From 6149e1db3126b46e271798430f4633d1c484ff0f Mon Sep 17 00:00:00 2001 From: Tom Leaman Date: Thu, 27 Mar 2014 10:55:19 +0000 Subject: [PATCH] Remove auth token from http logging This redacts the X-Auth-Token header value from the logs by replacing it with '***'. Change-Id: I6b80cc94d42a44f9db801de78fa23218e6eca0ee --- glanceclient/common/http.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/glanceclient/common/http.py b/glanceclient/common/http.py index 89e921b5..9ee7207c 100644 --- a/glanceclient/common/http.py +++ b/glanceclient/common/http.py @@ -120,6 +120,8 @@ class HTTPClient(object): curl = ['curl -i -X %s' % method] for (key, value) in kwargs['headers'].items(): + if key.lower() == 'x-auth-token': + value = '*' * 3 header = '-H \'%s: %s\'' % (key, value) curl.append(header) @@ -146,7 +148,10 @@ class HTTPClient(object): def log_http_response(resp, body=None): status = (resp.version / 10.0, resp.status, resp.reason) dump = ['\nHTTP/%.1f %s %s' % status] - dump.extend(['%s: %s' % (k, v) for k, v in resp.getheaders()]) + headers = resp.getheaders() + if 'X-Auth-Token' in headers: + headers['X-Auth-Token'] = '*' * 3 + dump.extend(['%s: %s' % (k, v) for k, v in headers]) dump.append('') if body: dump.extend([body, ''])