. Exception is %(e)s.")
                                 % {'e': six.text_type(e)})
            raise exception.VolumeBackendAPIException(
                message=exception_message)

        if device_info.get('metro_ip_and_iqn'):
            LOG.debug("Volume is Metro device...")
            metro_ip_iqn = device_info['metro_ip_and_iqn']
            metro_host_lun = device_info['metro_hostlunid']

        iscsi_properties = self.vmax_get_iscsi_properties(
            volume, ip_and_iqn, is_multipath, host_lun_id,
            metro_ip_iqn, metro_host_lun)

        LOG.info("iSCSI properties are: %(props)s",
                 {'props': strutils.mask_dict_password(iscsi_properties)})
        return {'driver_volume_type': 'iscsi',
                'data': iscsi_properties}
Esempio n. 21
0
def sanitize_secrets(content, mask="****"):
    """Extends oslo_utils strutils to make mask passwords more robust."""

    def mask_dict_password(dictionary, secret="***"):
        """Overriding strutils.mask_dict_password.

        Overriding mask_dict_password to accept CaseInsenstiveDict as well.
        """
        out = deepcopy(dictionary)

        for k, v in dictionary.items():
            if is_dict(v):
                out[k] = mask_dict_password(v, secret=secret)
                continue
            for sani_key in strutils._SANITIZE_KEYS:
                if sani_key in k:
                    out[k] = secret
                    break
            else:
                if isinstance(v, six.string_types):
                    out[k] = strutils.mask_password(v, secret=secret)
        return out

    strutils.mask_dict_password = mask_dict_password
    if is_dict(content):
        return strutils.mask_dict_password(content, mask)
    if is_string(content):
        return strutils.mask_password(content, mask)
Esempio n. 22
0
    def get_iscsi_dict(self, device_info, volume):
        """Populate iscsi dict to pass to nova.

        :param device_info: device info dict
        :param volume: volume object
        :returns: iscsi dict
        """
        metro_ip_iqn, metro_host_lun = None, None
        try:
            ip_and_iqn = device_info['ip_and_iqn']
            is_multipath = device_info['is_multipath']
            host_lun_id = device_info['hostlunid']
        except KeyError as e:
            exception_message = (_("Cannot get iSCSI ipaddresses, multipath "
                                   "flag, or hostlunid. Exception is %(e)s.") %
                                 {
                                     'e': six.text_type(e)
                                 })
            raise exception.VolumeBackendAPIException(
                message=exception_message)

        if device_info.get('metro_ip_and_iqn'):
            LOG.debug("Volume is Metro device...")
            metro_ip_iqn = device_info['metro_ip_and_iqn']
            metro_host_lun = device_info['metro_hostlunid']

        iscsi_properties = self.vmax_get_iscsi_properties(
            volume, ip_and_iqn, is_multipath, host_lun_id, metro_ip_iqn,
            metro_host_lun)

