Use $log.log_hashes to filter out sensitive data. #14878
Conversation
|
Checked commit lfu@e9f0154 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 |
| _log.info("Override with new options: #{add_options}") unless add_options.blank? | ||
| unless add_options.blank? | ||
| _log.info("Override with new options:") | ||
| $log.log_hashes(add_options) |
There was a problem hiding this comment.
Feel strange we have to mix the use of _log and $log. Can we make _log to support #log_hashes?
There was a problem hiding this comment.
That is how it is being used:
manageiq/app/models/miq_worker/runner.rb
Line 296 in 16c4345
There was a problem hiding this comment.
Honestly I don't know why we want any log header (with or without the prefix).
There was a problem hiding this comment.
The prefix used when logging is called for within log_hashes would be "log_hashes" and not our method, correct? That would not be useful.
There was a problem hiding this comment.
The messages with $log:
[----] I, [2017-04-26T17:51:43.127878 #24613:3fc68885e204] INFO -- : MIQ(ServiceAnsiblePlaybook#preprocess) Override with new options:
[----] I, [2017-04-26T17:51:43.128251 #24613:3fc68885e204] INFO -- : :password: [FILTERED]
[----] I, [2017-04-26T17:51:43.128286 #24613:3fc68885e204] INFO -- : :name: test
[----] I, [2017-04-26T17:51:43.128332 #24613:3fc68885e204] INFO -- : :location: mahwah
[----] I, [2017-04-26T17:51:43.128351 #24613:3fc68885e204] INFO -- : :phone: [FILTERED]
[----] I, [2017-04-26T17:51:43.128370 #24613:3fc68885e204] INFO -- : :my_password_2:
When with _log:
[----] I, [2017-04-26T17:53:50.717718 #24613:3fc68885e204] INFO -- : MIQ(ServiceAnsiblePlaybook#preprocess) Override with new options:
[----] I, [2017-04-26T17:53:50.718242 #24613:3fc68885e204] INFO -- : MIQ(ServiceAnsiblePlaybook#log_hashes) :password: [FILTERED]
[----] I, [2017-04-26T17:53:50.718285 #24613:3fc68885e204] INFO -- : MIQ(ServiceAnsiblePlaybook#log_hashes) :name: test
[----] I, [2017-04-26T17:53:50.718313 #24613:3fc68885e204] INFO -- : MIQ(ServiceAnsiblePlaybook#log_hashes) :location: mahwah
[----] I, [2017-04-26T17:53:50.718343 #24613:3fc68885e204] INFO -- : MIQ(ServiceAnsiblePlaybook#log_hashes) :phone: [FILTERED]
[----] I, [2017-04-26T17:53:50.718369 #24613:3fc68885e204] INFO -- : MIQ(ServiceAnsiblePlaybook#log_hashes) :my_password_2:
[----] I, [2017-04-26T17:53:50.718397 #24613:3fc68885e204] INFO -- : MIQ(ServiceAnsiblePlaybook#log_hashes) :host: localhost
There was a problem hiding this comment.
I would agree that it makes sense as is. No need to include the header from within log_hashes.
@bzwei You good with the current changes?
There was a problem hiding this comment.
I agree a header with log_hashes is not helpful. So let's stick with the mixture of both types of logger for now.
|
@lfu Is there a BZ for this? Can you please create if it doesn't exist? |
Use $log.log_hashes to filter out sensitive data. (cherry picked from commit 6973bda) https://bugzilla.redhat.com/show_bug.cgi?id=1458434
|
Fine backport details: |
Use $log.log_hashes to filter out sensitive data.
Depends on #manageiq-gems-pending/pull/135.
https://bugzilla.redhat.com/show_bug.cgi?id=1458381
@miq-bot assign @gmcculloug
@miq-bot add_label fine/yes