Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Sanitize the rbd file cmd parameter logs during qemu-img convert (through Script)#11801

Merged
DaanHoogland merged 1 commit intoapache:4.20apache/cloudstack:4.20from
shapeblue:sanitize-rbd-convert-cmdshapeblue/cloudstack:sanitize-rbd-convert-cmdCopy head branch name to clipboard
Oct 8, 2025
Merged

Sanitize the rbd file cmd parameter logs during qemu-img convert (through Script)#11801
DaanHoogland merged 1 commit intoapache:4.20apache/cloudstack:4.20from
shapeblue:sanitize-rbd-convert-cmdshapeblue/cloudstack:sanitize-rbd-convert-cmdCopy head branch name to clipboard

Conversation

@sureshanaparti
Copy link
Contributor

@sureshanaparti sureshanaparti commented Oct 7, 2025
edited
Loading

Description

This PR sanitises the rbd file cmd parameter logs during qemu-img convert (through Script).

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • Build/CI
  • Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Verified logs using deploy instance and migrate volume on ceph/rbd storage.

2025-10-08 08:53:16,375 DEBUG [utils.script.Script] (AgentRequest-Handler-3:[]) (logid:) Executing command [qemu-img convert -O raw -U --image-opts driver=qcow2,file.filename=/mnt/36a52cb4-35af-3fa2-8c7f-5bde0254737e/0c364cce-8288-3a92-9234-4ffde372aec7.qcow2 rbd:cloudstack/a31a9020-a406-11f0-b615-1e00b300036f:mon_host=10.0.33.201:auth_supported=cephx:id=cloudstack:key=******:rbd_default_format=2:client_mount_timeout=30 ].
2025-10-08 08:55:12,502 DEBUG [utils.script.Script] (AgentRequest-Handler-3:[]) (logid:) Successfully executed process [30511] for command [qemu-img convert -O raw -U --image-opts driver=qcow2,file.filename=/mnt/36a52cb4-35af-3fa2-8c7f-5bde0254737e/0c364cce-8288-3a92-9234-4ffde372aec7.qcow2 rbd:cloudstack/a31a9020-a406-11f0-b615-1e00b300036f:mon_host=10.0.33.201:auth_supported=cephx:id=cloudstack:key=******:rbd_default_format=2:client_mount_timeout=30 ].

2025-10-08 08:59:52,365 DEBUG [utils.script.Script] (AgentRequest-Handler-1:[]) (logid:) Executing command [qemu-img convert -O qcow2 -U rbd:cloudstack/83e1deb7-afff-4d51-b0cd-5e2390427a30:mon_host=10.0.33.201:auth_supported=cephx:id=cloudstack:key=******:rbd_default_format=2:client_mount_timeout=30 /mnt/529b3b91-2f25-301c-8a4b-4867d3cd2224/654ce284-f1ad-4635-a7ac-a5cc1b43fc1d.qcow2 ].
2025-10-08 09:00:14,170 DEBUG [utils.script.Script] (AgentRequest-Handler-1:[]) (logid:) Successfully executed process [33557] for command [qemu-img convert -O qcow2 -U rbd:cloudstack/83e1deb7-afff-4d51-b0cd-5e2390427a30:mon_host=10.0.33.201:auth_supported=cephx:id=cloudstack:key=******:rbd_default_format=2:client_mount_timeout=30 /mnt/529b3b91-2f25-301c-8a4b-4867d3cd2224/654ce284-f1ad-4635-a7ac-a5cc1b43fc1d.qcow2 ].

How did you try to break this feature and the system with this change?

@sureshanaparti
Copy link
Contributor Author

sureshanaparti commented Oct 7, 2025

@blueorangutan package

@sureshanaparti sureshanaparti requested a review from Copilot October 7, 2025 10:44
Copilot AI reviewed Oct 7, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves command parameter sanitization by refactoring existing VI URL sanitization and adding new RBD file format parameter sanitization. The changes protect sensitive information like authentication keys from being exposed in command line logs.