        LOG.info("iSCSI properties are: %(props)s",
                 {'props': strutils.mask_dict_password(iscsi_properties)})
        return {'driver_volume_type': 'iscsi', 'data': iscsi_properties}
Esempio n. 23
0
def mask_data(obj):
    if isinstance(obj, dict):
        return mask_dict_password(obj)
    elif isinstance(obj, list):
        return [mask_data(i) for i in obj]
    else:
        return mask_password(obj)
Esempio n. 24
0
 def save(self):
     if not self.is_valid():
         raise exception.InvalidModelError(errors=self.errors)
     self['updated'] = utils.utcnow()
     LOG.debug("Saving %(name)s: %(dict)s" %
               {'name': self.__class__.__name__,
                'dict': strutils.mask_dict_password(self.__dict__)})
     return self.db_api.save(self)
Esempio n. 25
0
 def save(self):
     if not self.is_valid():
         raise exception.InvalidModelError(errors=self.errors)
     self['updated'] = timeutils.utcnow()
     LOG.debug("Saving %(name)s: %(dict)s",
               {'name': self.__class__.__name__,
                'dict': strutils.mask_dict_password(self.__dict__)})
     return self.db_api.save(self)
Esempio n. 26
0
def mask_password(cmd):
    """Return a string in which the password is masked."""
    if len(cmd) > 3 and cmd[0] == 'raidcom' and cmd[1] == '-login':
        tmp = list(cmd)
        tmp[3] = strutils.mask_dict_password({'password': ''}).get('password')
    else:
        tmp = cmd
    return ' '.join([six.text_type(c) for c in tmp])
Esempio n. 27
0
def mask_password(cmd):
    """Return a string in which the password is masked."""
    if len(cmd) > 3 and cmd[0] == 'raidcom' and cmd[1] == '-login':
        tmp = list(cmd)
        tmp[3] = strutils.mask_dict_password({'password': ''}).get('password')
    else:
        tmp = cmd
    return ' '.join([six.text_type(c) for c in tmp])
Esempio n. 28
0
        def trace_logging_wrapper(*args, **kwargs):
            filter_function = dec_kwargs.get('filter_function')

            if len(args) > 0:
                maybe_self = args[0]
            else:
                maybe_self = kwargs.get('self', None)

            if maybe_self and hasattr(maybe_self, '__module__'):
                logger = logging.getLogger(maybe_self.__module__)
            else:
                logger = LOG

            # NOTE(ameade): Don't bother going any further if DEBUG log level
            # is not enabled for the logger.
            if not logger.isEnabledFor(py_logging.DEBUG):
                return f(*args, **kwargs)

            all_args = inspect.getcallargs(f, *args, **kwargs)

            pass_filter = filter_function is None or filter_function(all_args)

            if pass_filter:
                logger.debug(
                    '==> %(func)s: call %(all_args)r', {
                        'func': func_name,
                        'all_args': strutils.mask_password(
                            six.text_type(all_args))
                    })

            start_time = time.time() * 1000
            try:
                result = f(*args, **kwargs)
            except Exception as exc:
                total_time = int(round(time.time() * 1000)) - start_time
                logger.debug('<== %(func)s: exception (%(time)dms) %(exc)r', {
                    'func': func_name,
                    'time': total_time,
                    'exc': exc
                })
                raise
            total_time = int(round(time.time() * 1000)) - start_time

            if isinstance(result, dict):
                mask_result = strutils.mask_dict_password(result)
            elif isinstance(result, six.string_types):
                mask_result = strutils.mask_password(result)
            else:
                mask_result = result

            if pass_filter:
                logger.debug('<== %(func)s: return (%(time)dms) %(result)r', {
                    'func': func_name,
                    'time': total_time,
                    'result': mask_result
                })
            return result
Esempio n. 29
0
 def detach_volume(self, connection_info, instance_name):
     LOG.debug("Detaching volume: %(connection_info)s "
               "from %(instance_name)s",
               {'connection_info': strutils.mask_dict_password(
                   connection_info),
                'instance_name': instance_name})
     volume_driver = self._get_volume_driver(connection_info)
     volume_driver.detach_volume(connection_info, instance_name)
     volume_driver.disconnect_volume(connection_info)
Esempio n. 30
0
    def extend_volume(self, connection_properties):
        """Update the local kernel's size information.

        Try and update the local kernel's size information
        for an iSCSI volume.
        """
        LOG.info("Extend volume for %s",
                 strutils.mask_dict_password(connection_properties))

