Mark password/secret options as secret

Password, token, and secret options should be marked as secret=True so that when the value is logged the logger knows to obfuscate the value. Change-Id: I4818c4cc04cc6a4e1e3cf09d5e0b7b4ffefbb892 Closes-Bug: 1534299
2016-01-14 16:43:55 -06:00 · 2016-01-14 16:43:55 -06:00 · fcd9538eaf
commit fcd9538eaf
parent 627fdd0176
3 changed files with 9 additions and 7 deletions
--- a/keystoneauth1/extras/_saml2/_loading.py
+++ b/keystoneauth1/extras/_saml2/_loading.py
@ -28,7 +28,7 @@ class Saml2Password(loading.BaseFederationLoader):
                        help=('An Identity Provider URL, where the SAML2 '
                              'authentication request will be sent.')),
            loading.Opt('username', help='Username'),
-            loading.Opt('password', help='Password')
+            loading.Opt('password', secret=True, help='Password')
        ])

        return options
@ -47,7 +47,7 @@ class ADFSPassword(loading.BaseFederationLoader):
            loading.Opt('service-provider-endpoint',
                        help="Service Provider's Endpoint"),
            loading.Opt('username', help='Username'),
-            loading.Opt('password', help='Password')
+            loading.Opt('password', secret=True, help='Password')
        ])

        return options
--- a/keystoneauth1/loading/_plugins/identity/generic.py
+++ b/keystoneauth1/loading/_plugins/identity/generic.py
@ -24,7 +24,8 @@ class Token(loading.BaseGenericLoader):
        options = super(Token, self).get_options()

        options.extend([
-            loading.Opt('token', help='Token to authenticate with'),
+            loading.Opt('token', secret=True,
+                        help='Token to authenticate with'),
        ])

        return options
@ -46,6 +47,6 @@ class Password(loading.BaseGenericLoader):
                        deprecated=[loading.Opt('username')]),
            loading.Opt('user-domain-id', help="User's domain id"),
            loading.Opt('user-domain-name', help="User's domain name"),
-            loading.Opt('password', help="User's password"),
+            loading.Opt('password', secret=True, help="User's password"),
        ])
        return options
--- a/keystoneauth1/loading/_plugins/identity/v3.py
+++ b/keystoneauth1/loading/_plugins/identity/v3.py
@ -74,7 +74,8 @@ class _OpenIDConnectBase(loading.BaseFederationLoader):

        options.extend([
            loading.Opt('client-id', help='OAuth 2.0 Client ID'),
-            loading.Opt('client-secret', help='OAuth 2.0 Client Secret'),
+            loading.Opt('client-secret', secret=True,
+                        help='OAuth 2.0 Client Secret'),
            loading.Opt('access-token-endpoint',
                        help='OpenID Connect Provider Token Endpoint'),
            loading.Opt('access-token-type',
@ -99,7 +100,7 @@ class OpenIDConnectPassword(_OpenIDConnectBase):

        options.extend([
            loading.Opt('username', help='Username'),
-            loading.Opt('password', help='Password'),
+            loading.Opt('password', secret=True, help='Password'),
            loading.Opt('openid-scope', default="profile",
                        help='OpenID Connect scope that is requested from OP')
        ])
@ -118,7 +119,7 @@ class OpenIDConnectAuthorizationCode(_OpenIDConnectBase):

        options.extend([
            loading.Opt('redirect-uri', help='OpenID Connect Redirect URL'),
-            loading.Opt('authorization-code',
+            loading.Opt('authorization-code', secret=True,
                        help='OAuth 2.0 Authorization Code'),
        ])