openstack/python-openstackclient
Code Issues Proposed changes
6ce1f7730c
python-openstackclient/openstackclient/tests/unit/common/test_configuration.py

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

124 lines
3.8 KiB
Python
Raw Normal View History

Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
Raise flake8-import-order version to latest We had this library capped at a release that is a few years old. Now that we have dropped py2 testing, we can pick up the latest version. This uncovered a few things to clean up. Mostly the fact that mock is now a part of the StdLib unittest since Python 3.3. Change-Id: I27484dd4c25378413ff16e97a35a1a46062357bc Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
2020-01-10 14:21:47 -06:00
from unittest import mock
Improve masking of secrets in configuration show The command "configuration show" tries to redact some of the secrets that are shown on the screen. However, this failed redacting options that were marked as secrete by the auth plugins (if any) and it redacted other options that were not redacted at all. For example, when using the OpenID Connect plugins, it redacted the "access_token_endpoint" as the word "token" appears there, but it failed to redact "client_secret" even when this option is marked as secret in the corresponding plugin. Change-Id: Idfad4fbbe5ddcff5e729e1dcd756d0379ad31dee
2016-06-20 12:37:22 +02:00
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
from openstackclient.common import configuration
move unit tests to new "unit" test module this will better isolate the unit tests from the functional tests. unfortunately, the "integration" tests had to be lumped into the "unit" tests since we need the separation in testr.conf Change-Id: Ifd12198c1f90e4e3c951c73bfa1884ab300d8ded
2016-09-05 22:14:33 -07:00
from openstackclient.tests.unit import fakes
from openstackclient.tests.unit import utils
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
class TestConfiguration(utils.TestCommand):
Changed the abstract columns and datalists from test cases of common and Identity columns and datalist has been set in each test case in compute, which is not necessary. This patch abstract it out and remove all redundant code. Change-Id: I45a3582088161f12e60e7c933da8e7dcc0ae8e7b Closes-Bug: #1532384
2016-01-09 11:39:01 +05:30
columns = (
'auth.password',
'auth.token',
'auth.username',
'identity_api_version',
'region',
)
datalist = (
configuration.REDACTED,
configuration.REDACTED,
fakes.USERNAME,
fakes.VERSION,
fakes.REGION_NAME,
)
config: Also mask non-prefix config The 'config show' command will show information about your current configuration. When using a 'cloud.yaml' file and the 'OS_CLOUD' environment variable, the output of this will look like so: $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | | auth.auth_url | https://example.com:13000 | | auth.password | <redacted> | | auth.project_domain_id | default | | auth.project_id | c73b7097d07c46f78eb4b4dcfbac5ca8 | | auth.project_name | test-project | | auth.user_domain_name | example.com | | auth.username | john-doe | ... All of the 'auth.'-prefixed values are extracted from the corresponding entry in the 'clouds.yaml' file. You'll note that the 'auth.password' value is not shown. Instead, it is masked and replaced with '<redacted>'. However, a 'clouds.yaml' file is not the only way to configure these tools. You can also use old school environment variables. By using an openrc file from Horizon (or the clouds2env tool [1]), we will set various 'OS_'-prefixed environment variables. When you use the 'config show' command with these environment variables set, we will see all of these values appear in the output *without* an 'auth.' prefix. Scanning down we will see the password value is not redacted. $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | ... | password | secret-password | ... This will also happen if using tokens. This is obviously incorrect. These should be masked also. Make it so. This involves enhancing our fake config generation code to generate config that looks like it came from environment variables. Change-Id: I560b928e5e6bcdcd89c409e0678dfc0d0b056c0e Story: 2008816 Task: 42260
2021-10-09 12:05:43 +09:00
opts = [
mock.Mock(secret=True, dest="password"),
mock.Mock(secret=True, dest="token"),
]