        volume_paths = self.get_volume_paths(connection_properties)
        LOG.info("Found paths for volume %s", volume_paths)
        if volume_paths:
            return self._linuxscsi.extend_volume(volume_paths)
        else:
            LOG.warning("Couldn't find any volume paths on the host to "
                        "extend volume for %(props)s",
                        {'props': strutils.mask_dict_password(
                            connection_properties)})
            raise exception.VolumePathsNotFound()
Esempio n. 31
0
 def _make_vim_dict(self, vim_db, fields=None, mask_password=True):
     res = dict((key, vim_db[key]) for key in VIM_ATTRIBUTES)
     vim_auth_db = vim_db.vim_auth
     res['auth_url'] = vim_auth_db[0].auth_url
     res['vim_project'] = vim_auth_db[0].vim_project
     res['auth_cred'] = vim_auth_db[0].auth_cred
     res['auth_cred']['password'] = vim_auth_db[0].password
     if mask_password:
         res['auth_cred'] = strutils.mask_dict_password(res['auth_cred'])
     return self._fields(res, fields)
Esempio n. 32
0
    def extend_volume(self, connection_properties):
        """Update the local kernel's size information.

        Try and update the local kernel's size information
        for an iSCSI volume.
        """
        LOG.info("Extend volume for %s",
                 strutils.mask_dict_password(connection_properties))

        volume_paths = self.get_volume_paths(connection_properties)
        LOG.info("Found paths for volume %s", volume_paths)
        if volume_paths:
            return self._linuxscsi.extend_volume(volume_paths)
        else:
            LOG.warning(
                "Couldn't find any volume paths on the host to "
                "extend volume for %(props)s",
                {'props': strutils.mask_dict_password(connection_properties)})
            raise exception.VolumePathsNotFound()
Esempio n. 33
0
 def notify(self, ctxt, message, priority, retry):
     logger = logging.getLogger('%s.%s' % (self.LOGGER_BASE,
                                           message['event_type']))
     method = getattr(logger, priority.lower(), None)
     if method:
         method(jsonutils.dumps(strutils.mask_dict_password(message)))
     else:
         warnings.warn('Unable to log message as notify cannot find a '
                       'logger with the priority specified '
                       '%s' % priority.lower())
Esempio n. 34
0
 def _make_vim_dict(self, vim_db, fields=None, mask_password=True):
     res = dict((key, vim_db[key]) for key in VIM_ATTRIBUTES)
     vim_auth_db = vim_db.vim_auth
     res['auth_url'] = vim_auth_db[0].auth_url
     res['vim_project'] = vim_auth_db[0].vim_project
     res['auth_cred'] = vim_auth_db[0].auth_cred
     res['auth_cred']['password'] = vim_auth_db[0].password
     if mask_password:
         res['auth_cred'] = strutils.mask_dict_password(res['auth_cred'])
     return self._fields(res, fields)
Esempio n. 35
0
    def test_dictionary(self):
        payload = {'password': '******'}
        expected = {'password': '******'}
        self.assertEqual(expected, strutils.mask_dict_password(payload))

        payload = {'user': '******', 'password': '******'}
        expected = {'user': '******', 'password': '******'}
        self.assertEqual(expected, strutils.mask_dict_password(payload))

        payload = {
            'strval': 'somestring',
            'dictval': {
                'user': '******',
                'password': '******'
            }
        }
        expected = {
            'strval': 'somestring',
            'dictval': {
                'user': '******',
                'password': '******'
            }
        }
        self.assertEqual(expected, strutils.mask_dict_password(payload))

