Merge "X-Serivce-Token should be hashed in the log" into stable/mitaka

2017-01-10 03:49:48 +00:00 · 2017-01-10 03:49:48 +00:00 · d85763defc
parent 15354d2b3c 938d31810d
commit d85763defc
3 changed files with 8 additions and 2 deletions
--- a/keystoneauth1/session.py
+++ b/keystoneauth1/session.py
@ -200,7 +200,7 @@ class Session(object):
    def _process_header(header):
        """Redacts the secure headers to be logged."""
        secure_headers = ('authorization', 'x-auth-token',
-                          'x-subject-token',)
+                          'x-subject-token', 'x-service-token')
        if header[0].lower() in secure_headers:
            token_hasher = hashlib.sha1()
            token_hasher.update(header[1].encode('utf-8'))
--- a/keystoneauth1/tests/unit/test_session.py
+++ b/keystoneauth1/tests/unit/test_session.py
@ -148,7 +148,8 @@ class SessionTests(utils.TestCase):
        headers = {'HEADERA': 'HEADERVALB'}
        security_headers = {'Authorization': uuid.uuid4().hex,
                            'X-Auth-Token': uuid.uuid4().hex,
-                            'X-Subject-Token': uuid.uuid4().hex, }
+                            'X-Subject-Token': uuid.uuid4().hex,
+                            'X-Service-Token': uuid.uuid4().hex}
        body = 'BODYRESPONSE'
        data = 'BODYDATA'
        all_headers = dict(
--- a/releasenotes/notes/bug-1654847-acdf9543158329ec.yaml
+++ b/releasenotes/notes/bug-1654847-acdf9543158329ec.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    The ``X-Service-Token`` header value is now properly masked, and is
+    displayed as a hash value, in the log.