openstack/osc-lib
Code Issues Proposed changes

Mask passwords in debug logs for auth_config_hook

Browse Source 
The auth config hook can have credentials in it so
we have to mask the config before logging it. To
avoid doing the work of masking the password if we
aren't going to log it, there is a conditional put
around the actual debug statement.

Change-Id: I8e626672ec94fc837610216bccb4354dbdedca17
Closes-Bug: #1630822
This commit is contained in:
Matt Riedemann 2016-10-05 21:17:39 -04:00
parent 1833c66da6
commit 0a82bd7294
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
osc_lib/cli/client_config.py
View File

@ -16,6 +16,8 @@
import logging import logging
from os_client_config import config from os_client_config import config
from oslo_utils import strutils
import six
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -145,7 +147,9 @@ class OSC_Config(config.OpenStackConfig):
config = self._auth_v2_ignore_v3(config) config = self._auth_v2_ignore_v3(config)
config = self._auth_default_domain(config) config = self._auth_default_domain(config)
LOG.debug("auth_config_hook(): %s" % config) if LOG.isEnabledFor(logging.DEBUG):
LOG.debug("auth_config_hook(): %s",
strutils.mask_password(six.text_type(config)))
return config return config
# TODO(dtroyer): un-hackify all of the below when o-c-c 1.21.x is # TODO(dtroyer): un-hackify all of the below when o-c-c 1.21.x is