Add 'secret_uuid' in _SANITIZE_KEYS for strutils
Cinder volume drivers rbd may return connection_info with'secret_uuid', This is an example[1], to avoid secret_uuid to be logged in disk, we should mask its value with "***". [1]https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/rbd.py#L745 Change-Id: I5c9d688126f3dbcebc67162e749da9a34a4bb2b9
This commit is contained in:
parent
2081aa9cde
commit
45b470cd60
@ -52,7 +52,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+")
|
|||||||
|
|
||||||
# NOTE(flaper87): The following globals are used by `mask_password`
|
# NOTE(flaper87): The following globals are used by `mask_password`
|
||||||
_SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password',
|
_SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password',
|
||||||
'auth_token', 'new_pass', 'auth_password']
|
'auth_token', 'new_pass', 'auth_password', 'secret_uuid']
|
||||||
|
|
||||||
# NOTE(ldbragst): Let's build a list of regex objects using the list of
|
# NOTE(ldbragst): Let's build a list of regex objects using the list of
|
||||||
# _SANITIZE_KEYS we already have. This way, we only have to add the new key
|
# _SANITIZE_KEYS we already have. This way, we only have to add the new key
|
||||||
|
@ -304,6 +304,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase):
|
|||||||
payload = """{ 'auth_password' : 'mypassword' }"""
|
payload = """{ 'auth_password' : 'mypassword' }"""
|
||||||
expected = """{ 'auth_password' : '***' }"""
|
expected = """{ 'auth_password' : '***' }"""
|
||||||
self.assertEqual(expected, strutils.mask_password(payload))
|
self.assertEqual(expected, strutils.mask_password(payload))
|
||||||
|
# Test 'secret_uuid' w/o spaces
|
||||||
|
payload = """{'secret_uuid':'myuuid'}"""
|
||||||
|
expected = """{'secret_uuid':'***'}"""
|
||||||
|
self.assertEqual(expected, strutils.mask_password(payload))
|
||||||
|
# Test 'secret_uuid' with spaces
|
||||||
|
payload = """{ 'secret_uuid' : 'myuuid' }"""
|
||||||
|
expected = """{ 'secret_uuid' : '***' }"""
|
||||||
|
self.assertEqual(expected, strutils.mask_password(payload))
|
||||||
|
|
||||||
def test_xml(self):
|
def test_xml(self):
|
||||||
# Test 'adminPass' w/o spaces
|
# Test 'adminPass' w/o spaces
|
||||||
|
Loading…
Reference in New Issue
Block a user