Add 'auth_password' in _SANITIZE_KEYS for strutils

Cinder volume drivers may return connection_info with'auth_password',
This is an example[1], to avoid auth_password to be logged in disk,
we should mask its value with "***".

[1] https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/ibm/storwize_svc/__init__.py#L432

Change-Id: Id8b67615efab1171e66b46550d5b01e1964f85a3

2 files changed, 9 insertions, 1 deletions

diff --git a/oslo/utils/strutils.py b/oslo/utils/strutils.py
index de11f89..c6f5d47 100644
--- a/oslo/utils/strutils.py
+++ b/oslo/utils/strutils.py
@@ -52,7 +52,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+")
 
 # NOTE(flaper87): The following globals are used by `mask_password`
 _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password',
-                  'auth_token', 'new_pass']
+                  'auth_token', 'new_pass', 'auth_password']
 
 # NOTE(ldbragst): Let's build a list of regex objects using the list of
 # _SANITIZE_KEYS we already have. This way, we only have to add the new key
diff --git a/tests/test_strutils.py b/tests/test_strutils.py
index 1362d92..2437b4c 100644
--- a/tests/test_strutils.py
+++ b/tests/test_strutils.py
@@ -296,6 +296,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase):
         payload = """{ 'password' : 'mypassword' }"""
         expected = """{ 'password' : '***' }"""
         self.assertEqual(expected, strutils.mask_password(payload))
+        # Test 'auth_password' w/o spaces
+        payload = """{'auth_password':'mypassword'}"""
+        expected = """{'auth_password':'***'}"""
+        self.assertEqual(expected, strutils.mask_password(payload))
+        # Test 'auth_password' with spaces
+        payload = """{ 'auth_password' : 'mypassword' }"""
+        expected = """{ 'auth_password' : '***' }"""
+        self.assertEqual(expected, strutils.mask_password(payload))
 
     def test_xml(self):
         # Test 'adminPass' w/o spaces