openstack/python-cinderclient
Code Issues Proposed changes

Merge "Mask passwords when logging HTTP req/resp bodies"

Browse Source
This commit is contained in:
Jenkins
2016-11-11 21:04:58 +00:00
committed by Gerrit Code Review
parent 160e4e174f 4d78dfaac2
commit c99fb20067
3 changed files with 47 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cinderclient/client.py
View File

@@ -277,10 +277,7 @@ class HTTPClient(object):
string_parts.append(header) string_parts.append(header)
if 'data' in kwargs: if 'data' in kwargs:
if "password" in kwargs['data']: data = strutils.mask_password(kwargs['data'])
data = strutils.mask_password(kwargs['data'])
else:
data = kwargs['data']
string_parts.append(" -d '%s'" % (data)) string_parts.append(" -d '%s'" % (data))
self._logger.debug("\nREQ: %s\n" % "".join(string_parts)) self._logger.debug("\nREQ: %s\n" % "".join(string_parts))
@@ -291,7 +288,7 @@ class HTTPClient(object):
"RESP: [%s] %s\nRESP BODY: %s\n", "RESP: [%s] %s\nRESP BODY: %s\n",
resp.status_code, resp.status_code,
resp.headers, resp.headers,
resp.text) strutils.mask_password(resp.text))
# if service name is None then use service_type for logging # if service name is None then use service_type for logging
service = self.service_name or self.service_type service = self.service_name or self.service_type

44
cinderclient/tests/unit/test_client.py
View File

@@ -18,6 +18,7 @@ import fixtures
from keystoneauth1 import adapter from keystoneauth1 import adapter
from keystoneauth1 import exceptions as keystone_exception from keystoneauth1 import exceptions as keystone_exception
import mock import mock
from oslo_serialization import jsonutils
import six import six
import cinderclient.client import cinderclient.client
@@ -269,3 +270,46 @@ class ClientTestSensitiveInfo(utils.TestCase):
output = self.logger.output.split('\n') output = self.logger.output.split('\n')
self.assertNotIn(secret_auth_token, output[1]) self.assertNotIn(secret_auth_token, output[1])
def test_resp_does_not_log_sensitive_info(self):
self.logger = self.useFixture(
fixtures.FakeLogger(
format="%(message)s",
level=logging.DEBUG,
nuke_handlers=True
)
)
cs = cinderclient.client.HTTPClient("user", None, None,
"http://127.0.0.1:5000")
resp = mock.Mock()
resp.status_code = 200
resp.headers = {
'x-compute-request-id': 'req-f551871a-4950-4225-9b2c-29a14c8f075e'
}
auth_password = "kk4qD6CpKFLyz9JD"
body = {
"connection_info": {
"driver_volume_type": "iscsi",
"data": {
"auth_password": auth_password,
"target_discovered": False,
"encrypted": False,
"qos_specs": None,
"target_iqn": ("iqn.2010-10.org.openstack:volume-"
"a2f33dcc-1bb7-45ba-b8fc-5b38179120f8"),
"target_portal": "10.0.100.186:3260",
"volume_id": "a2f33dcc-1bb7-45ba-b8fc-5b38179120f8",
"target_lun": 1,
"access_mode": "rw",
"auth_username": "s4BfSfZ67Bo2mnpuFWY8",
"auth_method": "CHAP"
}
}
}
resp.text = jsonutils.dumps(body)
cs.http_log_debug = True
cs.http_log_resp(resp)
output = self.logger.output.split('\n')
self.assertIn('***', output[1], output)
self.assertNotIn(auth_password, output[1], output)

1
test-requirements.txt
View File

@@ -16,3 +16,4 @@ tempest>=12.1.0 # Apache-2.0
testtools>=1.4.0 # MIT testtools>=1.4.0 # MIT
testrepository>=0.0.18 # Apache-2.0/BSD testrepository>=0.0.18 # Apache-2.0/BSD
os-testr>=0.8.0 # Apache-2.0 os-testr>=0.8.0 # Apache-2.0
oslo.serialization>=1.10.0 # Apache-2.0