From a14b17fc0c12318c755dd94665dfe1f09520633a Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Mon, 27 Nov 2023 10:11:46 +0900
Subject: [PATCH] [coordination] backend_url should be secret

The backend_url option can sometimes contain secrets.

For example when redis coordination backend is used and authentication
is enabled in redis, the plain redis password is put as an URL element.

[coordination]
backend_url=redis://:password@127.0.0.1:6379

Closes-Bug: #2012246
Change-Id: I381999e669bfe7a603c9233f9c22b6e80abc708b
---
 cinder/coordination.py                               | 1 +
 releasenotes/notes/bug-2012246-292d7d93260a1fe5.yaml | 6 ++++++
 2 files changed, 7 insertions(+)
 create mode 100644 releasenotes/notes/bug-2012246-292d7d93260a1fe5.yaml

diff --git a/cinder/coordination.py b/cinder/coordination.py
index fc5e2e4f47e..16db53b494a 100644
--- a/cinder/coordination.py
+++ b/cinder/coordination.py
@@ -38,6 +38,7 @@ LOG = log.getLogger(__name__)
 
 coordination_opts = [
     cfg.StrOpt('backend_url',
+               secret=True,
                default='file://$state_path',
                help='The backend URL to use for distributed coordination.'),
 ]
diff --git a/releasenotes/notes/bug-2012246-292d7d93260a1fe5.yaml b/releasenotes/notes/bug-2012246-292d7d93260a1fe5.yaml
new file mode 100644
index 00000000000..8b43d74b9a2
--- /dev/null
+++ b/releasenotes/notes/bug-2012246-292d7d93260a1fe5.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    `Bug #2008017 <https://bugs.launchpad.net/cinder/+bug/2012246>`_: Hide
+    value of the `[coordination] backend_url` option from logs because it can
+    contain credential.