  • Refactored existing VI URL parameter sanitization into a dedicated method
  • Added sanitization for RBD file format parameters containing authentication keys
  • Consolidated sanitization logic to improve code maintainability

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

utils/src/main/java/com/cloud/utils/script/Script.java Outdated Show resolved Hide resolved
utils/src/main/java/com/cloud/utils/script/Script.java Outdated Show resolved Hide resolved
@sureshanaparti sureshanaparti changed the title Sanitize the rbd file cmd parameter during the convert through Script Sanitize the rbd file cmd parameter logs during qemu-img convert (through Script) Oct 7, 2025
@codecov
Copy link

codecov bot commented Oct 7, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 24.00000% with 19 lines in your changes missing coverage. Please review.
✅ Project coverage is 16.17%. Comparing base (823cb00) to head (7fdfc11).
⚠️ Report is 6 commits behind head on 4.20.

Files with missing lines Patch % Lines
...s/src/main/java/com/cloud/utils/script/Script.java 24.00% 16 Missing and 3 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff            @@
##               4.20   #11801   +/-   ##
=========================================
  Coverage     16.17%   16.17%           
- Complexity    13295    13298    +3     
=========================================
  Files          5656     5656           
  Lines        498262   498282   +20     
  Branches      60464    60466    +2     
=========================================
+ Hits          80582    80587    +5     
- Misses       408710   408723   +13     
- Partials       8970     8972    +2
Flag Coverage Δ
uitests 4.00% <ø> (ø)
unittests 17.02% <24.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sureshanaparti sureshanaparti force-pushed the sanitize-rbd-convert-cmd branch from a784e50 to 7fdfc11 Compare October 7, 2025 10:53
@sureshanaparti
Copy link
Contributor Author

sureshanaparti commented Oct 7, 2025

@blueorangutan package

@blueorangutan
Copy link

blueorangutan commented Oct 7, 2025

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

blueorangutan commented Oct 7, 2025

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15317

@sureshanaparti sureshanaparti marked this pull request as ready for review October 8, 2025 09:03
rajujith
rajujith approved these changes Oct 8, 2025
View reviewed changes
Copy link

@rajujith rajujith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested
key is masked in the logs.

@sureshanaparti
Copy link
Contributor Author

sureshanaparti commented Oct 8, 2025

@blueorangutan test

@blueorangutan
Copy link

blueorangutan commented Oct 8, 2025

@sureshanaparti a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

@weizhouapache weizhouapache added this to the 4.20.2 milestone Oct 8, 2025
weizhouapache
weizhouapache approved these changes Oct 8, 2025
View reviewed changes
Copy link
Contributor

@weizhouapache weizhouapache left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code lgtm

@DaanHoogland DaanHoogland merged commit b143ddc into apache:4.20 Oct 8, 2025
25 of 26 checks passed
@DaanHoogland DaanHoogland deleted the sanitize-rbd-convert-cmd branch October 8, 2025 11:55
@blueorangutan
Copy link

blueorangutan commented Oct 9, 2025

[SF] Trillian test result (tid-14574)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 58571 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11801-t14574-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File

dhslove pushed a commit to ablecloud-team/ablestack-cloud that referenced this pull request Oct 17, 2025
@sureshanaparti @dhslove
Sanitize the rbd file cmd parameter logs during qemu-img convert (thr…
eae9b3e 
…ough Script) (apache#11801)
sandeeplocharla pushed a commit to NetApp/cloudstack that referenced this pull request Oct 21, 2025
@sureshanaparti
Sanitize the rbd file cmd parameter logs during qemu-img convert (thr…
2392bc8 
…ough Script) (apache#11801)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rajujith rajujith rajujith approved these changes

@weizhouapache weizhouapache weizhouapache approved these changes

Assignees

@rajujith rajujith

Labels

status:ready-for-merge

Projects

None yet

Milestone

4.20.2

Development

Successfully merging this pull request may close these issues.

5 participants

@sureshanaparti @blueorangutan @rajujith @weizhouapache @DaanHoogland
Morty Proxy This is a proxified and sanitized view of the page, visit original site.