Merge "Do not log secrets"

2016-01-06 17:09:55 +00:00 · 2016-01-06 17:09:55 +00:00 · 6233309f6c
commit 6233309f6c
parent de1072a323 eeb327b590
2 changed files with 24 additions and 1 deletions
--- a/ironicclient/common/http.py
+++ b/ironicclient/common/http.py
@ -25,6 +25,7 @@ import textwrap
 import time

 from keystoneclient import adapter
+from oslo_utils import strutils
 import six
 import six.moves.urllib.parse as urlparse

@ -265,7 +266,8 @@ class HTTPClient(VersionNegotiationMixin):
            curl.append('-k')

        if 'body' in kwargs:
-            curl.append('-d \'%s\'' % kwargs['body'])
+            body = strutils.mask_password(kwargs['body'])
+            curl.append('-d \'%s\'' % body)

        curl.append(urlparse.urljoin(self.endpoint_trimmed, url))
        LOG.debug(' '.join(curl))
@ -277,6 +279,7 @@ class HTTPClient(VersionNegotiationMixin):
        dump.extend(['%s: %s' % (k, v) for k, v in resp.getheaders()])
        dump.append('')
        if body:
+            body = strutils.mask_password(body)
            dump.extend([body, ''])
        LOG.debug('\n'.join(dump))

--- a/ironicclient/tests/unit/test_http.py
+++ b/ironicclient/tests/unit/test_http.py
@ -449,6 +449,26 @@ class HttpClientTest(utils.BaseTestCase):
        self.assertEqual(200, response.status)
        self.assertEqual(1, mock_negotiate.call_count)

+    @mock.patch.object(http.LOG, 'debug', autospec=True)
+    def test_log_curl_request_mask_password(self, mock_log):
+        client = http.HTTPClient('http://localhost/')
+        kwargs = {'headers': {'foo-header': 'bar-header'},
+                  'body': '{"password": "foo"}'}
+        client.log_curl_request('foo', 'http://127.0.0.1', kwargs)
+        expected_log = ("curl -i -X foo -H 'foo-header: bar-header' "
+                        "-d '{\"password\": \"***\"}' http://127.0.0.1")
+        mock_log.assert_called_once_with(expected_log)
+
+    @mock.patch.object(http.LOG, 'debug', autospec=True)
+    def test_log_http_response_mask_password(self, mock_log):
+        client = http.HTTPClient('http://localhost/')
+        fake_response = utils.FakeResponse({}, version=1, reason='foo',
+                                           status=200)
+        body = '{"password": "foo"}'
+        client.log_http_response(fake_response, body=body)
+        expected_log = ("\nHTTP/0.1 200 foo\n\n{\"password\": \"***\"}\n")
+        mock_log.assert_called_once_with(expected_log)
+

 class SessionClientTest(utils.BaseTestCase):