        payload = {
            'strval': '--password abc',
            'dont_change': 'this is fine',
            'dictval': {
                'user': '******',
                'password': b'mypassword'
            }
        }
        expected = {
            'strval': '--password ***',
            'dont_change': 'this is fine',
            'dictval': {
                'user': '******',
                'password': '******'
            }
        }
        self.assertEqual(expected, strutils.mask_dict_password(payload))
Esempio n. 36
0
 def test_other_non_str_values(self):
     payload = {'password': '******', 'bool': True,
                'dict': {'cat': 'meow', 'password': "******"},
                'float': 0.1, 'int': 123, 'list': [1, 2], 'none': None,
                'str': 'foo'}
     expected = {'password': '******', 'bool': True,
                 'dict': {'cat': 'meow', 'password': '******'},
                 'float': 0.1, 'int': 123, 'list': [1, 2], 'none': None,
                 'str': 'foo'}
     self.assertEqual(expected,
                      strutils.mask_dict_password(payload))
Esempio n. 37
0
    def initialize_connection(self, volume, connector):
        try:
            sys = self.client.get_cluster()
        except exception.NotFound:
            msg = _("XtremIO not initialized correctly, no clusters found")
            raise exception.VolumeBackendAPIException(data=msg)
        login_chap = (sys.get('chap-authentication-mode', 'disabled') !=
                      'disabled')
        discovery_chap = (sys.get('chap-discovery-mode', 'disabled') !=
                          'disabled')
        initiator_name = self._get_initiator_names(connector)[0]
        initiator = self.client.get_initiator(initiator_name)
        if initiator:
            login_passwd = initiator['chap-authentication-initiator-password']
            discovery_passwd = initiator['chap-discovery-initiator-password']
            ig = self._get_ig(initiator['ig-id'][XTREMIO_OID_NAME])
        else:
            ig = self._get_ig(self._get_ig_name(connector))
            if not ig:
                ig = self._create_ig(self._get_ig_name(connector))
            (login_passwd,
             discovery_passwd) = self._create_initiator(connector,
                                                        login_chap,
                                                        discovery_chap)
        # if CHAP was enabled after the initiator was created
        if login_chap and not login_passwd:
            LOG.info('Initiator has no password while using chap, adding it.')
            data = {}
            (login_passwd,
             d_passwd) = self._add_auth(data, login_chap, discovery_chap and
                                        not discovery_passwd)
            discovery_passwd = (discovery_passwd if discovery_passwd
                                else d_passwd)
            self.client.req('initiators', 'PUT', data, idx=initiator['index'])

        # lun mappping
        lunmap = self.create_lun_map(volume, ig['ig-id'][XTREMIO_OID_NAME])

        properties = self._get_iscsi_properties(lunmap)

        if login_chap:
            properties['auth_method'] = 'CHAP'
            properties['auth_username'] = '******'
            properties['auth_password'] = login_passwd
        if discovery_chap:
            properties['discovery_auth_method'] = 'CHAP'
            properties['discovery_auth_username'] = '******'
            properties['discovery_auth_password'] = discovery_passwd
        LOG.debug('init conn params:\n%s',
                  strutils.mask_dict_password(properties))
        return {
            'driver_volume_type': 'iscsi',
            'data': properties
        }
Esempio n. 38
0
 def detach_volume(self, connection_info, instance_name):
     LOG.debug(
         "Detaching volume: %(connection_info)s "
         "from %(instance_name)s", {
             'connection_info':
             strutils.mask_dict_password(connection_info),
             'instance_name': instance_name
         })
     volume_driver = self._get_volume_driver(connection_info)
     volume_driver.detach_volume(connection_info, instance_name)
     volume_driver.disconnect_volume(connection_info)
Esempio n. 39
0
    def delete(self):
        self['updated'] = timeutils.utcnow()
        LOG.debug("Deleting %(name)s: %(dict)s",
                  {'name': self.__class__.__name__,
                   'dict': strutils.mask_dict_password(self.__dict__)})

        if self.preserve_on_delete:
            self['deleted_at'] = timeutils.utcnow()
            self['deleted'] = True
            return self.db_api.save(self)
        else:
            return self.db_api.delete(self)
Esempio n. 40
0
        def trace_logging_wrapper(*args, **kwargs):
            filter_function = dec_kwargs.get('filter_function')

            if len(args) > 0:
                maybe_self = args[0]
            else:
                maybe_self = kwargs.get('self', None)

            if maybe_self and hasattr(maybe_self, '__module__'):
                logger = logging.getLogger(maybe_self.__module__)
            else:
                logger = LOG

