Add 'secret_uuid' in _SANITIZE_KEYS for strutils

Cinder volume drivers rbd may return connection_info with'secret_uuid', This is an example[1], to avoid secret_uuid to be logged in disk, we should mask its value with "***". [1]https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/rbd.py#L745 Change-Id: I5c9d688126f3dbcebc67162e749da9a34a4bb2b9
2014-12-18 17:00:25 +08:00 · 2014-12-18 17:00:25 +08:00 · 45b470cd60
commit 45b470cd60
parent 2081aa9cde
2 changed files with 9 additions and 1 deletions
--- a/oslo/utils/strutils.py
+++ b/oslo/utils/strutils.py
@ -52,7 +52,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+")

 # NOTE(flaper87): The following globals are used by `mask_password`
 _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password',
-                  'auth_token', 'new_pass', 'auth_password']
+                  'auth_token', 'new_pass', 'auth_password', 'secret_uuid']

 # NOTE(ldbragst): Let's build a list of regex objects using the list of
 # _SANITIZE_KEYS we already have. This way, we only have to add the new key
--- a/tests/test_strutils.py
+++ b/tests/test_strutils.py
@ -304,6 +304,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase):
        payload = """{ 'auth_password' : 'mypassword' }"""
        expected = """{ 'auth_password' : '***' }"""
        self.assertEqual(expected, strutils.mask_password(payload))
+        # Test 'secret_uuid' w/o spaces
+        payload = """{'secret_uuid':'myuuid'}"""
+        expected = """{'secret_uuid':'***'}"""
+        self.assertEqual(expected, strutils.mask_password(payload))
+        # Test 'secret_uuid' with spaces
+        payload = """{ 'secret_uuid' : 'myuuid' }"""
+        expected = """{ 'secret_uuid' : '***' }"""
+        self.assertEqual(expected, strutils.mask_password(payload))

    def test_xml(self):
        # Test 'adminPass' w/o spaces