X-Serivce-Token should be hashed in the log

Currently, logs display the hash values of X-Auth-Token, Authorization, and X-Subject-Token, but not the value of the X-Service-Token. This patch set adds the X-Service-Token to the list of header fields to be hashed for logging purposes. Change-Id: I4d996a2631f61a2c9bbbc7f959e97c7279be023d Closes-Bug: #1654847
2017-01-09 01:07:06 -06:00 · 2017-01-09 01:07:06 -06:00 · 9d3ae3ef94
parent f387043138
commit 9d3ae3ef94
3 changed files with 8 additions and 2 deletions
--- a/keystoneauth1/session.py
+++ b/keystoneauth1/session.py
@ -287,7 +287,7 @@ class Session(object):
    def _process_header(header):
        """Redact the secure headers to be logged."""
        secure_headers = ('authorization', 'x-auth-token',
-                          'x-subject-token',)
+                          'x-subject-token', 'x-service-token')
        if header[0].lower() in secure_headers:
            token_hasher = hashlib.sha1()
            token_hasher.update(header[1].encode('utf-8'))
--- a/keystoneauth1/tests/unit/test_session.py
+++ b/keystoneauth1/tests/unit/test_session.py
@ -192,7 +192,8 @@ class SessionTests(utils.TestCase):
                   'Content-Type': 'application/text'}
        security_headers = {'Authorization': uuid.uuid4().hex,
                            'X-Auth-Token': uuid.uuid4().hex,
-                            'X-Subject-Token': uuid.uuid4().hex, }
+                            'X-Subject-Token': uuid.uuid4().hex,
+                            'X-Service-Token': uuid.uuid4().hex}
        body = 'BODYRESPONSE'
        data = 'BODYDATA'
        all_headers = dict(
--- a/releasenotes/notes/bug-1654847-acdf9543158329ec.yaml
+++ b/releasenotes/notes/bug-1654847-acdf9543158329ec.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    The ``X-Service-Token`` header value is now properly masked, and is
+    displayed as a hash value, in the log.