x/python-ganttclient
Code Issues Proposed changes

Strip auth token from log output.

Browse Source 
Fix bug 956777.

This patch updates _safe_log, which is used for rpc debug logs, to not
include auth tokens.

Change-Id: I36bb4233acd356f85b0e6006a6b812a67605b393
This commit is contained in:
Russell Bryant
2012-03-21 16:25:14 -04:00
parent a82e17ff88
commit 66ad27ab9b
2 changed files with 29 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nova/rpc/amqp.py
View File

@@ -185,7 +185,7 @@ def unpack_context(msg):
context_dict[key[9:]] = value
context_dict['msg_id'] = msg.pop('_msg_id', None)
ctx = RpcContext.from_dict(context_dict)
LOG.debug(_('unpacked context: %s'), ctx.to_dict())
rpc_common._safe_log(LOG.debug, _('unpacked context: %s'), ctx.to_dict())
return ctx

41
nova/rpc/common.py
View File

@@ -127,18 +127,33 @@ class Connection(object):
def _safe_log(log_func, msg, msg_data):
"""Sanitizes the msg_data field before logging."""
SANITIZE = {
'set_admin_password': ('new_pass',),
'run_instance': ('admin_password',),
}
method = msg_data['method']
if method in SANITIZE:
msg_data = copy.deepcopy(msg_data)
args_to_sanitize = SANITIZE[method]
for arg in args_to_sanitize:
try:
msg_data['args'][arg] = "<SANITIZED>"
except KeyError:
pass
has_method = 'method' in msg_data
has_context_token = '_context_auth_token' in msg_data
has_token = 'auth_token' in msg_data
if not any([has_method, has_context_token, has_token]):
return log_func(msg, msg_data)
msg_data = copy.deepcopy(msg_data)
if has_method:
SANITIZE = {
'set_admin_password': ('new_pass',),
'run_instance': ('admin_password',),
}
method = msg_data['method']
if method in SANITIZE:
args_to_sanitize = SANITIZE[method]
for arg in args_to_sanitize:
try:
msg_data['args'][arg] = "<SANITIZED>"
except KeyError:
pass
if has_context_token:
msg_data['_context_auth_token'] = '<SANITIZED>'
if has_token:
msg_data['auth_token'] = '<SANITIZED>'
return log_func(msg, msg_data)