Don't display passwords when listing overclouds

A quick and dirty workaround to stop displaying passwords when listing overclouds. The proper way to fix this would probably be either to stop storing passwords in Tuskar API or delegate this task to another service. Change-Id: Ibb269e82f24a0cd4a77594ea9374359a0503b636 Closes-Bug: #1308172
2014-05-21 18:04:14 +03:00 · 2014-05-21 18:04:14 +03:00 · ca24351c63
parent 514f63eca8
commit ca24351c63
3 changed files with 32 additions and 6 deletions
--- a/tuskar/api/controllers/v1/models.py
+++ b/tuskar/api/controllers/v1/models.py
@ -104,7 +104,8 @@ class Overcloud(Base):
    counts = [OvercloudRoleCount]

    @classmethod
-    def from_db_model(cls, db_overcloud, skip_fields=None):
+    def from_db_model(cls, db_overcloud, skip_fields=None,
+                      mask_passwords=True):
        # General Data
        transfer_overcloud = super(Overcloud, cls)\
            .from_db_model(db_overcloud, skip_fields=['attributes', 'counts'])
@ -112,7 +113,15 @@ class Overcloud(Base):
        # Attributes
        translated = {}
        for db_attribute in db_overcloud.attributes:
-            translated[db_attribute.key] = db_attribute.value
+            # FIXME(rpodolyaka): a workaround for bug 1308172. To fix this
+            # properly we should either stop storing passwords in Tuskar API
+            # or delegate this task to another service.
+            if mask_passwords and 'password' in db_attribute.key.lower():
+                value = '******'
+            else:
+                value = db_attribute.value
+
+            translated[db_attribute.key] = value
        transfer_overcloud.attributes = translated

        # Counts
--- a/tuskar/api/controllers/v1/overcloud.py
+++ b/tuskar/api/controllers/v1/overcloud.py
@ -298,7 +298,8 @@ class OvercloudsController(rest.RestController):
        # Will raise a not found if there is no overcloud with the ID
        result = pecan.request.dbapi.update_overcloud(db_delta)

-        updated_overcloud = models.Overcloud.from_db_model(result)
+        updated_overcloud = models.Overcloud.from_db_model(
+            result, mask_passwords=False)

        # FIXME(lsmola) This is just POC of updating a stack
        # this probably should also have workflow
@ -307,7 +308,7 @@ class OvercloudsController(rest.RestController):
        process_stack(updated_overcloud.attributes, result.counts,
                      get_overcloud_roles_dict())

-        return updated_overcloud
+        return models.Overcloud.from_db_model(result)

    @wsme_pecan.wsexpose(None, int, status_code=204)
    def delete(self, overcloud_id):
--- a/tuskar/tests/api/controllers/v1/test_overcloud.py
+++ b/tuskar/tests/api/controllers/v1/test_overcloud.py
@ -38,7 +38,12 @@ class OvercloudTests(base.TestCase):
    @mock.patch('tuskar.db.sqlalchemy.api.Connection.get_overclouds')
    def test_get_all(self, mock_db_get):
        # Setup
-        fake_results = [db_models.Overcloud(name='foo')]
+        fake_attrs = [
+            db_models.OvercloudAttribute(key='key1', value='value1'),
+            db_models.OvercloudAttribute(key='password', value='secret'),
+            db_models.OvercloudAttribute(key='AdminPassword', value='secret'),
+        ]
+        fake_results = [db_models.Overcloud(name='foo', attributes=fake_attrs)]
        mock_db_get.return_value = fake_results

        # Test
@ -50,6 +55,9 @@ class OvercloudTests(base.TestCase):
        self.assertTrue(isinstance(result, list))
        self.assertEqual(1, len(result))
        self.assertEqual(result[0]['name'], 'foo')
+        self.assertEqual(result[0]['attributes']['key1'], 'value1')
+        self.assertEqual(result[0]['attributes']['password'], '******')
+        self.assertEqual(result[0]['attributes']['AdminPassword'], '******')

        mock_db_get.assert_called_once()

@ -57,7 +65,12 @@ class OvercloudTests(base.TestCase):
                'Connection.get_overcloud_by_id')
    def test_get_one(self, mock_db_get):
        # Setup
-        fake_result = db_models.Overcloud(name='foo')
+        fake_attrs = [
+            db_models.OvercloudAttribute(key='key1', value='value1'),
+            db_models.OvercloudAttribute(key='password', value='secret'),
+            db_models.OvercloudAttribute(key='AdminPassword', value='secret'),
+        ]
+        fake_result = db_models.Overcloud(name='foo', attributes=fake_attrs)
        mock_db_get.return_value = fake_result

        # Test
@ -68,6 +81,9 @@ class OvercloudTests(base.TestCase):
        # Verify
        self.assertEqual(response.status_int, 200)
        self.assertEqual(result['name'], 'foo')
+        self.assertEqual(result['attributes']['key1'], 'value1')
+        self.assertEqual(result['attributes']['password'], '******')
+        self.assertEqual(result['attributes']['AdminPassword'], '******')

        mock_db_get.assert_called_once_with(12345)