openstack/keystoneauth
Code Issues Proposed changes

Mark password/secret options as secret

Browse Source 
Password, token, and secret options should be marked as secret=True
so that when the value is logged the logger knows to obfuscate the
value.

Change-Id: I4818c4cc04cc6a4e1e3cf09d5e0b7b4ffefbb892
Closes-Bug: 1534299
This commit is contained in:
Brant Knudson 2016-01-14 16:43:55 -06:00 committed by Steve Martinelli
parent 627fdd0176
commit fcd9538eaf
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
keystoneauth1/extras/_saml2/_loading.py
View File

@ -28,7 +28,7 @@ class Saml2Password(loading.BaseFederationLoader):
help=('An Identity Provider URL, where the SAML2 ' help=('An Identity Provider URL, where the SAML2 '
'authentication request will be sent.')), 'authentication request will be sent.')),
loading.Opt('username', help='Username'), loading.Opt('username', help='Username'),
loading.Opt('password', help='Password') loading.Opt('password', secret=True, help='Password')
]) ])
return options return options
@ -47,7 +47,7 @@ class ADFSPassword(loading.BaseFederationLoader):
loading.Opt('service-provider-endpoint', loading.Opt('service-provider-endpoint',
help="Service Provider's Endpoint"), help="Service Provider's Endpoint"),
loading.Opt('username', help='Username'), loading.Opt('username', help='Username'),
loading.Opt('password', help='Password') loading.Opt('password', secret=True, help='Password')
]) ])
return options return options

5
keystoneauth1/loading/_plugins/identity/generic.py
View File

@ -24,7 +24,8 @@ class Token(loading.BaseGenericLoader):
options = super(Token, self).get_options() options = super(Token, self).get_options()
options.extend([ options.extend([
loading.Opt('token', help='Token to authenticate with'), loading.Opt('token', secret=True,
help='Token to authenticate with'),
]) ])
return options return options
@ -46,6 +47,6 @@ class Password(loading.BaseGenericLoader):
deprecated=[loading.Opt('username')]), deprecated=[loading.Opt('username')]),
loading.Opt('user-domain-id', help="User's domain id"), loading.Opt('user-domain-id', help="User's domain id"),
loading.Opt('user-domain-name', help="User's domain name"), loading.Opt('user-domain-name', help="User's domain name"),
loading.Opt('password', help="User's password"), loading.Opt('password', secret=True, help="User's password"),
]) ])
return options return options

7
keystoneauth1/loading/_plugins/identity/v3.py
View File

@ -74,7 +74,8 @@ class _OpenIDConnectBase(loading.BaseFederationLoader):
options.extend([ options.extend([
loading.Opt('client-id', help='OAuth 2.0 Client ID'), loading.Opt('client-id', help='OAuth 2.0 Client ID'),
loading.Opt('client-secret', help='OAuth 2.0 Client Secret'), loading.Opt('client-secret', secret=True,
help='OAuth 2.0 Client Secret'),
loading.Opt('access-token-endpoint', loading.Opt('access-token-endpoint',
help='OpenID Connect Provider Token Endpoint'), help='OpenID Connect Provider Token Endpoint'),
loading.Opt('access-token-type', loading.Opt('access-token-type',
@ -99,7 +100,7 @@ class OpenIDConnectPassword(_OpenIDConnectBase):
options.extend([ options.extend([
loading.Opt('username', help='Username'), loading.Opt('username', help='Username'),
loading.Opt('password', help='Password'), loading.Opt('password', secret=True, help='Password'),
loading.Opt('openid-scope', default="profile", loading.Opt('openid-scope', default="profile",
help='OpenID Connect scope that is requested from OP') help='OpenID Connect scope that is requested from OP')
]) ])
@ -118,7 +119,7 @@ class OpenIDConnectAuthorizationCode(_OpenIDConnectBase):
options.extend([ options.extend([
loading.Opt('redirect-uri', help='OpenID Connect Redirect URL'), loading.Opt('redirect-uri', help='OpenID Connect Redirect URL'),
loading.Opt('authorization-code', loading.Opt('authorization-code', secret=True,
help='OAuth 2.0 Authorization Code'), help='OAuth 2.0 Authorization Code'),
]) ])