Browse Source

Mark password/secret options as secret

Password, token, and secret options should be marked as secret=True
so that when the value is logged the logger knows to obfuscate the
value.

Conflicts:
	keystoneauth1/extras/_saml2/_loading.py
	keystoneauth1/loading/_plugins/identity/v3.py

- There was no saml2 plugin in keystoneauth1.
- The OpenIDConnectPassword and OpenIDConnectAuthorizationCode
  plugins didn't exist.

Change-Id: I4818c4cc04cc6a4e1e3cf09d5e0b7b4ffefbb892
Closes-Bug: 1534299
(cherry picked from commit fcd9538eaf)
Brant Knudson 3 years ago
parent
commit
877ddce291
1 changed files with 3 additions and 2 deletions
  1. 3
    2
      keystoneauth1/loading/_plugins/identity/generic.py

+ 3
- 2
keystoneauth1/loading/_plugins/identity/generic.py View File

@@ -47,7 +47,8 @@ class Token(GenericBaseLoader):
47 47
         options = super(Token, self).get_options()
48 48
 
49 49
         options.extend([
50
-            loading.Opt('token', help='Token to authenticate with'),
50
+            loading.Opt('token', secret=True,
51
+                        help='Token to authenticate with'),
51 52
         ])
52 53
 
53 54
         return options
@@ -69,6 +70,6 @@ class Password(GenericBaseLoader):
69 70
                         deprecated=[loading.Opt('username')]),
70 71
             loading.Opt('user-domain-id', help="User's domain id"),
71 72
             loading.Opt('user-domain-name', help="User's domain name"),
72
-            loading.Opt('password', help="User's password"),
73
+            loading.Opt('password', secret=True, help="User's password"),
73 74
         ])
74 75
         return options

Loading…
Cancel
Save