diff options
author | ChangBo Guo(gcb) <eric.guo@easystack.cn> | 2014-10-20 12:14:24 +0800 |
---|---|---|
committer | ChangBo Guo(gcb) <glongwave@gmail.com> | 2014-11-11 15:26:50 +0000 |
commit | dbc02d0fbad64f356148e28aa4a5219bbe41fc36 (patch) | |
tree | 595d5bc003558834d54dbaf153dbfabce428006a | |
parent | f0cce3cd2635b06f8220a1ebe096495006d739bf (diff) | |
download | oslo-utils-dbc02d0fbad64f356148e28aa4a5219bbe41fc36.tar.gz |
Add 'auth_password' in _SANITIZE_KEYS for strutils
Cinder volume drivers may return connection_info with'auth_password',
This is an example[1], to avoid auth_password to be logged in disk,
we should mask its value with "***".
[1] https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/ibm/storwize_svc/__init__.py#L432
Change-Id: Id8b67615efab1171e66b46550d5b01e1964f85a3
-rw-r--r-- | oslo/utils/strutils.py | 2 | ||||
-rw-r--r-- | tests/test_strutils.py | 8 |
2 files changed, 9 insertions, 1 deletions
diff --git a/oslo/utils/strutils.py b/oslo/utils/strutils.py index de11f89..c6f5d47 100644 --- a/oslo/utils/strutils.py +++ b/oslo/utils/strutils.py @@ -52,7 +52,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+") # NOTE(flaper87): The following globals are used by `mask_password` _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password', - 'auth_token', 'new_pass'] + 'auth_token', 'new_pass', 'auth_password'] # NOTE(ldbragst): Let's build a list of regex objects using the list of # _SANITIZE_KEYS we already have. This way, we only have to add the new key diff --git a/tests/test_strutils.py b/tests/test_strutils.py index 1362d92..2437b4c 100644 --- a/tests/test_strutils.py +++ b/tests/test_strutils.py @@ -296,6 +296,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase): payload = """{ 'password' : 'mypassword' }""" expected = """{ 'password' : '***' }""" self.assertEqual(expected, strutils.mask_password(payload)) + # Test 'auth_password' w/o spaces + payload = """{'auth_password':'mypassword'}""" + expected = """{'auth_password':'***'}""" + self.assertEqual(expected, strutils.mask_password(payload)) + # Test 'auth_password' with spaces + payload = """{ 'auth_password' : 'mypassword' }""" + expected = """{ 'auth_password' : '***' }""" + self.assertEqual(expected, strutils.mask_password(payload)) def test_xml(self): # Test 'adminPass' w/o spaces |