Mark password/secret options as secret

Password, token, and secret options should be marked as secret=True so that when the value is logged the logger knows to obfuscate the value. Change-Id: I6ebdfa3bf6faf37bc11640a5826b3b55bb920fc4 Closes-Bug: 1534299
2016-01-14 16:22:04 -06:00
parent 977fc4c92c
commit 04f9f33b4b
5 changed files with 7 additions and 5 deletions
--- a/keystoneclient/auth/identity/generic/cli.py
+++ b/keystoneclient/auth/identity/generic/cli.py
@@ -38,6 +38,7 @@ class DefaultCLI(password.Password):
        options.extend([cfg.StrOpt('endpoint',
                                   help='A URL to use instead of a catalog'),
                        cfg.StrOpt('token',
+                                   secret=True,
                                   help='Always use the specified token')])
        return options

--- a/keystoneclient/auth/identity/generic/password.py
+++ b/keystoneclient/auth/identity/generic/password.py
@@ -30,7 +30,7 @@ def get_options():
                   deprecated_name='user-name'),
        cfg.StrOpt('user-domain-id', help="User's domain id"),
        cfg.StrOpt('user-domain-name', help="User's domain name"),
-        cfg.StrOpt('password', help="User's password"),
+        cfg.StrOpt('password', secret=True, help="User's password"),
    ]


--- a/keystoneclient/auth/identity/generic/token.py
+++ b/keystoneclient/auth/identity/generic/token.py
@@ -24,7 +24,7 @@ LOG = logging.getLogger(__name__)

 def get_options():
    return [
-        cfg.StrOpt('token', help='Token to authenticate with'),
+        cfg.StrOpt('token', secret=True, help='Token to authenticate with'),
    ]


--- a/keystoneclient/contrib/auth/v3/oidc.py
+++ b/keystoneclient/contrib/auth/v3/oidc.py
@@ -31,9 +31,10 @@ class OidcPassword(federated.FederatedBaseAuth):
        options = super(OidcPassword, cls).get_options()
        options.extend([
            cfg.StrOpt('username', help='Username'),
-            cfg.StrOpt('password', help='Password'),
+            cfg.StrOpt('password', secret=True, help='Password'),
            cfg.StrOpt('client-id', help='OAuth 2.0 Client ID'),
-            cfg.StrOpt('client-secret', help='OAuth 2.0 Client Secret'),
+            cfg.StrOpt('client-secret', secret=True,
+                       help='OAuth 2.0 Client Secret'),
            cfg.StrOpt('access-token-endpoint',
                       help='OpenID Connect Provider Token Endpoint'),
            cfg.StrOpt('scope', default="profile",
--- a/keystoneclient/contrib/auth/v3/saml2.py
+++ b/keystoneclient/contrib/auth/v3/saml2.py
@@ -74,7 +74,7 @@ class _BaseSAMLPlugin(v3.AuthConstructor):
                       help="Identity Provider's URL"),
            cfg.StrOpt('username', dest='username', help='Username',
                       deprecated_name='user-name'),
-            cfg.StrOpt('password', help='Password')
+            cfg.StrOpt('password', secret=True, help='Password')
        ])
        return options