Remove S3 credentials from debug log

konan-abhi · konan-abhi · commit 265ad47616f1 · 2025-02-10T06:23:48.000Z
While sorting image locations using store weight, glance logs a debug message which logs secret and access key for s3 backend. Removing the debug log to avoid leaking of the s3 credentials. Closes-Bug: #2095304 SecurityImpact Change-Id: I24073c1b1e5ea92357d9a774e6c9c9cbf0980a44 (cherry picked from commit 33fa959) (cherry picked from commit d1cc917)
diff --git a/glance/common/utils.py b/glance/common/utils.py
@@ -733,5 +733,9 @@ def get_store_weight(location):
         return store.weight if store is not None else 0
 
     sorted_locations = sorted(locations, key=get_store_weight, reverse=True)
-    LOG.debug(('Sorted locations: %s'), sorted_locations)
+    scrubbed = []
+    for loc in sorted_locations:
+        scrubbed.append({'store_name': loc["metadata"].get("store")})
+
+    LOG.debug(('Sorted locations: %s'), scrubbed)
     return sorted_locations
