Remove sensitive params (VmPassword, etc) from VMWork log (#8553)

Author: sureshanaparti

engine/components-api/src/main/java/com/cloud/vm/VmWork.java

@@ -17,9 +17,21 @@
 package com.cloud.vm;
 
 import java.io.Serializable;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+
+import com.cloud.serializer.GsonHelper;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.gson.Gson;
 
 public class VmWork implements Serializable {
     private static final long serialVersionUID = -6946320465729853589L;
+    private static final Gson gsonLogger = GsonHelper.getGsonLogger();
 
     long userId;
     long accountId;
@@ -56,4 +68,31 @@ public long getVmId() {
     public String getHandlerName() {
         return handlerName;
     }
+
+    @Override
+    public String toString() {
+        return gsonLogger.toJson(this);
+    }
+
+    protected String toStringAfterRemoveParams(String paramsObjName, List<String> params) {
+        String ObjJsonStr = gsonLogger.toJson(this);
+        if (StringUtils.isBlank(ObjJsonStr) || StringUtils.isBlank(paramsObjName) || CollectionUtils.isEmpty(params)) {
+            return ObjJsonStr;
+        }
+
+        try {
+            Map<String, Object> ObjMap = new ObjectMapper().readValue(ObjJsonStr, HashMap.class);
+            if (ObjMap != null && ObjMap.containsKey(paramsObjName)) {
+                for (String param : params) {
+                    ((Map<String, String>)ObjMap.get(paramsObjName)).remove(param);
+                }
+                String resultJson = new ObjectMapper().writeValueAsString(ObjMap);
+                return resultJson;
+            }
+        } catch (final JsonProcessingException e) {
+            // Ignore json exception
+        }
+
+        return ObjJsonStr;
+    }
 }

engine/components-api/src/main/java/com/cloud/vm/VmWorkJobHandlerProxy.java

@@ -21,15 +21,13 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import org.apache.log4j.Logger;
-
-import com.google.gson.Gson;
-
 import org.apache.cloudstack.framework.jobs.impl.JobSerializerHelper;
 import org.apache.cloudstack.jobs.JobInfo;
+import org.apache.log4j.Logger;
 
 import com.cloud.serializer.GsonHelper;
 import com.cloud.utils.Pair;
+import com.google.gson.Gson;
 
 /**
  * VmWorkJobHandlerProxy can not be used as standalone due to run-time
@@ -102,12 +100,12 @@ public Pair<JobInfo.Status, String> handleVmWorkJob(VmWork work) throws Exceptio
 
             try {
                 if (s_logger.isDebugEnabled())
-                    s_logger.debug("Execute VM work job: " + work.getClass().getName() + _gsonLogger.toJson(work));
+                    s_logger.debug("Execute VM work job: " + work.getClass().getName() + work);
 
                 Object obj = method.invoke(_target, work);
 
                 if (s_logger.isDebugEnabled())
-                    s_logger.debug("Done executing VM work job: " + work.getClass().getName() + _gsonLogger.toJson(work));
+                    s_logger.debug("Done executing VM work job: " + work.getClass().getName() + work);
 
                 assert (obj instanceof Pair);
                 return (Pair<JobInfo.Status, String>)obj;

engine/orchestration/src/main/java/com/cloud/vm/VmWorkReboot.java

@@ -17,7 +17,9 @@
 package com.cloud.vm;
 
 import java.io.Serializable;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import org.apache.cloudstack.framework.jobs.impl.JobSerializerHelper;
@@ -62,4 +64,11 @@ public void setParams(Map<VirtualMachineProfile.Param, Object> params) {
             }
         }
     }
+
+    @Override
+    public String toString() {
+        List<String> params = new ArrayList<>();
+        params.add(VirtualMachineProfile.Param.VmPassword.getName());
+        return super.toStringAfterRemoveParams("rawParams", params);
+    }
 }

engine/orchestration/src/main/java/com/cloud/vm/VmWorkStart.java

@@ -18,7 +18,9 @@
 package com.cloud.vm;
 
