diff options
author | Brant Knudson <bknudson@us.ibm.com> | 2016-01-14 16:22:04 -0600 |
---|---|---|
committer | Brant Knudson <bknudson@us.ibm.com> | 2016-01-18 17:28:18 -0600 |
commit | 1da2c545c3c9099eedf81ebc8b95ab08b311a8c0 (patch) | |
tree | 5ec9c4284e7fa6ca7a0bdd4babce7aeedc5efab1 | |
parent | f15c176ba30efdcc15886e8f7203f32deb60c2a2 (diff) | |
download | python-keystoneclient-1da2c545c3c9099eedf81ebc8b95ab08b311a8c0.tar.gz |
Mark password/secret options as secret1.7.4
Password, token, and secret options should be marked as secret=True
so that when the value is logged the logger knows to obfuscate the
value.
Change-Id: I6ebdfa3bf6faf37bc11640a5826b3b55bb920fc4
Closes-Bug: 1534299
(cherry picked from commit 04f9f33b4b6079d39c3feea0b1ec1211a1de6a04)
-rw-r--r-- | keystoneclient/auth/identity/generic/cli.py | 1 | ||||
-rw-r--r-- | keystoneclient/auth/identity/generic/password.py | 2 | ||||
-rw-r--r-- | keystoneclient/auth/identity/generic/token.py | 2 | ||||
-rw-r--r-- | keystoneclient/contrib/auth/v3/oidc.py | 5 | ||||
-rw-r--r-- | keystoneclient/contrib/auth/v3/saml2.py | 2 |
5 files changed, 7 insertions, 5 deletions
diff --git a/keystoneclient/auth/identity/generic/cli.py b/keystoneclient/auth/identity/generic/cli.py index c493850..212e9b7 100644 --- a/keystoneclient/auth/identity/generic/cli.py +++ b/keystoneclient/auth/identity/generic/cli.py @@ -38,6 +38,7 @@ class DefaultCLI(password.Password): options.extend([cfg.StrOpt('endpoint', help='A URL to use instead of a catalog'), cfg.StrOpt('token', + secret=True, help='Always use the specified token')]) return options diff --git a/keystoneclient/auth/identity/generic/password.py b/keystoneclient/auth/identity/generic/password.py index 3c4180c..3527b19 100644 --- a/keystoneclient/auth/identity/generic/password.py +++ b/keystoneclient/auth/identity/generic/password.py @@ -30,7 +30,7 @@ def get_options(): deprecated_name='user-name'), cfg.StrOpt('user-domain-id', help="User's domain id"), cfg.StrOpt('user-domain-name', help="User's domain name"), - cfg.StrOpt('password', help="User's password"), + cfg.StrOpt('password', secret=True, help="User's password"), ] diff --git a/keystoneclient/auth/identity/generic/token.py b/keystoneclient/auth/identity/generic/token.py index 0fbacf0..6a5d15b 100644 --- a/keystoneclient/auth/identity/generic/token.py +++ b/keystoneclient/auth/identity/generic/token.py @@ -24,7 +24,7 @@ LOG = logging.getLogger(__name__) def get_options(): return [ - cfg.StrOpt('token', help='Token to authenticate with'), + cfg.StrOpt('token', secret=True, help='Token to authenticate with'), ] diff --git a/keystoneclient/contrib/auth/v3/oidc.py b/keystoneclient/contrib/auth/v3/oidc.py index 0c94519..f9c5286 100644 --- a/keystoneclient/contrib/auth/v3/oidc.py +++ b/keystoneclient/contrib/auth/v3/oidc.py @@ -31,9 +31,10 @@ class OidcPassword(federated.FederatedBaseAuth): options = super(OidcPassword, cls).get_options() options.extend([ cfg.StrOpt('username', help='Username'), - cfg.StrOpt('password', help='Password'), + cfg.StrOpt('password', secret=True, help='Password'), cfg.StrOpt('client-id', help='OAuth 2.0 Client ID'), - cfg.StrOpt('client-secret', help='OAuth 2.0 Client Secret'), + cfg.StrOpt('client-secret', secret=True, + help='OAuth 2.0 Client Secret'), cfg.StrOpt('access-token-endpoint', help='OpenID Connect Provider Token Endpoint'), cfg.StrOpt('scope', default="profile", diff --git a/keystoneclient/contrib/auth/v3/saml2.py b/keystoneclient/contrib/auth/v3/saml2.py index 2e74996..bf8aea1 100644 --- a/keystoneclient/contrib/auth/v3/saml2.py +++ b/keystoneclient/contrib/auth/v3/saml2.py @@ -74,7 +74,7 @@ class _BaseSAMLPlugin(v3.AuthConstructor): help="Identity Provider's URL"), cfg.StrOpt('username', dest='username', help='Username', deprecated_name='user-name'), - cfg.StrOpt('password', help='Password') + cfg.StrOpt('password', secret=True, help='Password') ]) return options |