Merge "Mask out passwords when tracing"

2016-08-25 01:41:13 +00:00 · 2016-08-25 01:41:13 +00:00 · 73245770f2
parent 5dfa56d8f4 f8e4f3cdbe
commit 73245770f2
2 changed files with 49 additions and 3 deletions
--- a/os_brick/tests/test_utils.py
+++ b/os_brick/tests/test_utils.py
@ -231,3 +231,41 @@ class LogTracingTestCase(base.TestCase):
        self.assertEqual('OK', result)
        return_log = mock_log.debug.call_args_list[1]
        self.assertIn('2900', str(return_log))
+
+    def test_utils_trace_method_with_password_dict(self):
+        mock_logging = self.mock_object(utils, 'logging')
+        mock_log = mock.Mock()
+        mock_log.isEnabledFor = lambda x: True
+        mock_logging.getLogger = mock.Mock(return_value=mock_log)
+
+        @utils.trace
+        def _trace_test_method(*args, **kwargs):
+            return {'something': 'test',
+                    'password': 'Now you see me'}
+
+        result = _trace_test_method(self)
+        expected_unmasked_dict = {'something': 'test',
+                                  'password': 'Now you see me'}
+
+        self.assertEqual(expected_unmasked_dict, result)
+        self.assertEqual(2, mock_log.debug.call_count)
+        self.assertIn("'password': '***'",
+                      str(mock_log.debug.call_args_list[1]))
+
+    def test_utils_trace_method_with_password_str(self):
+        mock_logging = self.mock_object(utils, 'logging')
+        mock_log = mock.Mock()
+        mock_log.isEnabledFor = lambda x: True
+        mock_logging.getLogger = mock.Mock(return_value=mock_log)
+
+        @utils.trace
+        def _trace_test_method(*args, **kwargs):
+            return "'adminPass': 'Now you see me'"
+
+        result = _trace_test_method(self)
+        expected_unmasked_str = "'adminPass': 'Now you see me'"
+
+        self.assertEqual(expected_unmasked_str, result)
+        self.assertEqual(2, mock_log.debug.call_count)
+        self.assertIn("'adminPass': '***'",
+                      str(mock_log.debug.call_args_list[1]))
--- a/os_brick/utils.py
+++ b/os_brick/utils.py
@ -15,12 +15,13 @@
 import functools
 import inspect
 import logging as py_logging
+import retrying
+import six
 import time

 from oslo_log import log as logging
 from oslo_utils import encodeutils
-import retrying
-import six
+from oslo_utils import strutils

 from os_brick.i18n import _

@ -151,10 +152,17 @@ def trace(f):
            raise
        total_time = int(round(time.time() * 1000)) - start_time

+        if isinstance(result, dict):
+            mask_result = strutils.mask_dict_password(result)
+        elif isinstance(result, six.string_types):
+            mask_result = strutils.mask_password(result)
+        else:
+            mask_result = result
+
        logger.debug('<== %(func)s: return (%(time)dms) %(result)r',
                     {'func': func_name,
                      'time': total_time,
-                      'result': result})
+                      'result': mask_result})
        return result
    return trace_logging_wrapper