Redact the DRBD secret in instance queries
[ganeti-github.git] / lib / cmdlib / instance_query.py
index ee9ba13..ee2dcad 100644 (file)
@@ -341,6 +341,8 @@ class LUInstanceQueryData(NoHooksLU):
 
     """
     drbd_info = None
+    output_logical_id = dev.logical_id
+    output_physical_id = dev.physical_id
     if dev.dev_type in constants.DTS_DRBD:
       # we change the snode then (otherwise we use the one passed in)
       if dev.logical_id[0] == instance.primary_node:
@@ -353,8 +355,10 @@ class LUInstanceQueryData(NoHooksLU):
         "secondary_node": node_uuid2name_fn(snode_uuid),
         "secondary_minor": dev.logical_id[4],
         "port": dev.logical_id[2],
-        "secret": dev.logical_id[5],
       }
+      # replace the secret present at the end of the ids with None
+      output_logical_id = dev.logical_id[:-1] + (None,)
+      output_physical_id = dev.physical_id[:-1] + (None,)
 
     dev_pstatus = self._ComputeBlockdevStatus(instance.primary_node,
                                               instance, dev)
@@ -371,9 +375,9 @@ class LUInstanceQueryData(NoHooksLU):
     return {
       "iv_name": dev.iv_name,
       "dev_type": dev.dev_type,
-      "logical_id": dev.logical_id,
+      "logical_id": output_logical_id,
       "drbd_info": drbd_info,
-      "physical_id": dev.physical_id,
+      "physical_id": output_physical_id,
       "pstatus": dev_pstatus,
       "sstatus": dev_sstatus,
       "children": dev_children,