Hide TrustId in log to tighten up security

Current the value of TrustId is showed in plaintext in log when murano creates trustes and operates with data. So add 'trustid' in token_sanitizer to hide it like token and pass. Closes-Bug: #1472331 Change-Id: I1e9ea8298a7ffd9aa742cf73fada69db3a734712
2015-07-08 13:53:15 +08:00 · 2015-07-08 13:53:15 +08:00 · 8933765635
commit 8933765635
parent ed6c26c8ca
2 changed files with 4 additions and 2 deletions
--- a/murano/common/helpers/token_sanitizer.py
+++ b/murano/common/helpers/token_sanitizer.py
@ -21,7 +21,8 @@ class TokenSanitizer(object):
    Simply searches attribute with `look a like` name as one of
    the token and replace it value with message.
    """
-    def __init__(self, tokens=('token', 'pass'), message='*** SANITIZED ***'):
+    def __init__(self, tokens=('token', 'pass', 'trustid'),
+                 message='*** SANITIZED ***'):
        """Init method of TokenSanitizer.
        :param tokens:  iterable with tokens
        :param message: string by which each token going to be replaced
--- a/murano/tests/unit/common/helpers/token_sanitizer_tests.py
+++ b/murano/tests/unit/common/helpers/token_sanitizer_tests.py
@ -25,11 +25,12 @@ class TokenSanitizerTests(base.MuranoTestCase):
        self.assertEqual(value['token'], self.sanitizer.message)

    def test_dict_with_few_value(self):
-        source = {'token': 'value', 'pass': 'value'}
+        source = {'token': 'value', 'pass': 'value', 'TrustId': 'value'}
        value = self.sanitizer.sanitize(source)

        self.assertEqual(value['token'], self.sanitizer.message)
        self.assertEqual(value['pass'], self.sanitizer.message)
+        self.assertEqual(value['TrustId'], self.sanitizer.message)

    def test_dict_with_nested_dict(self):
        source = {'obj': {'pass': 'value'}}