Merge "Omit X-Subject-Token from log"

2018-07-20 05:14:31 +00:00 · 2018-07-20 05:14:31 +00:00 · f27b677d22
parent b286ad402e 2902a7bcd6
commit f27b677d22
2 changed files with 9 additions and 0 deletions
--- a/releasenotes/notes/omit_X-Subject-Token_from_log-1bf5fef88c80334b.yaml
+++ b/releasenotes/notes/omit_X-Subject-Token_from_log-1bf5fef88c80334b.yaml
@ -0,0 +1,7 @@
+---
+security:
+  - |
+    The x-subject-token of a response header is ommitted from log,
+    but clients specify the same token on a request header on
+    Keystone API and that was not omitted. In this release,
+    that has been omitted for a security reason.
--- a/tempest/lib/common/rest_client.py
+++ b/tempest/lib/common/rest_client.py
@ -416,6 +416,8 @@ class RestClient(object):
                          resp_body=None, extra=None):
        if 'X-Auth-Token' in req_headers:
            req_headers['X-Auth-Token'] = '<omitted>'
+        if 'X-Subject-Token' in req_headers:
+            req_headers['X-Subject-Token'] = '<omitted>'
        # A shallow copy is sufficient
        resp_log = resp.copy()
        if 'x-subject-token' in resp_log: