Add 'auth_password' in _SANITIZE_KEYS for strutils

Cinder volume drivers may return connection_info with'auth_password', This is an example[1], to avoid auth_password to be logged in disk, we should mask its value with "***". [1] https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/ibm/storwize_svc/__init__.py#L432 Change-Id: Id8b67615efab1171e66b46550d5b01e1964f85a3
2014-10-20 12:14:24 +08:00
parent f0cce3cd26
commit dbc02d0fba
2 changed files with 9 additions and 1 deletions
--- a/oslo/utils/strutils.py
+++ b/oslo/utils/strutils.py
@@ -52,7 +52,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+")

 # NOTE(flaper87): The following globals are used by `mask_password`
 _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password',
-                  'auth_token', 'new_pass']
+                  'auth_token', 'new_pass', 'auth_password']

 # NOTE(ldbragst): Let's build a list of regex objects using the list of
 # _SANITIZE_KEYS we already have. This way, we only have to add the new key
--- a/tests/test_strutils.py
+++ b/tests/test_strutils.py
@@ -296,6 +296,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase):
        payload = """{ 'password' : 'mypassword' }"""
        expected = """{ 'password' : '***' }"""
        self.assertEqual(expected, strutils.mask_password(payload))
+        # Test 'auth_password' w/o spaces
+        payload = """{'auth_password':'mypassword'}"""
+        expected = """{'auth_password':'***'}"""
+        self.assertEqual(expected, strutils.mask_password(payload))
+        # Test 'auth_password' with spaces
+        payload = """{ 'auth_password' : 'mypassword' }"""
+        expected = """{ 'auth_password' : '***' }"""
+        self.assertEqual(expected, strutils.mask_password(payload))

    def test_xml(self):
        # Test 'adminPass' w/o spaces