Don't display passwords when listing overclouds
A quick and dirty workaround to stop displaying passwords when listing overclouds. The proper way to fix this would probably be either to stop storing passwords in Tuskar API or delegate this task to another service. Change-Id: Ibb269e82f24a0cd4a77594ea9374359a0503b636 Closes-Bug: #1308172
This commit is contained in:
parent
514f63eca8
commit
ca24351c63
@ -104,7 +104,8 @@ class Overcloud(Base):
|
||||
counts = [OvercloudRoleCount]
|
||||
|
||||
@classmethod
|
||||
def from_db_model(cls, db_overcloud, skip_fields=None):
|
||||
def from_db_model(cls, db_overcloud, skip_fields=None,
|
||||
mask_passwords=True):
|
||||
# General Data
|
||||
transfer_overcloud = super(Overcloud, cls)\
|
||||
.from_db_model(db_overcloud, skip_fields=['attributes', 'counts'])
|
||||
@ -112,7 +113,15 @@ class Overcloud(Base):
|
||||
# Attributes
|
||||
translated = {}
|
||||
for db_attribute in db_overcloud.attributes:
|
||||
translated[db_attribute.key] = db_attribute.value
|
||||
# FIXME(rpodolyaka): a workaround for bug 1308172. To fix this
|
||||
# properly we should either stop storing passwords in Tuskar API
|
||||
# or delegate this task to another service.
|
||||
if mask_passwords and 'password' in db_attribute.key.lower():
|
||||
value = '******'
|
||||
else:
|
||||
value = db_attribute.value
|
||||
|
||||
translated[db_attribute.key] = value
|
||||
transfer_overcloud.attributes = translated
|
||||
|
||||
# Counts
|
||||
|
@ -298,7 +298,8 @@ class OvercloudsController(rest.RestController):
|
||||
# Will raise a not found if there is no overcloud with the ID
|
||||
result = pecan.request.dbapi.update_overcloud(db_delta)
|
||||
|
||||
updated_overcloud = models.Overcloud.from_db_model(result)
|
||||
updated_overcloud = models.Overcloud.from_db_model(
|
||||
result, mask_passwords=False)
|
||||
|
||||
# FIXME(lsmola) This is just POC of updating a stack
|
||||
# this probably should also have workflow
|
||||
@ -307,7 +308,7 @@ class OvercloudsController(rest.RestController):
|
||||
process_stack(updated_overcloud.attributes, result.counts,
|
||||
get_overcloud_roles_dict())
|
||||
|
||||
return updated_overcloud
|
||||
return models.Overcloud.from_db_model(result)
|
||||
|
||||
@wsme_pecan.wsexpose(None, int, status_code=204)
|
||||
def delete(self, overcloud_id):
|
||||
|
@ -38,7 +38,12 @@ class OvercloudTests(base.TestCase):
|
||||
@mock.patch('tuskar.db.sqlalchemy.api.Connection.get_overclouds')
|
||||
def test_get_all(self, mock_db_get):
|
||||
# Setup
|
||||
fake_results = [db_models.Overcloud(name='foo')]
|
||||
fake_attrs = [
|
||||
db_models.OvercloudAttribute(key='key1', value='value1'),
|
||||
db_models.OvercloudAttribute(key='password', value='secret'),
|
||||
db_models.OvercloudAttribute(key='AdminPassword', value='secret'),
|
||||
]
|
||||
fake_results = [db_models.Overcloud(name='foo', attributes=fake_attrs)]
|
||||
mock_db_get.return_value = fake_results
|
||||
|
||||
# Test
|
||||
@ -50,6 +55,9 @@ class OvercloudTests(base.TestCase):
|
||||
self.assertTrue(isinstance(result, list))
|
||||
self.assertEqual(1, len(result))
|
||||
self.assertEqual(result[0]['name'], 'foo')
|
||||
self.assertEqual(result[0]['attributes']['key1'], 'value1')
|
||||
self.assertEqual(result[0]['attributes']['password'], '******')
|
||||
self.assertEqual(result[0]['attributes']['AdminPassword'], '******')
|
||||
|
||||
mock_db_get.assert_called_once()
|
||||
|
||||
@ -57,7 +65,12 @@ class OvercloudTests(base.TestCase):
|
||||
'Connection.get_overcloud_by_id')
|
||||
def test_get_one(self, mock_db_get):
|
||||
# Setup
|
||||
fake_result = db_models.Overcloud(name='foo')
|
||||
fake_attrs = [
|
||||
db_models.OvercloudAttribute(key='key1', value='value1'),
|
||||
db_models.OvercloudAttribute(key='password', value='secret'),
|
||||
db_models.OvercloudAttribute(key='AdminPassword', value='secret'),
|
||||
]
|
||||
fake_result = db_models.Overcloud(name='foo', attributes=fake_attrs)
|
||||
mock_db_get.return_value = fake_result
|
||||
|
||||
# Test
|
||||
@ -68,6 +81,9 @@ class OvercloudTests(base.TestCase):
|
||||
# Verify
|
||||
self.assertEqual(response.status_int, 200)
|
||||
self.assertEqual(result['name'], 'foo')
|
||||
self.assertEqual(result['attributes']['key1'], 'value1')
|
||||
self.assertEqual(result['attributes']['password'], '******')
|
||||
self.assertEqual(result['attributes']['AdminPassword'], '******')
|
||||
|
||||
mock_db_get.assert_called_once_with(12345)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user