From 13c190d62e4c4596339eeee93eb0425cd525d71f Mon Sep 17 00:00:00 2001 From: Matthew Treinish Date: Fri, 4 Oct 2019 10:41:53 -0400 Subject: [PATCH] Add release note for log_req_body kwarg This commit updates the release note from change I7cbd3656463a51d18b4d72f45a324145283fc7eb. That commit was missing a release note for the extra kwarg and concentrated only on the security fix. This commit addresses that oversight. In addition the security note is removed from the release notes because it's not addressing a released security issue, just a short lived one introduced during development of the pending release. Change-Id: Id2d34eb911435e5a1036d0494a7df43eda2ebf0a --- .../fix-credential-logging-98089c897d801355.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/releasenotes/notes/fix-credential-logging-98089c897d801355.yaml b/releasenotes/notes/fix-credential-logging-98089c897d801355.yaml index e06e2e2774..9534a72436 100644 --- a/releasenotes/notes/fix-credential-logging-98089c897d801355.yaml +++ b/releasenotes/notes/fix-credential-logging-98089c897d801355.yaml @@ -1,6 +1,9 @@ --- -security: +features: - | - Recently we moved the logging of API request in rest_client's - raw_request which end up logging the credentials also from - Token client request. This issue has been fixed now. + A new kwarg, ``log_req_body``, was added to the + ``tempest.lib.common.rest_client.RestClient`` method ``raw_request()``. + This kwarg takes in a string which will be used in place of the request + body, which is logged by default. The intent of this option is to be used + for security reasons to avoid logging sensitive information that are part + of request bodies.