Improve masking of secrets in configuration show The command "configuration show" tries to redact some of the secrets that are shown on the screen. However, this failed redacting options that were marked as secrete by the auth plugins (if any) and it redacted other options that were not redacted at all. For example, when using the OpenID Connect plugins, it redacted the "access_token_endpoint" as the word "token" appears there, but it failed to redact "client_secret" even when this option is marked as secret in the corresponding plugin. Change-Id: Idfad4fbbe5ddcff5e729e1dcd756d0379ad31dee
2016-06-20 12:37:22 +02:00
config: Also mask non-prefix config The 'config show' command will show information about your current configuration. When using a 'cloud.yaml' file and the 'OS_CLOUD' environment variable, the output of this will look like so: $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | | auth.auth_url | https://example.com:13000 | | auth.password | <redacted> | | auth.project_domain_id | default | | auth.project_id | c73b7097d07c46f78eb4b4dcfbac5ca8 | | auth.project_name | test-project | | auth.user_domain_name | example.com | | auth.username | john-doe | ... All of the 'auth.'-prefixed values are extracted from the corresponding entry in the 'clouds.yaml' file. You'll note that the 'auth.password' value is not shown. Instead, it is masked and replaced with '<redacted>'. However, a 'clouds.yaml' file is not the only way to configure these tools. You can also use old school environment variables. By using an openrc file from Horizon (or the clouds2env tool [1]), we will set various 'OS_'-prefixed environment variables. When you use the 'config show' command with these environment variables set, we will see all of these values appear in the output *without* an 'auth.' prefix. Scanning down we will see the password value is not redacted. $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | ... | password | secret-password | ... This will also happen if using tokens. This is obviously incorrect. These should be masked also. Make it so. This involves enhancing our fake config generation code to generate config that looks like it came from environment variables. Change-Id: I560b928e5e6bcdcd89c409e0678dfc0d0b056c0e Story: 2008816 Task: 42260
2021-10-09 12:05:43 +09:00
@mock.patch(
"keystoneauth1.loading.base.get_plugin_options", return_value=opts
)
Improve masking of secrets in configuration show The command "configuration show" tries to redact some of the secrets that are shown on the screen. However, this failed redacting options that were marked as secrete by the auth plugins (if any) and it redacted other options that were not redacted at all. For example, when using the OpenID Connect plugins, it redacted the "access_token_endpoint" as the word "token" appears there, but it failed to redact "client_secret" even when this option is marked as secret in the corresponding plugin. Change-Id: Idfad4fbbe5ddcff5e729e1dcd756d0379ad31dee
2016-06-20 12:37:22 +02:00
def test_show(self, m_get_plugin_opts):
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
arglist = []
verifylist = [('mask', True)]
cmd = configuration.ShowConfiguration(self.app, None)
parsed_args = self.check_parser(cmd, arglist, verifylist)
columns, data = cmd.take_action(parsed_args)
Changed the abstract columns and datalists from test cases of common and Identity columns and datalist has been set in each test case in compute, which is not necessary. This patch abstract it out and remove all redundant code. Change-Id: I45a3582088161f12e60e7c933da8e7dcc0ae8e7b Closes-Bug: #1532384
2016-01-09 11:39:01 +05:30
self.assertEqual(self.columns, columns)
self.assertEqual(self.datalist, data)
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
config: Also mask non-prefix config The 'config show' command will show information about your current configuration. When using a 'cloud.yaml' file and the 'OS_CLOUD' environment variable, the output of this will look like so: $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | | auth.auth_url | https://example.com:13000 | | auth.password | <redacted> | | auth.project_domain_id | default | | auth.project_id | c73b7097d07c46f78eb4b4dcfbac5ca8 | | auth.project_name | test-project | | auth.user_domain_name | example.com | | auth.username | john-doe | ... All of the 'auth.'