Mask passwords in utils.trace for func params
The utils.trace helper is logging the args list to the decorated function but is not masking passwords in those args. This change adds a call to mask passwords in the function args list. Change-Id: I79480c6f9c3e3a9a917854139461650780e6e8b4 Closes-Bug: #1640251
This commit is contained in:
parent
aa2779337c
commit
7af307bbe0
@ -269,3 +269,26 @@ class LogTracingTestCase(base.TestCase):
|
||||
self.assertEqual(2, mock_log.debug.call_count)
|
||||
self.assertIn("'adminPass': '***'",
|
||||
str(mock_log.debug.call_args_list[1]))
|
||||
|
||||
def test_utils_trace_method_with_password_in_formal_params(self):
|
||||
mock_logging = self.mock_object(utils, 'logging')
|
||||
mock_log = mock.Mock()
|
||||
mock_log.isEnabledFor = lambda x: True
|
||||
mock_logging.getLogger = mock.Mock(return_value=mock_log)
|
||||
|
||||
@utils.trace
|
||||
def _trace_test_method(*args, **kwargs):
|
||||
self.assertEqual('verybadpass',
|
||||
kwargs['connection']['data']['auth_password'])
|
||||
pass
|
||||
|
||||
connector_properties = {
|
||||
'data': {
|
||||
'auth_password': 'verybadpass'
|
||||
}
|
||||
}
|
||||
_trace_test_method(self, connection=connector_properties)
|
||||
|
||||
self.assertEqual(2, mock_log.debug.call_count)
|
||||
self.assertIn("'auth_password': '***'",
|
||||
str(mock_log.debug.call_args_list[0]))
|
||||
|
@ -138,7 +138,12 @@ def trace(f):
|
||||
|
||||
all_args = inspect.getcallargs(f, *args, **kwargs)
|
||||
logger.debug('==> %(func)s: call %(all_args)r',
|
||||
{'func': func_name, 'all_args': all_args})
|
||||
{'func': func_name,
|
||||
# NOTE(mriedem): We have to stringify the dict first
|
||||
# and don't use mask_dict_password because it results in
|
||||
# an infinite recursion failure.
|
||||
'all_args': strutils.mask_password(
|
||||
six.text_type(all_args))})
|
||||
|
||||
start_time = time.time() * 1000
|
||||
try:
|
||||
|
Loading…
Reference in New Issue
Block a user