            # NOTE(ameade): Don't bother going any further if DEBUG log level
            # is not enabled for the logger.
            if not logger.isEnabledFor(py_logging.DEBUG):
                return f(*args, **kwargs)

            all_args = inspect.getcallargs(f, *args, **kwargs)

            pass_filter = filter_function is None or filter_function(all_args)

            if pass_filter:
                logger.debug('==> %(func)s: call %(all_args)r',
                             {'func': func_name,
                              'all_args': strutils.mask_password(
                                  six.text_type(all_args))})

            start_time = time.time() * 1000
            try:
                result = f(*args, **kwargs)
            except Exception as exc:
                total_time = int(round(time.time() * 1000)) - start_time
                logger.debug('<== %(func)s: exception (%(time)dms) %(exc)r',
                             {'func': func_name,
                              'time': total_time,
                              'exc': exc})
                raise
            total_time = int(round(time.time() * 1000)) - start_time

            if isinstance(result, dict):
                mask_result = strutils.mask_dict_password(result)
            elif isinstance(result, six.string_types):
                mask_result = strutils.mask_password(result)
            else:
                mask_result = result

            if pass_filter:
                logger.debug('<== %(func)s: return (%(time)dms) %(result)r',
                             {'func': func_name,
                              'time': total_time,
                              'result': mask_result})
            return result
Esempio n. 41
0
    def delete(self):
        self['updated'] = utils.utcnow()
        LOG.debug("Deleting %(name)s: %(dict)s" %
                  {'name': self.__class__.__name__,
                   'dict': strutils.mask_dict_password(self.__dict__)})

        if self.preserve_on_delete:
            self['deleted_at'] = utils.utcnow()
            self['deleted'] = True
            return self.db_api.save(self)
        else:
            return self.db_api.delete(self)
Esempio n. 42
0
    def trace_logging_wrapper(*args, **kwargs):
        if len(args) > 0:
            maybe_self = args[0]
        else:
            maybe_self = kwargs.get('self', None)

        if maybe_self and hasattr(maybe_self, '__module__'):
            logger = logging.getLogger(maybe_self.__module__)
        else:
            logger = LOG

        # NOTE(ameade): Don't bother going any further if DEBUG log level
        # is not enabled for the logger.
        if not logger.isEnabledFor(py_logging.DEBUG):
            return f(*args, **kwargs)

        all_args = inspect.getcallargs(f, *args, **kwargs)
        logger.debug(
            '==> %(func)s: call %(all_args)r',
            {
                'func': func_name,
                # NOTE(mriedem): We have to stringify the dict first
                # and don't use mask_dict_password because it results in
                # an infinite recursion failure.
                'all_args': strutils.mask_password(str(all_args))
            })

        start_time = time.time() * 1000
        try:
            result = f(*args, **kwargs)
        except Exception as exc:
            total_time = int(round(time.time() * 1000)) - start_time
            logger.debug('<== %(func)s: exception (%(time)dms) %(exc)r', {
                'func': func_name,
                'time': total_time,
                'exc': exc
            })
            raise
        total_time = int(round(time.time() * 1000)) - start_time

        if isinstance(result, dict):
            mask_result = strutils.mask_dict_password(result)
        elif isinstance(result, str):
            mask_result = strutils.mask_password(result)
        else:
            mask_result = result

        logger.debug('<== %(func)s: return (%(time)dms) %(result)r', {
            'func': func_name,
            'time': total_time,
            'result': mask_result
        })
        return result
Esempio n. 43
0
    def test_mask_passwords(self):
        # Ensure that passwords are masked with notifications
        driver = _impl_log.LogDriver(None, None, None)
        logger = mock.MagicMock()
        logger.info = mock.MagicMock()
        message = {'password': '******', 'event_type': 'foo'}
        mask_str = jsonutils.dumps(strutils.mask_dict_password(message))

        with mock.patch.object(logging, 'getLogger') as gl:
            gl.return_value = logger
            driver.notify(None, message, 'info', 0)