-prefixed values are extracted from the corresponding entry in the 'clouds.yaml' file. You'll note that the 'auth.password' value is not shown. Instead, it is masked and replaced with '<redacted>'. However, a 'clouds.yaml' file is not the only way to configure these tools. You can also use old school environment variables. By using an openrc file from Horizon (or the clouds2env tool [1]), we will set various 'OS_'-prefixed environment variables. When you use the 'config show' command with these environment variables set, we will see all of these values appear in the output *without* an 'auth.' prefix. Scanning down we will see the password value is not redacted. $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | ... | password | secret-password | ... This will also happen if using tokens. This is obviously incorrect. These should be masked also. Make it so. This involves enhancing our fake config generation code to generate config that looks like it came from environment variables. Change-Id: I560b928e5e6bcdcd89c409e0678dfc0d0b056c0e Story: 2008816 Task: 42260
2021-10-09 12:05:43 +09:00
@mock.patch(
"keystoneauth1.loading.base.get_plugin_options", return_value=opts
)
Improve masking of secrets in configuration show The command "configuration show" tries to redact some of the secrets that are shown on the screen. However, this failed redacting options that were marked as secrete by the auth plugins (if any) and it redacted other options that were not redacted at all. For example, when using the OpenID Connect plugins, it redacted the "access_token_endpoint" as the word "token" appears there, but it failed to redact "client_secret" even when this option is marked as secret in the corresponding plugin. Change-Id: Idfad4fbbe5ddcff5e729e1dcd756d0379ad31dee
2016-06-20 12:37:22 +02:00
def test_show_unmask(self, m_get_plugin_opts):
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
arglist = ['--unmask']
verifylist = [('mask', False)]
cmd = configuration.ShowConfiguration(self.app, None)
config: Also mask non-prefix config The 'config show' command will show information about your current configuration. When using a 'cloud.yaml' file and the 'OS_CLOUD' environment variable, the output of this will look like so: $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | | auth.auth_url | https://example.com:13000 | | auth.password | <redacted> | | auth.project_domain_id | default | | auth.project_id | c73b7097d07c46f78eb4b4dcfbac5ca8 | | auth.project_name | test-project | | auth.user_domain_name | example.com | | auth.username | john-doe | ... All of the 'auth.'-prefixed values are extracted from the corresponding entry in the 'clouds.yaml' file. You'll note that the 'auth.password' value is not shown. Instead, it is masked and replaced with '<redacted>'. However, a 'clouds.yaml' file is not the only way to configure these tools. You can also use old school environment variables. By using an openrc file from Horizon (or the clouds2env tool [1]), we will set various 'OS_'-prefixed environment variables. When you use the 'config show' command with these environment variables set, we will see all of these values appear in the output *without* an 'auth.' prefix. Scanning down we will see the password value is not redacted. $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | ... | password | secret-password | ... This will also happen if using tokens. This is obviously incorrect. These should be masked also. Make it so. This involves enhancing our fake config generation code to generate config that looks like it came from environment variables. Change-Id: I560b928e5e6bcdcd89c409e0678dfc0d0b056c0e Story: 2008816 Task: 42260
2021-10-09 12:05:43 +09:00
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
parsed_args = self.check_parser(cmd, arglist, verifylist)
columns, data = cmd.take_action(parsed_args)
Changed the abstract columns and datalists from test cases of common and Identity columns and datalist has been set in each test case in compute, which is not necessary. This patch abstract it out and remove all redundant code. Change-Id: I45a3582088161f12e60e7c933da8e7dcc0ae8e7b Closes-Bug: #1532384
2016-01-09 11:39:01 +05:30
self.assertEqual(self.columns, columns)
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
datalist = (
fakes.PASSWORD,
fakes.AUTH_TOKEN,
fakes.USERNAME,
fakes.VERSION,
fakes.REGION_NAME,
)
Changed the abstract columns and datalists from test cases of common and Identity columns and datalist has been set in each test case in compute, which is not necessary. This patch abstract it out and remove all redundant code. Change-Id: I45a3582088161f12e60e7c933da8e7dcc0ae8e7b Closes-Bug: #1532384
2016-01-09 11:39:01 +05:30
self.assertEqual(datalist, data)
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
