Sanitize task info and os morphing info dicts

We'll use "mask_dict_password" from oslo.utils to sanitize
task info and os morphing info dicts.

This covers a wide variety of keys that are expected to contain
sensitive data, including the ones used for BitLocker and LUKS
keys.

coriolis/minion_manager/rpc/server.py

@@ -7,6 +7,7 @@ import uuid
 
 from oslo_config import cfg
 from oslo_log import log as logging
+from oslo_utils import strutils
 from oslo_utils import timeutils
 from taskflow import deciders as taskflow_deciders
 from taskflow.patterns import graph_flow
@@ -508,7 +509,9 @@ class MinionManagerServerEndpoint(object):
                         pool_id, instances, action['id']))
         LOG.debug(
             "Successfully validated minion pool selections for action '%s' "
-            "with properties: %s", action['id'], action)
+            "with properties: %s",
+            action['id'],
+            strutils.mask_dict_password(action))
 
     def allocate_minion_machines_for_transfer(
             self, ctxt, transfer):

coriolis/osmorphing/manager.py

@@ -5,6 +5,7 @@ import itertools
 
 from oslo_config import cfg
 from oslo_log import log as logging
+from oslo_utils import strutils
 
 from coriolis import constants
 from coriolis import events
@@ -84,7 +85,8 @@ def get_osmorphing_tools_class_for_provider(
     LOG.debug(
         "OSMorphing tools classes returned by provider '%s' for os_type '%s' "
         "and 'osmorphing_info' %s: %s",
-        type(provider), os_type, osmorphing_info, available_tools_cls)
+        type(provider), os_type,
+        strutils.mask_dict_password(osmorphing_info), available_tools_cls)
 
     osmorphing_base_class = base_osmorphing.BaseOSMorphingTools
     for toolscls in available_tools_cls:

coriolis/tests/osmorphing/osmount/test_windows.py

@@ -372,6 +372,17 @@ class WindowsMountToolsTestCase(test_base.CoriolisBaseTestCase):
         self.tools._conn.exec_ps_command.assert_called_once_with(
             exp_cmd)
 
+    def test_sanitize_recovery_password(self):
+        vol = "\\\\?\\Volume{2750d574-b333-4e7b-a0a2-d739279d39e9}\\"
+        password = "6010ba47-28e4-4105-8b0a-69eed0a54283"
+
+        cmd = 'manage-bde -unlock "%s" -RecoveryPassword "%s"' % (
+            vol, password)
+        exp_cmd = 'manage-bde -unlock "%s" -RecoveryPassword "%s"' % (
+            vol, '***')
+
+        self.assertEqual(exp_cmd, strutils.mask_password(exp_cmd))
+
     def test_suspend_bitlocker(self):
         vol = "\\\\?\\Volume{2750d574-b333-4e7b-a0a2-d739279d39e9}\\"
 

coriolis/tests/worker/rpc/test_server.py

@@ -1265,9 +1265,11 @@ class WorkerServerEndpointTestCase(test_base.CoriolisBaseTestCase):
         mock_task_runner = mock_get_task_runner_class.return_value.return_value
         mock_task_result = mock_task_runner.run.return_value
 
+        mock_destination = {'connection_info': "fake-conn-info"}
+
         server._task_process(mock.sentinel.ctxt, mock.sentinel.task_id,
                              mock.sentinel.task_type, mock.sentinel.origin,
-                             mock.sentinel.destination, mock.sentinel.instance,
+                             mock_destination, mock.sentinel.instance,
                              task_info, mp_q, mp_log_q)
         mock_setup_task_process.assert_called_once_with(mp_log_q)
         mock_get_task_runner_class.assert_called_once_with(
@@ -1277,7 +1279,7 @@ class WorkerServerEndpointTestCase(test_base.CoriolisBaseTestCase):
                                                        mock.sentinel.task_id)
         mock_task_runner.run.assert_called_once_with(
             mock.sentinel.ctxt, mock.sentinel.instance, mock.sentinel.origin,
-            mock.sentinel.destination, task_info,
+            mock_destination, task_info,
             mock_get_event_handler.return_value)
         mock_is_serializable.assert_called_once_with(mock_task_result)
         mp_q.put.assert_called_once_with(mock_task_result)

coriolis/utils.py

@@ -765,6 +765,7 @@ def sanitize_task_info(task_info):
                                 ["<redacted>"])
             new['volumes_info'].append(vol_cpy)
 
+    new = strutils.mask_dict_password(new)
     return new
 
 

coriolis/worker/rpc/server.py

@@ -12,6 +12,7 @@ import time
 
 from oslo_config import cfg
 from oslo_log import log as logging
+from oslo_utils import strutils
 import psutil
 from six.moves import queue
 
@@ -688,7 +689,8 @@ def _task_process(ctxt, task_id, task_type, origin, destination, instance,
                   "origin: %(origin)s, destination: %(destination)s, "
                   "instance: %(instance)s, task_info: %(task_info)s",
                   {"task_id": task_id, "task_type": task_type,
-                   "origin": origin, "destination": destination,
+                   "origin": origin,
+                   "destination": strutils.mask_dict_password(destination),
                    "instance": instance,
                    "task_info": utils.sanitize_task_info(
                        task_info)})