        logger.info.assert_called_once_with(mask_str)
Esempio n. 44
0
    def test_mask_passwords(self):
        # Ensure that passwords are masked with notifications
        driver = _impl_log.LogDriver(None, None, None)
        logger = mock.MagicMock()
        logger.info = mock.MagicMock()
        message = {'password': '******', 'event_type': 'foo'}
        mask_str = jsonutils.dumps(strutils.mask_dict_password(message))

        with mock.patch.object(logging, 'getLogger') as gl:
            gl.return_value = logger
            driver.notify(None, message, 'info', 0)

        logger.info.assert_called_once_with(mask_str)
Esempio n. 45
0
def mask_secrets(payload):
    """Remove secrets from payload object."""
    mask = '******'

    dict_fields = ['instance_info', 'driver_info', 'driver_internal_info']
    for f in dict_fields:
        if hasattr(payload, f):
            masked = strutils.mask_dict_password(getattr(payload, f), mask)
            setattr(payload, f, masked)

    if hasattr(payload, 'instance_info'):
        if 'image_url' in payload.instance_info:
            payload.instance_info['image_url'] = mask
Esempio n. 46
0
    def attach_volume(self,
                      connection_info,
                      instance_name,
                      disk_bus=constants.CTRL_TYPE_SCSI):
        tries_left = CONF.hyperv.volume_attach_retry_count + 1

        while tries_left:
            try:
                self._attach_volume(connection_info, instance_name, disk_bus)
                break
            except Exception as ex:
                tries_left -= 1
                if not tries_left:
                    LOG.exception(
                        "Failed to attach volume %(connection_info)s "
                        "to instance %(instance_name)s.", {
                            'connection_info':
                            strutils.mask_dict_password(connection_info),
                            'instance_name':
                            instance_name
                        })

                    self.disconnect_volume(connection_info)
                    raise exception.VolumeAttachFailed(
                        volume_id=connection_info['serial'], reason=ex)
                else:
                    LOG.warning(
                        "Failed to attach volume %(connection_info)s "
                        "to instance %(instance_name)s. "
                        "Tries left: %(tries_left)s.", {
                            'connection_info':
                            strutils.mask_dict_password(connection_info),
                            'instance_name':
                            instance_name,
                            'tries_left':
                            tries_left
                        })

                    time.sleep(CONF.hyperv.volume_attach_retry_interval)
Esempio n. 47
0
    def test_dictionary(self):
        payload = {"password": "******"}
        expected = {"password": "******"}
        self.assertEqual(expected, strutils.mask_dict_password(payload))

        payload = {"user": "******", "password": "******"}
        expected = {"user": "******", "password": "******"}
        self.assertEqual(expected, strutils.mask_dict_password(payload))

        payload = {"strval": "somestring", "dictval": {"user": "******", "password": "******"}}
        expected = {"strval": "somestring", "dictval": {"user": "******", "password": "******"}}
        self.assertEqual(expected, strutils.mask_dict_password(payload))

        payload = {
            "strval": "--password abc",
            "dont_change": "this is fine",
            "dictval": {"user": "******", "password": b"mypassword"},
        }
        expected = {
            "strval": "--password ***",
            "dont_change": "this is fine",
            "dictval": {"user": "******", "password": "******"},
        }
        self.assertEqual(expected, strutils.mask_dict_password(payload))
Esempio n. 48
0
    def _attach_volume(self, connection_info, instance_name,
                       disk_bus=constants.CTRL_TYPE_SCSI):
        LOG.debug(
            "Attaching volume: %(connection_info)s to %(instance_name)s",
            {'connection_info': strutils.mask_dict_password(connection_info),
             'instance_name': instance_name})
        volume_driver = self._get_volume_driver(connection_info)
        volume_driver.attach_volume(connection_info,
                                    instance_name,
                                    disk_bus)

        qos_specs = connection_info['data'].get('qos_specs') or {}
        if qos_specs:
            volume_driver.set_disk_qos_specs(connection_info,
                                             qos_specs)
Esempio n. 49
0
    def _request(self, context, method, cast=False, version=None, **kwargs):
        """Call conductor RPC.

