From dbc02d0fbad64f356148e28aa4a5219bbe41fc36 Mon Sep 17 00:00:00 2001 From: "ChangBo Guo(gcb)" Date: Mon, 20 Oct 2014 12:14:24 +0800 Subject: [PATCH] Add 'auth_password' in _SANITIZE_KEYS for strutils Cinder volume drivers may return connection_info with'auth_password', This is an example[1], to avoid auth_password to be logged in disk, we should mask its value with "***". [1] https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/ibm/storwize_svc/__init__.py#L432 Change-Id: Id8b67615efab1171e66b46550d5b01e1964f85a3 --- oslo/utils/strutils.py | 2 +- tests/test_strutils.py | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/oslo/utils/strutils.py b/oslo/utils/strutils.py index de11f89..c6f5d47 100644 --- a/oslo/utils/strutils.py +++ b/oslo/utils/strutils.py @@ -52,7 +52,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+") # NOTE(flaper87): The following globals are used by `mask_password` _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password', - 'auth_token', 'new_pass'] + 'auth_token', 'new_pass', 'auth_password'] # NOTE(ldbragst): Let's build a list of regex objects using the list of # _SANITIZE_KEYS we already have. This way, we only have to add the new key diff --git a/tests/test_strutils.py b/tests/test_strutils.py index 1362d92..2437b4c 100644 --- a/tests/test_strutils.py +++ b/tests/test_strutils.py @@ -296,6 +296,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase): payload = """{ 'password' : 'mypassword' }""" expected = """{ 'password' : '***' }""" self.assertEqual(expected, strutils.mask_password(payload)) + # Test 'auth_password' w/o spaces + payload = """{'auth_password':'mypassword'}""" + expected = """{'auth_password':'***'}""" + self.assertEqual(expected, strutils.mask_password(payload)) + # Test 'auth_password' with spaces + payload = """{ 'auth_password' : 'mypassword' }""" + expected = """{ 'auth_password' : '***' }""" + self.assertEqual(expected, strutils.mask_password(payload)) def test_xml(self): # Test 'adminPass' w/o spaces