Omit X-Subject-Token from log

I213585e691f58e380a4be463b493591f1449422e has omitted x-subject-token
from response log, but clients specify the same token on a request
header on Keystone API and that is output on the log.
Actually the following log is output at the gate:

http://logs.openstack.org/62/581162/2/check/tempest-full/835acee/controller/logs/tempest_log.txt

2018-07-10 00:44:36.563 23617 DEBUG tempest.lib.common.rest_client
  [req-20615e7c-76b6-4f6a-84c2-d3489a755000 ]
  Request - Headers: {'X-Subject-Token': 'gAAAAABbRAF0Lv0N7i4o-5hPjcI
                                          ZYXXKt1cxoo5FPUP_ukWuY_6_-4
                                          S8oRXOkTfgReg0G9GT87Qiw4Gbd..',
                      'X-Auth-Token': '<omitted>'}
  Body: None
  Response - Headers: {u'content-type': 'application/json',
                       u'x-subject-token': '<omitted>',
                       .., 'status': '200'}
  Body:  _log_request_full tempest/lib/common/rest_client.py:434

This makes the log omitted as the same reason.

Change-Id: Iedd36f8feb9784553559ed5c79e7be2012d675f5
This commit is contained in:
Ken'ichi Ohmichi 2018-07-14 02:31:03 +00:00 committed by Ken'ichi Ohmichi
parent 8626ab7d47
commit 2902a7bcd6
2 changed files with 9 additions and 0 deletions

View File

@ -0,0 +1,7 @@
---
security:
- |
The x-subject-token of a response header is ommitted from log,
but clients specify the same token on a request header on
Keystone API and that was not omitted. In this release,
that has been omitted for a security reason.

View File

@ -416,6 +416,8 @@ class RestClient(object):
resp_body=None, extra=None):
if 'X-Auth-Token' in req_headers:
req_headers['X-Auth-Token'] = '<omitted>'
if 'X-Subject-Token' in req_headers:
req_headers['X-Subject-Token'] = '<omitted>'
# A shallow copy is sufficient
resp_log = resp.copy()
if 'x-subject-token' in resp_log: