Add 'token' to list of fields to be santized by mask_password

A forthcoming fix to openstack/nova will use this to complete the fix. Change-Id: Ia07ca4b6f42577d45a53749511cfb6af1492678a Partial-Bug: #1492140
2015-09-04 19:36:54 +01:00 · 2015-09-04 19:36:54 +01:00 · 42e6b7b646
commit 42e6b7b646
parent 5f6e724eb1
3 changed files with 15 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -48,4 +48,4 @@ ChangeLog

 # Editors
 *~
-.*.swp
+.*.swp
--- a/oslo_utils/strutils.py
+++ b/oslo_utils/strutils.py
@ -53,7 +53,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+")
 # NOTE(flaper87): The following globals are used by `mask_password`
 _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password',
                  'auth_token', 'new_pass', 'auth_password', 'secret_uuid',
-                  'sys_pswd']
+                  'sys_pswd', 'token']

 # NOTE(ldbragst): Let's build a list of regex objects using the list of
 # _SANITIZE_KEYS we already have. This way, we only have to add the new key
--- a/oslo_utils/tests/test_strutils.py
+++ b/oslo_utils/tests/test_strutils.py
@ -312,6 +312,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase):
        payload = """{ 'secret_uuid' : 'myuuid' }"""
        expected = """{ 'secret_uuid' : '***' }"""
        self.assertEqual(expected, strutils.mask_password(payload))
+        # Test 'token' w/o spaces
+        payload = """{'token':'token'}"""
+        expected = """{'token':'***'}"""
+        self.assertEqual(expected, strutils.mask_password(payload))
+        # Test 'token' with spaces
+        payload = """{ 'token' : 'token' }"""
+        expected = """{ 'token' : '***' }"""
+        self.assertEqual(expected, strutils.mask_password(payload))

    def test_xml(self):
        # Test 'adminPass' w/o spaces
@ -531,6 +539,11 @@ class MaskPasswordTestCase(test_base.BaseTestCase):
        expected = """{'adminPass':'***'}"""
        self.assertEqual(expected, strutils.mask_password(payload))

+        payload = """{'token':'mytoken'}"""
+        payload = six.text_type(payload)
+        expected = """{'token':'***'}"""
+        self.assertEqual(expected, strutils.mask_password(payload))
+
        payload = ("test = 'node.session.auth.password','-v','mypassword',"
                   "'nomask'")
        expected = ("test = 'node.session.auth.password','-v','***',"