diff options
author | Brant Knudson <bknudson@us.ibm.com> | 2014-09-24 14:24:39 -0500 |
---|---|---|
committer | Brant Knudson <bknudson@us.ibm.com> | 2014-10-02 22:14:14 +0000 |
commit | 23d20452d24dc3adeb404ab44799585ec1169247 (patch) | |
tree | 5ed1462f109caf5ab7485162bfb75e666676b3e3 | |
parent | eee5bd6f8148a59dc200b1cd4ad23dd5036e6b23 (diff) | |
download | python-keystoneclient-23d20452d24dc3adeb404ab44799585ec1169247.tar.gz |
Log token with sha1
By logging the sha1 hash of the token, it can be tracked through
different services.
Closes-bug: #1329301
Change-Id: I9c338f6a418ab8dd34dbaaf918b0ea6e9cbe79d7
-rw-r--r-- | keystoneclient/session.py | 6 | ||||
-rw-r--r-- | keystoneclient/tests/test_session.py | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/keystoneclient/session.py b/keystoneclient/session.py index a382cc7..577c2bf 100644 --- a/keystoneclient/session.py +++ b/keystoneclient/session.py @@ -12,6 +12,7 @@ import argparse import functools +import hashlib import logging import os import time @@ -122,7 +123,10 @@ class Session(object): secure_headers = ('authorization', 'x-auth-token', 'x-subject-token',) if header[0].lower() in secure_headers: - return (header[0], 'TOKEN_REDACTED') + token_hasher = hashlib.sha1() + token_hasher.update(header[1].encode('utf-8')) + token_hash = token_hasher.hexdigest() + return (header[0], '{SHA1}%s' % token_hash) return header @utils.positional() diff --git a/keystoneclient/tests/test_session.py b/keystoneclient/tests/test_session.py index 4c5b460..99c9e6e 100644 --- a/keystoneclient/tests/test_session.py +++ b/keystoneclient/tests/test_session.py @@ -168,7 +168,7 @@ class SessionTests(utils.TestCase): # Assert that response headers contains actual values and # only debug logs has been masked for k, v in six.iteritems(security_headers): - self.assertIn('%s: TOKEN_REDACTED' % k, self.logger.output) + self.assertIn('%s: {SHA1}' % k, self.logger.output) self.assertEqual(v, resp.headers[k]) self.assertNotIn(v, self.logger.output) |