Add 'secret_uuid' in _SANITIZE_KEYS for strutils

Cinder volume drivers rbd may return connection_info with'secret_uuid',
This is an example[1], to avoid secret_uuid to be logged in disk,
we should mask its value with "***".

[1]https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/rbd.py#L745

Change-Id: I5c9d688126f3dbcebc67162e749da9a34a4bb2b9
This commit is contained in:
ChangBo Guo(gcb) 2014-12-18 17:00:25 +08:00
parent 2081aa9cde
commit 45b470cd60
2 changed files with 9 additions and 1 deletions

View File

@ -52,7 +52,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+")
# NOTE(flaper87): The following globals are used by `mask_password` # NOTE(flaper87): The following globals are used by `mask_password`
_SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password', _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password',
'auth_token', 'new_pass', 'auth_password'] 'auth_token', 'new_pass', 'auth_password', 'secret_uuid']
# NOTE(ldbragst): Let's build a list of regex objects using the list of # NOTE(ldbragst): Let's build a list of regex objects using the list of
# _SANITIZE_KEYS we already have. This way, we only have to add the new key # _SANITIZE_KEYS we already have. This way, we only have to add the new key

View File

@ -304,6 +304,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase):
payload = """{ 'auth_password' : 'mypassword' }""" payload = """{ 'auth_password' : 'mypassword' }"""
expected = """{ 'auth_password' : '***' }""" expected = """{ 'auth_password' : '***' }"""
self.assertEqual(expected, strutils.mask_password(payload)) self.assertEqual(expected, strutils.mask_password(payload))
# Test 'secret_uuid' w/o spaces
payload = """{'secret_uuid':'myuuid'}"""
expected = """{'secret_uuid':'***'}"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'secret_uuid' with spaces
payload = """{ 'secret_uuid' : 'myuuid' }"""
expected = """{ 'secret_uuid' : '***' }"""
self.assertEqual(expected, strutils.mask_password(payload))
def test_xml(self): def test_xml(self):
# Test 'adminPass' w/o spaces # Test 'adminPass' w/o spaces