        Versioned objects are automatically serialized and deserialized.

        :param context: Security context.
        :param method: Method name.
        :param cast: If true, use a JSON RPC notification.
        :param version: RPC API version to use.
        :param kwargs: Keyword arguments to pass.
        :return: RPC result (if any).
        """
        params = {
            key: self.serializer.serialize_entity(context, value)
            for key, value in kwargs.items()
        }
        params['context'] = context.to_dict()

        if version is None:
            version = self.version
        if version is not None:
            _check_version(version, self.version_cap)
            params['rpc.version'] = version

        body = {
            "jsonrpc": "2.0",
            "method": method,
            "params": params,
        }
        if not cast:
            body['id'] = context.request_id or uuidutils.generate_uuid()

        LOG.debug("RPC %s with %s", method, strutils.mask_dict_password(body))
        scheme = 'http'
        if CONF.json_rpc.use_ssl:
            scheme = 'https'
        url = '%s://%s:%d' % (scheme, netutils.escape_ipv6(
            self.host), CONF.json_rpc.port)
        result = _get_session().post(url, json=body)
        LOG.debug('RPC %s returned %s', method,
                  strutils.mask_password(result.text or '<None>'))

        if not cast:
            result = result.json()
            self._handle_error(result.get('error'))
            result = self.serializer.deserialize_entity(
                context, result['result'])
            return result
Esempio n. 50
0
    def _attach_volume(self,
                       connection_info,
                       instance_name,
                       disk_bus=constants.CTRL_TYPE_SCSI):
        LOG.debug(
            "Attaching volume: %(connection_info)s to %(instance_name)s", {
                'connection_info':
                strutils.mask_dict_password(connection_info),
                'instance_name': instance_name
            })
        volume_driver = self._get_volume_driver(connection_info)
        volume_driver.attach_volume(connection_info, instance_name, disk_bus)

        qos_specs = connection_info['data'].get('qos_specs') or {}
        if qos_specs:
            volume_driver.set_disk_qos_specs(connection_info, qos_specs)
Esempio n. 51
0
def mask_dict_password(config):
    # Adds a few more filters ontop of the strutils version...
    tmp_config = strutils.mask_dict_password(config)
    if 'ssl' in tmp_config:
        for k in list(tmp_config['ssl'].keys()):
            v = tmp_config['ssl'].get(k, {})
            if v and 'contents' in v:
                v['contents'] = SECRETE
    if 'ssh' in tmp_config:
        for k in ['private_key', 'public_key']:
            if k in tmp_config['ssh']:
                tmp_config['ssh'][k] = SECRETE
    if 'stock' in tmp_config:
        for k in list(tmp_config['stock'].keys()):
            tmp_config['stock'][k] = SECRETE
    if 'google_calendar' in tmp_config:
        for k in ["credentials"]:
            tmp_config['google_calendar'][k] = SECRETE
    return tmp_config
Esempio n. 52
0
    def __call__(self, req):
        if os.path.normpath(req.path_info) == "/":
            resp = base.ec2_md_print(base.VERSIONS + ["latest"])
            req.response.body = encodeutils.to_utf8(resp)
            req.response.content_type = base.MIME_TYPE_TEXT_PLAIN
            return req.response

        # Convert webob.headers.EnvironHeaders to a dict and mask any sensitive
        # details from the logs.
        if CONF.debug:
            headers = {k: req.headers[k] for k in req.headers}
            LOG.debug('Metadata request headers: %s',
                      strutils.mask_dict_password(headers))
        if CONF.neutron.service_metadata_proxy:
            if req.headers.get('X-Metadata-Provider'):
                meta_data = self._handle_instance_id_request_from_lb(req)
            else:
                meta_data = self._handle_instance_id_request(req)
        else:
            if req.headers.get('X-Instance-ID'):
                LOG.warning(
                    "X-Instance-ID present in request headers. The "
                    "'service_metadata_proxy' option must be "
                    "enabled to process this header.")
            meta_data = self._handle_remote_ip_request(req)