config: Also mask non-prefix config The 'config show' command will show information about your current configuration. When using a 'cloud.yaml' file and the 'OS_CLOUD' environment variable, the output of this will look like so: $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | | auth.auth_url | https://example.com:13000 | | auth.password | <redacted> | | auth.project_domain_id | default | | auth.project_id | c73b7097d07c46f78eb4b4dcfbac5ca8 | | auth.project_name | test-project | | auth.user_domain_name | example.com | | auth.username | john-doe | ... All of the 'auth.'-prefixed values are extracted from the corresponding entry in the 'clouds.yaml' file. You'll note that the 'auth.password' value is not shown. Instead, it is masked and replaced with '<redacted>'. However, a 'clouds.yaml' file is not the only way to configure these tools. You can also use old school environment variables. By using an openrc file from Horizon (or the clouds2env tool [1]), we will set various 'OS_'-prefixed environment variables. When you use the 'config show' command with these environment variables set, we will see all of these values appear in the output *without* an 'auth.' prefix. Scanning down we will see the password value is not redacted. $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | ... | password | secret-password | ... This will also happen if using tokens. This is obviously incorrect. These should be masked also. Make it so. This involves enhancing our fake config generation code to generate config that looks like it came from environment variables. Change-Id: I560b928e5e6bcdcd89c409e0678dfc0d0b056c0e Story: 2008816 Task: 42260
2021-10-09 12:05:43 +09:00
@mock.patch(
"keystoneauth1.loading.base.get_plugin_options", return_value=opts
)
def test_show_mask_with_cloud_config(self, m_get_plugin_opts):
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
arglist = ['--mask']
verifylist = [('mask', True)]
config: Also mask non-prefix config The 'config show' command will show information about your current configuration. When using a 'cloud.yaml' file and the 'OS_CLOUD' environment variable, the output of this will look like so: $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | | auth.auth_url | https://example.com:13000 | | auth.password | <redacted> | | auth.project_domain_id | default | | auth.project_id | c73b7097d07c46f78eb4b4dcfbac5ca8 | | auth.project_name | test-project | | auth.user_domain_name | example.com | | auth.username | john-doe | ... All of the 'auth.'-prefixed values are extracted from the corresponding entry in the 'clouds.yaml' file. You'll note that the 'auth.password' value is not shown. Instead, it is masked and replaced with '<redacted>'. However, a 'clouds.yaml' file is not the only way to configure these tools. You can also use old school environment variables. By using an openrc file from Horizon (or the clouds2env tool [1]), we will set various 'OS_'-prefixed environment variables. When you use the 'config show' command with these environment variables set, we will see all of these values appear in the output *without* an 'auth.' prefix. Scanning down we will see the password value is not redacted. $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | ... | password | secret-password | ... This will also happen if using tokens. This is obviously incorrect. These should be masked also. Make it so. This involves enhancing our fake config generation code to generate config that looks like it came from environment variables. Change-Id: I560b928e5e6bcdcd89c409e0678dfc0d0b056c0e Story: 2008816 Task: 42260
2021-10-09 12:05:43 +09:00
self.app.client_manager.configuration_type = "cloud_config"
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
cmd = configuration.ShowConfiguration(self.app, None)
config: Also mask non-prefix config The 'config show' command will show information about your current configuration. When using a 'cloud.yaml' file and the 'OS_CLOUD' environment variable, the output of this will look like so: $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | | auth.auth_url | https://example.com:13000 | | auth.password | <redacted> | | auth.project_domain_id | default | | auth.project_id | c73b7097d07c46f78eb4b4dcfbac5ca8 | | auth.project_name | test-project | | auth.user_domain_name | example.com | | auth.username | john-doe | ... All of the 'auth.'