From 45b470cd60f1a121cfa08ff20e72e3f07d62a11a Mon Sep 17 00:00:00 2001 From: "ChangBo Guo(gcb)" Date: Thu, 18 Dec 2014 17:00:25 +0800 Subject: [PATCH] Add 'secret_uuid' in _SANITIZE_KEYS for strutils Cinder volume drivers rbd may return connection_info with'secret_uuid', This is an example[1], to avoid secret_uuid to be logged in disk, we should mask its value with "***". [1]https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/rbd.py#L745 Change-Id: I5c9d688126f3dbcebc67162e749da9a34a4bb2b9 --- oslo/utils/strutils.py | 2 +- tests/test_strutils.py | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/oslo/utils/strutils.py b/oslo/utils/strutils.py index c6f5d476..a82a4dbf 100644 --- a/oslo/utils/strutils.py +++ b/oslo/utils/strutils.py @@ -52,7 +52,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+") # NOTE(flaper87): The following globals are used by `mask_password` _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password', - 'auth_token', 'new_pass', 'auth_password'] + 'auth_token', 'new_pass', 'auth_password', 'secret_uuid'] # NOTE(ldbragst): Let's build a list of regex objects using the list of # _SANITIZE_KEYS we already have. This way, we only have to add the new key diff --git a/tests/test_strutils.py b/tests/test_strutils.py index 2437b4c7..1ac80f9b 100644 --- a/tests/test_strutils.py +++ b/tests/test_strutils.py @@ -304,6 +304,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase): payload = """{ 'auth_password' : 'mypassword' }""" expected = """{ 'auth_password' : '***' }""" self.assertEqual(expected, strutils.mask_password(payload)) + # Test 'secret_uuid' w/o spaces + payload = """{'secret_uuid':'myuuid'}""" + expected = """{'secret_uuid':'***'}""" + self.assertEqual(expected, strutils.mask_password(payload)) + # Test 'secret_uuid' with spaces + payload = """{ 'secret_uuid' : 'myuuid' }""" + expected = """{ 'secret_uuid' : '***' }""" + self.assertEqual(expected, strutils.mask_password(payload)) def test_xml(self): # Test 'adminPass' w/o spaces