diff options
| author | Jenkins <jenkins@review.openstack.org> | 2015-09-03 20:29:08 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2015-09-03 20:29:08 +0000 |
| commit | 1bff68f9b8d8f6bed843d910fb4e1b69b64ded7a (patch) | |
| tree | 42efd5204634fda899cc789eeb20656358e460c5 | |
| parent | 3e862bbb1e2a7b488cf2de43651270e6afbb82ad (diff) | |
| parent | 3e26ff824801d5084791a52980021784e794e35f (diff) | |
| download | python-keystoneclient-1bff68f9b8d8f6bed843d910fb4e1b69b64ded7a.tar.gz | |
Merge "Mask passwords when logging the HTTP response"
| -rw-r--r-- | keystoneclient/session.py | 4 | ||||
| -rw-r--r-- | keystoneclient/tests/unit/test_session.py | 29 |
2 files changed, 32 insertions, 1 deletions
diff --git a/keystoneclient/session.py b/keystoneclient/session.py index 39227c2..6f2e930 100644 --- a/keystoneclient/session.py +++ b/keystoneclient/session.py @@ -23,6 +23,7 @@ from debtcollector import removals from oslo_config import cfg from oslo_serialization import jsonutils from oslo_utils import importutils +from oslo_utils import strutils import requests import six from six.moves import urllib @@ -208,7 +209,8 @@ class Session(object): for header in six.iteritems(response.headers): string_parts.append('%s: %s' % self._process_header(header)) if text: - string_parts.append('\nRESP BODY: %s\n' % text) + string_parts.append('\nRESP BODY: %s\n' % + strutils.mask_password(text)) logger.debug(' '.join(string_parts)) diff --git a/keystoneclient/tests/unit/test_session.py b/keystoneclient/tests/unit/test_session.py index ee76337..f7384cd 100644 --- a/keystoneclient/tests/unit/test_session.py +++ b/keystoneclient/tests/unit/test_session.py @@ -250,6 +250,35 @@ class SessionTests(utils.TestCase): session.get, self.TEST_URL) + def test_mask_password_in_http_log_response(self): + session = client_session.Session() + + def fake_debug(msg): + self.assertNotIn('verybadpass', msg) + + logger = mock.Mock(isEnabledFor=mock.Mock(return_value=True)) + logger.debug = mock.Mock(side_effect=fake_debug) + body = { + "connection_info": { + "driver_volume_type": "iscsi", + "data": { + "auth_password": "verybadpass", + "target_discovered": False, + "encrypted": False, + "qos_specs": None, + "target_iqn": ("iqn.2010-10.org.openstack:volume-" + "744d2085-8e78-40a5-8659-ef3cffb2480e"), + "target_portal": "172.99.69.228:3260", + "volume_id": "744d2085-8e78-40a5-8659-ef3cffb2480e", + "target_lun": 1, + "access_mode": "rw", + "auth_username": "verybadusername", + "auth_method": "CHAP"}}} + body_json = jsonutils.dumps(body) + response = mock.Mock(text=body_json, status_code=200, headers={}) + session._http_log_response(response, logger) + self.assertEqual(1, logger.debug.call_count) + class RedirectTests(utils.TestCase): |