 import java.io.Serializable;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import org.apache.cloudstack.context.CallContext;
@@ -135,4 +137,11 @@ public void setParams(Map<VirtualMachineProfile.Param, Object> params) {
             }
         }
     }
+
+    @Override
+    public String toString() {
+        List<String> params = new ArrayList<>();
+        params.add(VirtualMachineProfile.Param.VmPassword.getName());
+        return super.toStringAfterRemoveParams("rawParams", params);
+    }
 }

engine/orchestration/src/test/java/com/cloud/vm/VmWorkRebootTest.java

@@ -0,0 +1,42 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.vm;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.cloudstack.framework.jobs.impl.JobSerializerHelper;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class VmWorkRebootTest {
+
+    @Test
+    public void testToString() {
+        VmWork vmWork = new VmWork(1l, 1l, 1l, "testhandler");
+        Map<VirtualMachineProfile.Param, Object> params = new HashMap<>();
+        String lastHost = "rO0ABXQABHRydWU";
+        String lastHostSerialized = JobSerializerHelper.toObjectSerializedString(lastHost);
+        params.put(VirtualMachineProfile.Param.ConsiderLastHost, lastHost);
+        params.put(VirtualMachineProfile.Param.VmPassword, "rO0ABXQADnNhdmVkX3Bhc3N3b3Jk");
+        VmWorkReboot workInfo = new VmWorkReboot(vmWork, params);
+        String expectedVmWorkRebootStr = "{\"accountId\":1,\"vmId\":1,\"handlerName\":\"testhandler\",\"userId\":1,\"rawParams\":{\"ConsiderLastHost\":\"" + lastHostSerialized + "\"}}";
+
+        String vmWorkRebootStr = workInfo.toString();
+        Assert.assertEquals(expectedVmWorkRebootStr, vmWorkRebootStr);
+    }
+}

engine/orchestration/src/test/java/com/cloud/vm/VmWorkStartTest.java

@@ -0,0 +1,57 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.vm;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.cloudstack.framework.jobs.impl.JobSerializerHelper;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class VmWorkStartTest {
+
+    @Test
+    public void testToStringWithParams() {
+        VmWork vmWork = new VmWork(1l,  1l, 1l, "testhandler");
+        VmWorkStart workInfo = new VmWorkStart(vmWork);
+        Map<VirtualMachineProfile.Param, Object> params = new HashMap<>();
+        String lastHost = "rO0ABXQABHRydWU";
+        String lastHostSerialized = JobSerializerHelper.toObjectSerializedString(lastHost);
+        params.put(VirtualMachineProfile.Param.ConsiderLastHost, lastHost);
+        params.put(VirtualMachineProfile.Param.VmPassword, "rO0ABXQADnNhdmVkX3Bhc3N3b3Jk");
+        workInfo.setParams(params);
+        String expectedVmWorkStartStr = "{\"accountId\":1,\"dcId\":0,\"vmId\":1,\"handlerName\":\"testhandler\",\"userId\":1,\"rawParams\":{\"ConsiderLastHost\":\"" + lastHostSerialized + "\"}}";
+
+        String vmWorkStartStr = workInfo.toString();
+        Assert.assertEquals(expectedVmWorkStartStr, vmWorkStartStr);
+    }
+
+    @Test
+    public void testToStringWithRawParams() {
+        VmWork vmWork = new VmWork(1l,  1l, 1l, "testhandler");
+        VmWorkStart workInfo = new VmWorkStart(vmWork);
+        Map<String, String> rawParams = new HashMap<>();
+        rawParams.put(VirtualMachineProfile.Param.ConsiderLastHost.getName(), "rO0ABXQABHRydWU");
+        rawParams.put(VirtualMachineProfile.Param.VmPassword.getName(), "rO0ABXQADnNhdmVkX3Bhc3N3b3Jk");
+        workInfo.setRawParams(rawParams);
+        String expectedVmWorkStartStr = "{\"accountId\":1,\"dcId\":0,\"vmId\":1,\"handlerName\":\"testhandler\",\"userId\":1,\"rawParams\":{\"ConsiderLastHost\":\"rO0ABXQABHRydWU\"}}";
+
+        String vmWorkStartStr = workInfo.toString();
+        Assert.assertEquals(expectedVmWorkStartStr, vmWorkStartStr);
+    }
+}