diff options
author | Tin Lam <tinlam@gmail.com> | 2017-01-09 10:31:35 -0600 |
---|---|---|
committer | Steve Martinelli <s.martinelli@gmail.com> | 2017-01-09 19:53:53 +0000 |
commit | 398c8fb5160a05d4b28fb11147a9a295e11bcf31 (patch) | |
tree | b0d0a3fb2e1532fa61b27b58c5e20105f7cf2ec8 | |
parent | 8f872e9a56e65ae06ef4dc561bc9fb01172d98d7 (diff) | |
download | python-keystoneclient-398c8fb5160a05d4b28fb11147a9a295e11bcf31.tar.gz |
X-Serivce-Token should be hashed in the log
Currently, logs display the hash values of X-Auth-Token,
Authorization, and X-Subject-Token, but not the value of
the X-Service-Token. This patch set adds the X-Service-Token
to the list of header fields to be hashed for logging purposes.
Change-Id: Iaa3a27f4b6c3baf964fa0c71328ffe9df43b2c0a
Closes-Bug: #1654847
(cherry picked from commit 56af8c90ecbb3cb5d29036151108b1e4e7a69bcc)
-rw-r--r-- | keystoneclient/session.py | 2 | ||||
-rw-r--r-- | keystoneclient/tests/unit/test_session.py | 3 | ||||
-rw-r--r-- | releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml | 5 |
3 files changed, 8 insertions, 2 deletions
diff --git a/keystoneclient/session.py b/keystoneclient/session.py index 1e08213..9e26b76 100644 --- a/keystoneclient/session.py +++ b/keystoneclient/session.py @@ -164,7 +164,7 @@ class Session(object): def _process_header(header): """Redacts the secure headers to be logged.""" secure_headers = ('authorization', 'x-auth-token', - 'x-subject-token',) + 'x-subject-token', 'x-service-token') if header[0].lower() in secure_headers: token_hasher = hashlib.sha1() token_hasher.update(header[1].encode('utf-8')) diff --git a/keystoneclient/tests/unit/test_session.py b/keystoneclient/tests/unit/test_session.py index b72a185..2f0d266 100644 --- a/keystoneclient/tests/unit/test_session.py +++ b/keystoneclient/tests/unit/test_session.py @@ -152,7 +152,8 @@ class SessionTests(utils.TestCase): headers = {'HEADERA': 'HEADERVALB'} security_headers = {'Authorization': uuid.uuid4().hex, 'X-Auth-Token': uuid.uuid4().hex, - 'X-Subject-Token': uuid.uuid4().hex, } + 'X-Subject-Token': uuid.uuid4().hex, + 'X-Service-Token': uuid.uuid4().hex} body = 'BODYRESPONSE' data = 'BODYDATA' all_headers = dict( diff --git a/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml b/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml new file mode 100644 index 0000000..5d066e9 --- /dev/null +++ b/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + The ``X-Service-Token`` header value is now properly masked, and is + displayed as a hash value, in the log. |