        if meta_data is None:
            raise webob.exc.HTTPNotFound()

        try:
            data = meta_data.lookup(req.path_info)
        except base.InvalidMetadataPath:
            raise webob.exc.HTTPNotFound()

        if callable(data):
            return data(req, meta_data)

        resp = base.ec2_md_print(data)
        req.response.body = encodeutils.to_utf8(resp)

        req.response.content_type = meta_data.get_mimetype()
        return req.response
Esempio n. 53
0
 def test_do_an_int(self):
     payload = {}
     payload[1] = 2
     expected = payload.copy()
     self.assertEqual(expected,
                      strutils.mask_dict_password(payload))
Esempio n. 54
0
    def lookup(self, context, **kwargs):
        """Find a matching node for the agent.

        Method to be called the first time a ramdisk agent checks in. This
        can be because this is a node just entering cleaning or a node that
        rebooted for some reason. We will use the mac addresses listed in the
        kwargs to find the matching node, then return the node object to the
        agent. The agent can that use that UUID to use the node vendor
        passthru method.

        Currently, we don't handle the instance where the agent doesn't have
        a matching node (i.e. a brand new, never been in Ironic node).

        Additionally, we may pass on useful configurations to the agent, which
        it would then be responsible for applying if relevant. Today these are
        limited to heartbeat_timeout and metrics configuration.

        kwargs should have the following format::

         {
             "version": "2"
             "inventory": {
                 "interfaces": [
                     {
                         "name": "eth0",
                         "mac_address": "00:11:22:33:44:55",
                         "switch_port_descr": "port24",
                         "switch_chassis_descr": "tor1"
                     }, ...
                 ], ...
             },
             "node_uuid": "ab229209-0139-4588-bbe5-64ccec81dd6e"
         }

        The interfaces list should include a list of the non-IPMI MAC addresses
        in the form aa:bb:cc:dd:ee:ff.

        node_uuid argument is optional. If it's provided (e.g. as a result of
        inspection run before lookup), this method will just return a node and
        options.

        This method will also return the timeout for heartbeats. The driver
        will expect the agent to heartbeat before that timeout, or it will be
        considered down. This will be in a root level key called
        'heartbeat_timeout'

        :raises: NotFound if no matching node is found.
        :raises: InvalidParameterValue with unknown payload version
        """
        LOG.warning(
            _LW('Agent lookup vendor passthru is deprecated and will be '
                'removed in the Ocata release; please update your '
                'ironic-python-agent image to the Newton version'))
        LOG.debug('Agent lookup using data %s', kwargs)
        uuid = kwargs.get('node_uuid')
        if uuid:
            node = objects.Node.get_by_uuid(context, uuid)
        else:
            inventory = kwargs.get('inventory')
            interfaces = self._get_interfaces(inventory)
            mac_addresses = self._get_mac_addresses(interfaces)

            node = self._find_node_by_macs(context, mac_addresses)

        LOG.info(_LI('Initial lookup for node %s succeeded, agent is running '
                     'and waiting for commands'), node.uuid)

        ndict = node.as_dict()
        cdict = context.to_dict()
        show_driver_secrets = policy.check('show_password', cdict, cdict)
        if not show_driver_secrets:
            ndict['driver_info'] = strutils.mask_dict_password(
                ndict['driver_info'], "******")

        return {
            # heartbeat_timeout is a config, so moving it into the
            # config namespace. Instead of a separate deprecation,
            # this will die when the vendor_passthru version of
            # lookup goes away.
            'heartbeat_timeout': CONF.api.ramdisk_heartbeat_timeout,
            'node': ndict,
            'config': ramdisk.config(),
        }
Esempio n. 55
0
 def test_mask_values(self):
     payload = {"somekey": "test = cmd --password my\xe9\x80\x80pass"}
     expected = {"somekey": "test = cmd --password ***"}
     self.assertEqual(expected, strutils.mask_dict_password(payload))