sensitive information leak to log (#12018)

* sensitive information leak to log

* Update agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
* Update core/src/main/java/com/cloud/storage/template/HttpTemplateDownloader.java
* Update engine/schema/src/main/java/com/cloud/upgrade/DatabaseCreator.java
* Update plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalDnsmasqResource.java
* Update plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalDnsmasqResource.java
* Update plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalKickStartPxeResource.java
* Update plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
* Update plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
* Update plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
* Update utils/src/main/java/com/cloud/utils/UriUtils.java

Co-authored-by: dahn <daan.hoogland@gmail.com>

* Update plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalKickStartPxeResource.java

Co-authored-by: Abhisar Sinha <63767682+abh1sar@users.noreply.github.com>

* Sync with 4.20 and fix conflict in BaremetalPingPxeResource

* Apply suggestions from code review

Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>

---------

Co-authored-by: chenyoulong20g@ict.ac.cn <chenyoulong20g@ict.ac.cn>
Co-authored-by: dahn <daan.hoogland@gmail.com>
Co-authored-by: dahn <daan@onecht.net>
Co-authored-by: Abhisar Sinha <63767682+abh1sar@users.noreply.github.com>
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>

Author: 5 people

agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java

@@ -331,7 +331,7 @@ private void launchConsoleProxy(final byte[] ksBits, final String ksPassword, fi
         final Object resource = this;
         logger.info("Building class loader for com.cloud.consoleproxy.ConsoleProxy");
         if (consoleProxyMain == null) {
-            logger.info("Running com.cloud.consoleproxy.ConsoleProxy with encryptor password={}", encryptorPassword);
+            logger.info("Running com.cloud.consoleproxy.ConsoleProxy");
             consoleProxyMain = new Thread(new ManagedContextRunnable() {
                 @Override
                 protected void runInContext() {

plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalDnsmasqResource.java

@@ -46,10 +46,10 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
         com.trilead.ssh2.Connection sshConnection = null;
         try {
             super.configure(name, params);
-            logger.debug(String.format("Trying to connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s)", _ip, _username, _password));
+            logger.debug(String.format("Trying to connect to DHCP server(IP=%1$s, username=%2$s", _ip, _username));
             sshConnection = SSHCmdHelper.acquireAuthorizedConnection(_ip, _username, _password);
             if (sshConnection == null) {
-                throw new ConfigurationException(String.format("Cannot connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password));
+                throw new ConfigurationException(String.format("Cannot connect to DHCP server(IP=%1$s, username=%2$s", _ip, _username));
             }
 
             if (!SSHCmdHelper.sshExecuteCmd(sshConnection, "[ -f '/usr/sbin/dnsmasq' ]")) {

plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalKickStartPxeResource.java

@@ -130,8 +130,8 @@ private Answer execute(VmDataCommand cmd) {
 
             sshConnection.connect(null, 60000, 60000);
             if (!sshConnection.authenticateWithPassword(_username, _password)) {
-                logger.debug("SSH Failed to authenticate");
-                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password));
+                logger.debug("SSH Failed to authenticate with user {} credentials", _username);
+                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
             }
 
             String script = String.format("python /usr/bin/baremetal_user_data.py '%s'", arg);
@@ -167,7 +167,7 @@ private Answer execute(PrepareKickstartPxeServerCommand cmd) {
             sshConnection.connect(null, 60000, 60000);
             if (!sshConnection.authenticateWithPassword(_username, _password)) {
                 logger.debug("SSH Failed to authenticate");
-                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password));
+                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
             }
 
             String copyTo = String.format("%s/%s", _tftpDir, cmd.getTemplateUuid());

plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java

@@ -101,7 +101,7 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
             sshConnection.connect(null, 60000, 60000);
             if (!sshConnection.authenticateWithPassword(_username, _password)) {
                 logger.debug("SSH Failed to authenticate");
-                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, "******"));
+                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=******", _ip, _username));
             }
 
             String cmd = String.format("[ -f /%1$s/pxelinux.0 ] && [ -f /%2$s/kernel ] && [ -f /%3$s/initrd.gz ] ", _tftpDir, _tftpDir, _tftpDir);
@@ -150,8 +150,8 @@ protected PreparePxeServerAnswer execute(PreparePxeServerCommand cmd) {
         try {
             sshConnection.connect(null, 60000, 60000);
             if (!sshConnection.authenticateWithPassword(_username, _password)) {
-                logger.debug("SSH Failed to authenticate");
-                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password));
+                logger.debug("SSH Failed to authenticate with user {} credentials", _username);
+                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
             }
 
             String script =
@@ -179,7 +179,7 @@ protected Answer execute(PrepareCreateTemplateCommand cmd) {
             sshConnection.connect(null, 60000, 60000);
             if (!sshConnection.authenticateWithPassword(_username, _password)) {
                 logger.debug("SSH Failed to authenticate");
-                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password));
+                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
             }
 
             String script =
@@ -237,7 +237,7 @@ private Answer execute(VmDataCommand cmd) {
             sshConnection.connect(null, 60000, 60000);
             if (!sshConnection.authenticateWithPassword(_username, _password)) {
                 logger.debug("SSH Failed to authenticate");
-                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password));
+                throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
             }
 
             String script = String.format("python /usr/bin/baremetal_user_data.py '%s'", arg);

utils/src/main/java/com/cloud/utils/UriUtils.java

@@ -500,8 +500,12 @@ public static InputStream getInputStreamFromUrl(String url, String user, String
             if ((user != null) && (password != null)) {
                 httpclient.getParams().setAuthenticationPreemptive(true);
                 Credentials defaultcreds = new UsernamePasswordCredentials(user, password);
-                httpclient.getState().setCredentials(new AuthScope(hostAndPort.first(), hostAndPort.second(), AuthScope.ANY_REALM), defaultcreds);
-                LOGGER.info("Added username=" + user + ", password=" + password + "for host " + hostAndPort.first() + ":" + hostAndPort.second());
+                httpclient.getState().setCredentials(
+                        new AuthScope(hostAndPort.first(), hostAndPort.second(), AuthScope.ANY_REALM), defaultcreds);
+                LOGGER.info("Added username={} along with password for host {}:{}"
+                    , user
+                    , hostAndPort.first()
+                    , hostAndPort.second());
             }
             // Execute the method.
             GetMethod method = new GetMethod(url);