add comment explaining why we don't want extra values passed to mask_password
We have the same conversation every 6 months or so. Let's document our reasoning here so folks are less likely to waste time adding new arguments to the function and having their patch rejected. Related-Bug: #1407811 Change-Id: I0d0a30a1256ddc34edce6c312abe9a53fa8ac7ae
This commit is contained in:
Doug Hellmann
parent
8f4a701b13
commit
654aed2d42
|
|
@ -212,6 +212,19 @@ def to_slug(value, incoming=None, errors="strict"):
|
|||
return SLUGIFY_HYPHENATE_RE.sub("-", value)
|
||||
|
||||
|
||||
# NOTE(dhellmann): Before submitting a patch to add a new argument to
|
||||
# this function to allow the caller to pass in "extra" or "additional"
|
||||
# or "replacement" patterns to be masked out, please note that we have
|
||||
# discussed that feature many times and always rejected it based on
|
||||
# the desire to have Oslo functions behave consistently across all
|
||||
# projects and *especially* to have security features work the same
|
||||
# way no matter where they are used. If every project adopted its own
|
||||
# set patterns for secret values, it would be very difficult to audit
|
||||
# the logging to ensure that everything is properly masked. So, please
|
||||
# either add your pattern to the module-level variables at the top of
|
||||
# this file or, even better, pick an existing pattern or key to use in
|
||||
# your application to ensure that the value is masked by this
|
||||
# function.
|
||||
def mask_password(message, secret="***"): # nosec
|
||||
"""Replace password with *secret* in message.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue