From 28fdfdbaca81adcc94d5e6d57c55f7c985d6c512 Mon Sep 17 00:00:00 2001
From: Nikhil Komawar <nikhil.komawar@rackspace.com>
Date: Wed, 30 Jul 2014 13:34:32 -0400
Subject: [PATCH] Do not log password in swift URLs in g-registry

There was a debug level log with the locations added to it.
This change fixes the log to not contain that sensitive info.

Fixes bug 1348838

Change-Id: I3c5b29616c8d76bed17dbd31a8f4fc7ccd2dd945
---
 glance/registry/api/v1/images.py          |  7 ++---
 glance/tests/unit/v1/test_registry_api.py | 32 +++++++++++++++++++++++
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/glance/registry/api/v1/images.py b/glance/registry/api/v1/images.py
index 3849c8a53b..abcf7a21a6 100644
--- a/glance/registry/api/v1/images.py
+++ b/glance/registry/api/v1/images.py
@@ -462,9 +462,10 @@ class Controller(object):
 
         purge_props = req.headers.get("X-Glance-Registry-Purge-Props", "false")
         try:
-            LOG.debug("Updating image %(id)s with metadata: "
-                      "%(image_data)r", {'id': id,
-                                         'image_data': image_data})
+            LOG.debug("Updating image %(id)s with metadata: %(image_data)r",
+                      {'id': id,
+                       'image_data': dict((k, v) for k, v in image_data.items()
+                                          if k != 'locations')})
             image_data = _normalize_image_location_for_db(image_data)
             if purge_props == "true":
                 purge_props = True
diff --git a/glance/tests/unit/v1/test_registry_api.py b/glance/tests/unit/v1/test_registry_api.py
index 7ca6a3e994..1132555869 100644
--- a/glance/tests/unit/v1/test_registry_api.py
+++ b/glance/tests/unit/v1/test_registry_api.py
@@ -18,6 +18,7 @@
 import datetime
 import uuid
 
+import mock
 from oslo.config import cfg
 import routes
 import six
@@ -1316,6 +1317,37 @@ class TestRegistryAPI(base.IsolatedUnitTest, test_utils.RegistryAPIMixIn):
         for k, v in six.iteritems(fixture):
             self.assertEqual(v, res_dict['image'][k])
 
+    @mock.patch.object(rserver.images.LOG, 'debug')
+    def test_update_image_not_log_sensitive_info(self, log_debug):
+        """
+        Tests that there is no any sensitive info of image location
+        was logged in glance during the image update operation.
+        """
+
+        def fake_log_debug(fmt_str, image_meta):
+            self.assertNotIn("'locations'", fmt_str % image_meta)
+
+        fixture = {'name': 'fake public image #2',
+                   'min_disk': 5,
+                   'min_ram': 256,
+                   'disk_format': 'raw',
+                   'location': 'fake://image'}
+        body = jsonutils.dumps(dict(image=fixture))
+
+        log_debug.side_effect = fake_log_debug
+
+        res = self.get_api_response_ext(200, url='/images/%s' % UUID2,
+                                        body=body, method='PUT',
+                                        content_type='json')
+
+        res_dict = jsonutils.loads(res.body)
+
+        self.assertNotEqual(res_dict['image']['created_at'],
+                            res_dict['image']['updated_at'])
+
+        for k, v in six.iteritems(fixture):
+            self.assertEqual(v, res_dict['image'][k])
+
     def test_update_image_not_existing(self):
         """
         Tests proper exception is raised if attempt to update