Merge "Make keystoneclient not log auth tokens"

2014-03-09 19:45:59 +00:00
parent 66ee065d4c a76bcfdd8e
commit f44f59217e
1 changed files with 14 additions and 17 deletions
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -570,7 +570,7 @@ class AuthProtocol(object):
                    versions.append(version['id'])
            except KeyError:
                self.LOG.error(
-                    'Invalid version response format from server', data)
+                    'Invalid version response format from server')
                raise ServiceError('Unable to parse version response '
                                   'from keystone')
@@ -811,6 +811,7 @@ class AuthProtocol(object):
                "Unexpected response from keystone service: %s", data)
            raise ServiceError('invalid json response')
        except (ValueError):
            data['access']['token']['id'] = '<SANITIZED>'
            self.LOG.warn(
                "Unable to parse expiration time from token: %s", data)
            raise ServiceError('invalid json response')
@@ -843,13 +844,13 @@ class AuthProtocol(object):
            return data
        except NetworkError:
            self.LOG.debug('Token validation failure.', exc_info=True)
-            self.LOG.warn("Authorization failed for token %s", token_id)
+            self.LOG.warn("Authorization failed for token")
            raise InvalidUserToken('Token authorization failed')
        except Exception:
            self.LOG.debug('Token validation failure.', exc_info=True)
            if token_id:
                self._cache_store_invalid(token_id)
-            self.LOG.warn("Authorization failed for token %s", token_id)
+            self.LOG.warn("Authorization failed for token")
            raise InvalidUserToken('Token authorization failed')
    def _build_user_headers(self, token_info):
@@ -1031,8 +1032,7 @@ class AuthProtocol(object):
                serialized = serialized.decode('utf-8')
            cached = jsonutils.loads(serialized)
            if cached == 'invalid':
-                self.LOG.debug('Cached Token %s is marked unauthorized',
+                self.LOG.debug('Cached Token is marked unauthorized')
                               token_id)
                raise InvalidUserToken('Token authorization failed')
            data, expires = cached
@@ -1048,10 +1048,10 @@ class AuthProtocol(object):
            expires = timeutils.normalize_time(expires)
            utcnow = timeutils.utcnow()
            if ignore_expires or utcnow < expires:
-                self.LOG.debug('Returning cached token %s', token_id)
+                self.LOG.debug('Returning cached token')
                return data
            else:
-                self.LOG.debug('Cached Token %s seems expired', token_id)
+                self.LOG.debug('Cached Token seems expired')
    def _cache_store(self, token_id, data):
        """Store value into memcache.
@@ -1160,14 +1160,14 @@ class AuthProtocol(object):
        """
        if self._cache:
-            self.LOG.debug('Storing %s token in memcache', token_id)
+            self.LOG.debug('Storing token in memcache')
            self._cache_store(token_id, (data, expires))
    def _cache_store_invalid(self, token_id):
        """Store invalid token in cache."""
        if self._cache:
            self.LOG.debug(
-                'Marking token %s as unauthorized in memcache', token_id)
+                'Marking token as unauthorized in memcache')
            self._cache_store(token_id, 'invalid')
    def cert_file_missing(self, proc_output, file_name):
@@ -1210,11 +1210,11 @@ class AuthProtocol(object):
        if response.status_code == 200:
            return data
        if response.status_code == 404:
-            self.LOG.warn("Authorization failed for token %s", user_token)
+            self.LOG.warn("Authorization failed for token")
            raise InvalidUserToken('Token authorization failed')
        if response.status_code == 401:
            self.LOG.info(
-                'Keystone rejected admin token %s, resetting', headers)
+                'Keystone rejected admin token, resetting')
            self.admin_token = None
        else:
            self.LOG.error('Bad response code while validating token: %s',
@@ -1223,8 +1223,7 @@ class AuthProtocol(object):
            self.LOG.info('Retrying validation')
            return self._validate_user_token(user_token, env, False)
        else:
-            self.LOG.warn("Invalid user token: %s. Keystone response: %s.",
+            self.LOG.warn("Invalid user token. Keystone response: %s", data)
                          user_token, data)
            raise InvalidUserToken()
@@ -1240,8 +1239,7 @@ class AuthProtocol(object):
        token_id = utils.hash_signed_token(signed_text)
        for revoked_id in revoked_ids:
            if token_id == revoked_id:
-                self.LOG.debug('Token %s is marked as having been revoked',
+                self.LOG.debug('Token is marked as having been revoked')
                               token_id)
                return True
        return False
@@ -1365,8 +1363,7 @@ class AuthProtocol(object):
        if response.status_code == 401:
            if retry:
                self.LOG.info(
-                    'Keystone rejected admin token %s, resetting admin token',
+                    'Keystone rejected admin token, resetting admin token')
                    headers)
                self.admin_token = None
                return self.fetch_revocation_list(retry=False)
        if response.status_code != 200: