openstack/python-ironicclient
Code Issues Proposed changes

Merge "Do not log secrets"

Browse Source
This commit is contained in:
Jenkins 2016-01-06 17:09:55 +00:00 committed by Gerrit Code Review
commit 6233309f6c
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ironicclient/common/http.py
View File

@ -25,6 +25,7 @@ import textwrap
import time import time
from keystoneclient import adapter from keystoneclient import adapter
from oslo_utils import strutils
import six import six
import six.moves.urllib.parse as urlparse import six.moves.urllib.parse as urlparse
@ -265,7 +266,8 @@ class HTTPClient(VersionNegotiationMixin):
curl.append('-k') curl.append('-k')
if 'body' in kwargs: if 'body' in kwargs:
curl.append('-d \'%s\'' % kwargs['body']) body = strutils.mask_password(kwargs['body'])
curl.append('-d \'%s\'' % body)
curl.append(urlparse.urljoin(self.endpoint_trimmed, url)) curl.append(urlparse.urljoin(self.endpoint_trimmed, url))
LOG.debug(' '.join(curl)) LOG.debug(' '.join(curl))
@ -277,6 +279,7 @@ class HTTPClient(VersionNegotiationMixin):
dump.extend(['%s: %s' % (k, v) for k, v in resp.getheaders()]) dump.extend(['%s: %s' % (k, v) for k, v in resp.getheaders()])
dump.append('') dump.append('')
if body: if body:
body = strutils.mask_password(body)
dump.extend([body, '']) dump.extend([body, ''])
LOG.debug('\n'.join(dump)) LOG.debug('\n'.join(dump))

20
ironicclient/tests/unit/test_http.py
View File

@ -449,6 +449,26 @@ class HttpClientTest(utils.BaseTestCase):
self.assertEqual(200, response.status) self.assertEqual(200, response.status)
self.assertEqual(1, mock_negotiate.call_count) self.assertEqual(1, mock_negotiate.call_count)
@mock.patch.object(http.LOG, 'debug', autospec=True)
def test_log_curl_request_mask_password(self, mock_log):
client = http.HTTPClient('http://localhost/')
kwargs = {'headers': {'foo-header': 'bar-header'},
'body': '{"password": "foo"}'}
client.log_curl_request('foo', 'http://127.0.0.1', kwargs)
expected_log = ("curl -i -X foo -H 'foo-header: bar-header' "
"-d '{\"password\": \"***\"}' http://127.0.0.1")
mock_log.assert_called_once_with(expected_log)
@mock.patch.object(http.LOG, 'debug', autospec=True)
def test_log_http_response_mask_password(self, mock_log):
client = http.HTTPClient('http://localhost/')
fake_response = utils.FakeResponse({}, version=1, reason='foo',
status=200)
body = '{"password": "foo"}'
client.log_http_response(fake_response, body=body)
expected_log = ("\nHTTP/0.1 200 foo\n\n{\"password\": \"***\"}\n")
mock_log.assert_called_once_with(expected_log)
class SessionClientTest(utils.BaseTestCase): class SessionClientTest(utils.BaseTestCase):