x/python-ganttclient
Code Issues Proposed changes

Strip auth token from log output.

Browse Source 
Fix bug 956777.

This patch updates _safe_log, which is used for rpc debug logs, to not
include auth tokens.

Change-Id: I36bb4233acd356f85b0e6006a6b812a67605b393
This commit is contained in:
Russell Bryant
2012-03-21 16:25:14 -04:00
parent a82e17ff88
commit 66ad27ab9b
2 changed files with 29 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nova/rpc/amqp.py
View File

@@ -185,7 +185,7 @@ def unpack_context(msg):
context_dict[key[9:]] = value context_dict[key[9:]] = value
context_dict['msg_id'] = msg.pop('_msg_id', None) context_dict['msg_id'] = msg.pop('_msg_id', None)
ctx = RpcContext.from_dict(context_dict) ctx = RpcContext.from_dict(context_dict)
LOG.debug(_('unpacked context: %s'), ctx.to_dict()) rpc_common._safe_log(LOG.debug, _('unpacked context: %s'), ctx.to_dict())
return ctx return ctx

41
nova/rpc/common.py
View File

@@ -127,18 +127,33 @@ class Connection(object):
def _safe_log(log_func, msg, msg_data): def _safe_log(log_func, msg, msg_data):
"""Sanitizes the msg_data field before logging.""" """Sanitizes the msg_data field before logging."""
SANITIZE = { has_method = 'method' in msg_data
'set_admin_password': ('new_pass',), has_context_token = '_context_auth_token' in msg_data
'run_instance': ('admin_password',), has_token = 'auth_token' in msg_data
}
method = msg_data['method'] if not any([has_method, has_context_token, has_token]):
if method in SANITIZE: return log_func(msg, msg_data)
msg_data = copy.deepcopy(msg_data)
args_to_sanitize = SANITIZE[method] msg_data = copy.deepcopy(msg_data)
for arg in args_to_sanitize:
try: if has_method:
msg_data['args'][arg] = "<SANITIZED>" SANITIZE = {
except KeyError: 'set_admin_password': ('new_pass',),
pass 'run_instance': ('admin_password',),
}
method = msg_data['method']
if method in SANITIZE:
args_to_sanitize = SANITIZE[method]
for arg in args_to_sanitize:
try:
msg_data['args'][arg] = "<SANITIZED>"
except KeyError:
pass
if has_context_token:
msg_data['_context_auth_token'] = '<SANITIZED>'
if has_token:
msg_data['auth_token'] = '<SANITIZED>'
return log_func(msg, msg_data) return log_func(msg, msg_data)