Merge branch 'fix/ZSTAC-80664' into '5.5.12'

<fix>[core]: add @nologging to sensitive config fields

See merge request zstackio/zstack!9171

Author: gitlab

header/src/main/java/org/zstack/header/storage/addon/primary/ExternalPrimaryStorageInventory.java

@@ -4,8 +4,10 @@
 import org.zstack.header.storage.primary.PrimaryStorageInventory;
 import org.zstack.utils.gson.JSONObjectUtil;
 
+import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.stream.Collectors;
 
 @Inventory(mappingVOClass = ExternalPrimaryStorageVO.class)
@@ -59,6 +61,7 @@ public ExternalPrimaryStorageInventory(ExternalPrimaryStorageVO lvo) {
         super(lvo);
         identity = lvo.getIdentity();
         config = JSONObjectUtil.toObject(lvo.getConfig(), LinkedHashMap.class);
+        desensitizeConfig(config);
         addonInfo = JSONObjectUtil.toObject(lvo.getAddonInfo(), LinkedHashMap.class);
         outputProtocols = lvo.getOutputProtocols().stream().map(PrimaryStorageOutputProtocolRefVO::getOutputProtocol).collect(Collectors.toList());
         defaultProtocol = lvo.getDefaultProtocol();
@@ -68,6 +71,35 @@ public static ExternalPrimaryStorageInventory valueOf(ExternalPrimaryStorageVO l
         return new ExternalPrimaryStorageInventory(lvo);
     }
 
+    private static void desensitizeConfig(Map config) {
+        if (config == null) return;
+        desensitizeUrlList(config, "mdsUrls");
+        desensitizeUrlList(config, "mdsInfos");
+    }
+
+    private static void desensitizeUrlList(Map config, String key) {
+        Object urls = config.get(key);
+        if (urls instanceof List) {
+            List<String> desensitized = new ArrayList<>();
+            for (Object url : (List) urls) {
+                desensitized.add(desensitizeUrl(String.valueOf(url)));
+            }
+            config.put(key, desensitized);
+        }
+    }
+
+    private static String desensitizeUrl(String url) {
+        int atIndex = url.lastIndexOf('@');
+        if (atIndex > 0) {
+            int schemeIndex = url.indexOf("://");
+            if (schemeIndex >= 0 && schemeIndex < atIndex) {
+                return url.substring(0, schemeIndex + 3) + "***" + url.substring(atIndex);
+            }
+            return "***" + url.substring(atIndex);
+        }
+        return url;
+    }
+
     public String getIdentity() {
         return identity;
     }