-prefixed values are extracted from the corresponding entry in the 'clouds.yaml' file. You'll note that the 'auth.password' value is not shown. Instead, it is masked and replaced with '<redacted>'. However, a 'clouds.yaml' file is not the only way to configure these tools. You can also use old school environment variables. By using an openrc file from Horizon (or the clouds2env tool [1]), we will set various 'OS_'-prefixed environment variables. When you use the 'config show' command with these environment variables set, we will see all of these values appear in the output *without* an 'auth.' prefix. Scanning down we will see the password value is not redacted. $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | ... | password | secret-password | ... This will also happen if using tokens. This is obviously incorrect. These should be masked also. Make it so. This involves enhancing our fake config generation code to generate config that looks like it came from environment variables. Change-Id: I560b928e5e6bcdcd89c409e0678dfc0d0b056c0e Story: 2008816 Task: 42260
2021-10-09 12:05:43 +09:00
Add configuration show command Create a `configuration show` command that displays the current configuration of the CLI. Different configurations can be displayed using options such as --os-cloud. Passwords and tokens are redacted by default unless the --unmask option is specified. Closes-Bug: #1476729 Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-19 12:15:04 -06:00
parsed_args = self.check_parser(cmd, arglist, verifylist)
columns, data = cmd.take_action(parsed_args)
Changed the abstract columns and datalists from test cases of common and Identity columns and datalist has been set in each test case in compute, which is not necessary. This patch abstract it out and remove all redundant code. Change-Id: I45a3582088161f12e60e7c933da8e7dcc0ae8e7b Closes-Bug: #1532384
2016-01-09 11:39:01 +05:30
self.assertEqual(self.columns, columns)
self.assertEqual(self.datalist, data)
config: Also mask non-prefix config The 'config show' command will show information about your current configuration. When using a 'cloud.yaml' file and the 'OS_CLOUD' environment variable, the output of this will look like so: $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | | auth.auth_url | https://example.com:13000 | | auth.password | <redacted> | | auth.project_domain_id | default | | auth.project_id | c73b7097d07c46f78eb4b4dcfbac5ca8 | | auth.project_name | test-project | | auth.user_domain_name | example.com | | auth.username | john-doe | ... All of the 'auth.'-prefixed values are extracted from the corresponding entry in the 'clouds.yaml' file. You'll note that the 'auth.password' value is not shown. Instead, it is masked and replaced with '<redacted>'. However, a 'clouds.yaml' file is not the only way to configure these tools. You can also use old school environment variables. By using an openrc file from Horizon (or the clouds2env tool [1]), we will set various 'OS_'-prefixed environment variables. When you use the 'config show' command with these environment variables set, we will see all of these values appear in the output *without* an 'auth.' prefix. Scanning down we will see the password value is not redacted. $ openstack config show +---------------------------------------------+----------------------------------+ | Field | Value | +---------------------------------------------+----------------------------------+ | additional_user_agent | [('osc-lib', '2.6.0')] | | api_timeout | None | ... | password | secret-password | ... This will also happen if using tokens. This is obviously incorrect. These should be masked also. Make it so. This involves enhancing our fake config generation code to generate config that looks like it came from environment variables. Change-Id: I560b928e5e6bcdcd89c409e0678dfc0d0b056c0e Story: 2008816 Task: 42260
2021-10-09 12:05:43 +09:00
@mock.patch(
"keystoneauth1.loading.base.get_plugin_options", return_value=opts
)
def test_show_mask_with_global_env(self, m_get_plugin_opts):
arglist = ['--mask']
verifylist = [('mask', True)]
self.app.client_manager.configuration_type = "global_env"
column_list = (
'identity_api_version',
'password',
'region',
'token',
'username',
)
datalist = (
fakes.VERSION,
configuration.REDACTED,
fakes.REGION_NAME,
configuration.REDACTED,
fakes.USERNAME,
)
cmd = configuration.ShowConfiguration(self.app, None)
parsed_args = self.check_parser(cmd, arglist, verifylist)
columns, data = cmd.take_action(parsed_args)
self.assertEqual(column_list, columns)
self.assertEqual(datalist, data)
Copy Permalink