diff options
author | Tin Lam <tinlam@gmail.com> | 2017-01-09 10:31:35 -0600 |
---|---|---|
committer | Steve Martinelli <s.martinelli@gmail.com> | 2017-01-09 19:53:47 +0000 |
commit | 918abd31c744bdee7ec3166c37a7ad0fcb782a4d (patch) | |
tree | 40cdc9373d0dcbffc6077da8525fdd006049d8ef | |
parent | 85400c93938cc721f9d8552c5b18763dc40287f6 (diff) | |
download | python-keystoneclient-918abd31c744bdee7ec3166c37a7ad0fcb782a4d.tar.gz |
X-Serivce-Token should be hashed in the log
Currently, logs display the hash values of X-Auth-Token,
Authorization, and X-Subject-Token, but not the value of
the X-Service-Token. This patch set adds the X-Service-Token
to the list of header fields to be hashed for logging purposes.
Change-Id: Iaa3a27f4b6c3baf964fa0c71328ffe9df43b2c0a
Closes-Bug: #1654847
(cherry picked from commit 56af8c90ecbb3cb5d29036151108b1e4e7a69bcc)
-rw-r--r-- | keystoneclient/session.py | 2 | ||||
-rw-r--r-- | keystoneclient/tests/unit/test_session.py | 3 | ||||
-rw-r--r-- | releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml | 5 |
3 files changed, 8 insertions, 2 deletions
diff --git a/keystoneclient/session.py b/keystoneclient/session.py index 522a533..5002518 100644 --- a/keystoneclient/session.py +++ b/keystoneclient/session.py @@ -164,7 +164,7 @@ class Session(object): def _process_header(header): """Redact the secure headers to be logged.""" secure_headers = ('authorization', 'x-auth-token', - 'x-subject-token',) + 'x-subject-token', 'x-service-token') if header[0].lower() in secure_headers: token_hasher = hashlib.sha1() token_hasher.update(header[1].encode('utf-8')) diff --git a/keystoneclient/tests/unit/test_session.py b/keystoneclient/tests/unit/test_session.py index 8fb364a..2ef216b 100644 --- a/keystoneclient/tests/unit/test_session.py +++ b/keystoneclient/tests/unit/test_session.py @@ -152,7 +152,8 @@ class SessionTests(utils.TestCase): headers = {'HEADERA': 'HEADERVALB'} security_headers = {'Authorization': uuid.uuid4().hex, 'X-Auth-Token': uuid.uuid4().hex, - 'X-Subject-Token': uuid.uuid4().hex, } + 'X-Subject-Token': uuid.uuid4().hex, + 'X-Service-Token': uuid.uuid4().hex} body = 'BODYRESPONSE' data = 'BODYDATA' all_headers = dict( diff --git a/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml b/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml new file mode 100644 index 0000000..5d066e9 --- /dev/null +++ b/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + The ``X-Service-Token`` header value is now properly masked, and is + displayed as a hash value, in the log. |