Mask the sensitive values in debug log

Change-Id: I0eb11a648c3be21749690f079229c8e63a678e6c Closes-Bug: #1501598
2015-10-06 20:42:40 -07:00 · 2015-10-06 20:42:40 -07:00 · f0a81c284d
parent fce3a080cd
commit f0a81c284d
2 changed files with 10 additions and 4 deletions
--- a/openstackclient/common/clientmanager.py
+++ b/openstackclient/common/clientmanager.py
@ -20,6 +20,7 @@ import logging
 import pkg_resources
 import sys

+from oslo_utils import strutils
 import requests

 from openstackclient.api import auth
@ -167,7 +168,8 @@ class ClientManager(object):
            self._project_name = self._auth_params['tenant_name']

        LOG.info('Using auth plugin: %s' % self.auth_plugin_name)
-        LOG.debug('Using parameters %s' % self._auth_params)
+        LOG.debug('Using parameters %s' %
+                  strutils.mask_password(self._auth_params))
        self.auth = auth_plugin.load_from_options(**self._auth_params)
        # needed by SAML authentication
        request_session = requests.session()
--- a/openstackclient/shell.py
+++ b/openstackclient/shell.py
@ -25,6 +25,7 @@ from cliff import app
 from cliff import command
 from cliff import complete
 from cliff import help
+from oslo_utils import strutils

 import openstackclient
 from openstackclient.common import clientmanager
@ -201,8 +202,10 @@ class OpenStackShell(app.App):

        # Parent __init__ parses argv into self.options
        super(OpenStackShell, self).initialize_app(argv)
-        self.log.info("START with options: %s", self.command_options)
-        self.log.debug("options: %s", self.options)
+        self.log.info("START with options: %s",
+                      strutils.mask_password(self.command_options))
+        self.log.debug("options: %s",
+                       strutils.mask_password(self.options))

        # Set the default plugin to token_endpoint if url and token are given
        if (self.options.url and self.options.token):
@ -246,7 +249,8 @@ class OpenStackShell(app.App):
        self.log_configurator.configure(self.cloud)
        self.dump_stack_trace = self.log_configurator.dump_trace
        self.log.debug("defaults: %s", cc.defaults)
-        self.log.debug("cloud cfg: %s", self.cloud.config)
+        self.log.debug("cloud cfg: %s",
+                       strutils.mask_password(self.cloud.config))

        # Set up client TLS
        # NOTE(dtroyer): --insecure is the non-default condition that