From a25c8fab881decff0e61deffe1895f1d99132f9f Mon Sep 17 00:00:00 2001
From: Dougal Matthews <dougal@dougalmatthews.com>
Date: Mon, 11 Nov 2019 12:04:53 +0000
Subject: [PATCH] Mask sensitive data when logging action results

When passwords or other sensible data is returned by a Action, they can
be logged by Mistral. This change uses the password masking
functionality used in mistral-lib and privided by oslo-utils.

This function uses the standard cut_repr method in mistral-lib, which
also means the output is more standardised.

Related-Bug: #1850843
Change-Id: I01bf47f7a83102a1a16b15bf0bbb4021707e11fe
---
 mistral/engine/actions.py | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/mistral/engine/actions.py b/mistral/engine/actions.py
index ef3b865a5..39f01d880 100644
--- a/mistral/engine/actions.py
+++ b/mistral/engine/actions.py
@@ -190,12 +190,6 @@ class Action(object):
     def _log_result(self, prev_state, result):
         state = self.action_ex.state
 
-        def _result_msg():
-            if state == states.ERROR:
-                return "error = %s" % utils.cut(result.error)
-
-            return "result = %s" % utils.cut(result.data)
-
         if prev_state != state:
             wf_trace.info(
                 None,
@@ -205,7 +199,7 @@ class Action(object):
                  self.task_ex.name if self.task_ex else None,
                  prev_state,
                  state,
-                 _result_msg())
+                 result.cut_repr())
             )