openstack/python-keystoneclient
Code Issues Proposed changes

Mark password/secret options as secret

Browse Source 
Password, token, and secret options should be marked as secret=True
so that when the value is logged the logger knows to obfuscate the
value.

Change-Id: I6ebdfa3bf6faf37bc11640a5826b3b55bb920fc4
Closes-Bug: 1534299
This commit is contained in:
Brant Knudson
2016-01-14 16:22:04 -06:00
parent 977fc4c92c
commit 04f9f33b4b
5 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
keystoneclient/auth/identity/generic/cli.py
View File

@@ -38,6 +38,7 @@ class DefaultCLI(password.Password):
options.extend([cfg.StrOpt('endpoint', options.extend([cfg.StrOpt('endpoint',
help='A URL to use instead of a catalog'), help='A URL to use instead of a catalog'),
cfg.StrOpt('token', cfg.StrOpt('token',
secret=True,
help='Always use the specified token')]) help='Always use the specified token')])
return options return options

2
keystoneclient/auth/identity/generic/password.py
View File

@@ -30,7 +30,7 @@ def get_options():
deprecated_name='user-name'), deprecated_name='user-name'),
cfg.StrOpt('user-domain-id', help="User's domain id"), cfg.StrOpt('user-domain-id', help="User's domain id"),
cfg.StrOpt('user-domain-name', help="User's domain name"), cfg.StrOpt('user-domain-name', help="User's domain name"),
cfg.StrOpt('password', help="User's password"), cfg.StrOpt('password', secret=True, help="User's password"),
] ]

2
keystoneclient/auth/identity/generic/token.py
View File

@@ -24,7 +24,7 @@ LOG = logging.getLogger(__name__)
def get_options(): def get_options():
return [ return [
cfg.StrOpt('token', help='Token to authenticate with'), cfg.StrOpt('token', secret=True, help='Token to authenticate with'),
] ]

5
keystoneclient/contrib/auth/v3/oidc.py
View File

@@ -31,9 +31,10 @@ class OidcPassword(federated.FederatedBaseAuth):
options = super(OidcPassword, cls).get_options() options = super(OidcPassword, cls).get_options()
options.extend([ options.extend([
cfg.StrOpt('username', help='Username'), cfg.StrOpt('username', help='Username'),
cfg.StrOpt('password', help='Password'), cfg.StrOpt('password', secret=True, help='Password'),
cfg.StrOpt('client-id', help='OAuth 2.0 Client ID'), cfg.StrOpt('client-id', help='OAuth 2.0 Client ID'),
cfg.StrOpt('client-secret', help='OAuth 2.0 Client Secret'), cfg.StrOpt('client-secret', secret=True,
help='OAuth 2.0 Client Secret'),
cfg.StrOpt('access-token-endpoint', cfg.StrOpt('access-token-endpoint',
help='OpenID Connect Provider Token Endpoint'), help='OpenID Connect Provider Token Endpoint'),
cfg.StrOpt('scope', default="profile", cfg.StrOpt('scope', default="profile",

2
keystoneclient/contrib/auth/v3/saml2.py
View File

@@ -74,7 +74,7 @@ class _BaseSAMLPlugin(v3.AuthConstructor):
help="Identity Provider's URL"), help="Identity Provider's URL"),
cfg.StrOpt('username', dest='username', help='Username', cfg.StrOpt('username', dest='username', help='Username',
deprecated_name='user-name'), deprecated_name='user-name'),
cfg.StrOpt('password', help='Password') cfg.StrOpt('password', secret=True, help='Password')
]) ])
return options return options