diff options
| author | Tin Lam <tinlam@gmail.com> | 2017-01-09 10:31:35 -0600 |
|---|---|---|
| committer | Tin Lam <tinlam@gmail.com> | 2017-01-09 10:31:35 -0600 |
| commit | 56af8c90ecbb3cb5d29036151108b1e4e7a69bcc (patch) | |
| tree | f3a54ee79aeb9c7b738ee68fd41dfcd6d8930579 | |
| parent | 1112abe54b126d390fc3600e07b813dfee3a736a (diff) | |
| download | python-keystoneclient-56af8c90ecbb3cb5d29036151108b1e4e7a69bcc.tar.gz | |
X-Serivce-Token should be hashed in the log
Currently, logs display the hash values of X-Auth-Token,
Authorization, and X-Subject-Token, but not the value of
the X-Service-Token. This patch set adds the X-Service-Token
to the list of header fields to be hashed for logging purposes.
Change-Id: Iaa3a27f4b6c3baf964fa0c71328ffe9df43b2c0a
Closes-Bug: #1654847
| -rw-r--r-- | keystoneclient/session.py | 2 | ||||
| -rw-r--r-- | keystoneclient/tests/unit/test_session.py | 3 | ||||
| -rw-r--r-- | releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml | 5 |
3 files changed, 8 insertions, 2 deletions
diff --git a/keystoneclient/session.py b/keystoneclient/session.py index 0f57383..2501120 100644 --- a/keystoneclient/session.py +++ b/keystoneclient/session.py @@ -166,7 +166,7 @@ class Session(object): def _process_header(header): """Redact the secure headers to be logged.""" secure_headers = ('authorization', 'x-auth-token', - 'x-subject-token',) + 'x-subject-token', 'x-service-token') if header[0].lower() in secure_headers: token_hasher = hashlib.sha1() token_hasher.update(header[1].encode('utf-8')) diff --git a/keystoneclient/tests/unit/test_session.py b/keystoneclient/tests/unit/test_session.py index 909cf97..7294b70 100644 --- a/keystoneclient/tests/unit/test_session.py +++ b/keystoneclient/tests/unit/test_session.py @@ -155,7 +155,8 @@ class SessionTests(utils.TestCase): 'Content-Type': 'application/json'} security_headers = {'Authorization': uuid.uuid4().hex, 'X-Auth-Token': uuid.uuid4().hex, - 'X-Subject-Token': uuid.uuid4().hex, } + 'X-Subject-Token': uuid.uuid4().hex, + 'X-Service-Token': uuid.uuid4().hex} body = 'BODYRESPONSE' data = 'BODYDATA' all_headers = dict( diff --git a/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml b/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml new file mode 100644 index 0000000..5d066e9 --- /dev/null +++ b/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + The ``X-Service-Token`` header value is now properly masked, and is + displayed as a hash value, in the log. |