Ouput a placeholder instead of the auth_token2.19.3

As the name of the get_logging_values suggests, that function will get entries from the context for logging purposes. For this, we shouldn't need the auth_token since it might potentially leak in the logs. This filters out the auth_token by setting it as '***' by default. Change-Id: I2b245c1665c3587be3c476b803122788d186e5d5
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-11-07 06:29:35 +0000
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-11-07 13:08:11 +0200
commit: a8d86df94099317f2918bd0cf1f147b822bfc599 (patch)
tree: 34296d2052d6577c8f4fe6e99988b8f704fa577f /oslo_context/context.py
parent: e75f4c5ad91962e272d65daa770e00f70f931ecb (diff)
download: oslo-context-a8d86df94099317f2918bd0cf1f147b822bfc599.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/oslo_context/context.py b/oslo_context/context.py
index 24ded43..6475c2c 100644
--- a/oslo_context/context.py
+++ b/oslo_context/context.py
@@ -353,6 +353,13 @@ class RequestContext(object):
                   'user_domain_name': self.user_domain_name,
                   'project_domain_name': self.project_domain_name}
         values.update(self.to_dict())
+        if self.auth_token:
+            # NOTE(jaosorior): Gotta obfuscate the token since this dict is
+            # meant for logging and we shouldn't leak it.
+            values['auth_token'] = '***'
+        else:
+            values['auth_token'] = None
+
         return values
 
     @property
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-11-07 06:29:35 +0000
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-11-07 13:08:11 +0200
commit	a8d86df94099317f2918bd0cf1f147b822bfc599 (patch)
tree	34296d2052d6577c8f4fe6e99988b8f704fa577f /oslo_context/context.py
parent	e75f4c5ad91962e272d65daa770e00f70f931ecb (diff)
download	oslo-context-a8d86df94099317f2918bd0cf1f147b822bfc599.tar.gz