Mask passwords in utils.trace for func params

The utils.trace helper is logging the args list to the decorated function but is not masking passwords in those args. This change adds a call to mask passwords in the function args list. Change-Id: I79480c6f9c3e3a9a917854139461650780e6e8b4 Closes-Bug: #1640251
2016-11-08 12:55:46 -05:00 · 2016-11-08 12:55:46 -05:00 · 7af307bbe0
commit 7af307bbe0
parent aa2779337c
2 changed files with 29 additions and 1 deletions
--- a/os_brick/tests/test_utils.py
+++ b/os_brick/tests/test_utils.py
@ -269,3 +269,26 @@ class LogTracingTestCase(base.TestCase):
        self.assertEqual(2, mock_log.debug.call_count)
        self.assertIn("'adminPass': '***'",
                      str(mock_log.debug.call_args_list[1]))
    def test_utils_trace_method_with_password_in_formal_params(self):
        mock_logging = self.mock_object(utils, 'logging')
        mock_log = mock.Mock()
        mock_log.isEnabledFor = lambda x: True
        mock_logging.getLogger = mock.Mock(return_value=mock_log)
        @utils.trace
        def _trace_test_method(*args, **kwargs):
            self.assertEqual('verybadpass',
                             kwargs['connection']['data']['auth_password'])
            pass
        connector_properties = {
            'data': {
                'auth_password': 'verybadpass'
            }
        }
        _trace_test_method(self, connection=connector_properties)
        self.assertEqual(2, mock_log.debug.call_count)
        self.assertIn("'auth_password': '***'",
                      str(mock_log.debug.call_args_list[0]))
--- a/os_brick/utils.py
+++ b/os_brick/utils.py
@ -138,7 +138,12 @@ def trace(f):
        all_args = inspect.getcallargs(f, *args, **kwargs)
        logger.debug('==> %(func)s: call %(all_args)r',
-                     {'func': func_name, 'all_args': all_args})
+                     {'func': func_name,
                      # NOTE(mriedem): We have to stringify the dict first
                      # and don't use mask_dict_password because it results in
                      # an infinite recursion failure.
                      'all_args': strutils.mask_password(
                          six.text_type(all_args))})
        start_time = time.time() * 1000
        try: