Alvaro Lopez Garcia 1de4c66009 Improve masking of secrets in configuration show
The command "configuration show" tries to redact some of the secrets
that are shown on the screen. However, this failed redacting options
that were marked as secrete by the auth plugins (if any) and it redacted
other options that were not redacted at all. For example, when using
the OpenID Connect plugins, it redacted the "access_token_endpoint" as
the word "token" appears there, but it failed to redact "client_secret"
even when this option is marked as secret in the corresponding plugin.

Change-Id: Idfad4fbbe5ddcff5e729e1dcd756d0379ad31dee
2016-06-21 06:56:23 +00:00

86 lines
2.7 KiB
Python

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
import mock
from openstackclient.common import configuration
from openstackclient.tests import fakes
from openstackclient.tests import utils
class TestConfiguration(utils.TestCommand):
columns = (
'auth.password',
'auth.token',
'auth.username',
'identity_api_version',
'region',
)
datalist = (
configuration.REDACTED,
configuration.REDACTED,
fakes.USERNAME,
fakes.VERSION,
fakes.REGION_NAME,
)
opts = [mock.Mock(secret=True, dest="password"),
mock.Mock(secret=True, dest="token")]
@mock.patch("keystoneauth1.loading.base.get_plugin_options",
return_value=opts)
def test_show(self, m_get_plugin_opts):
arglist = []
verifylist = [('mask', True)]
cmd = configuration.ShowConfiguration(self.app, None)
parsed_args = self.check_parser(cmd, arglist, verifylist)
columns, data = cmd.take_action(parsed_args)
self.assertEqual(self.columns, columns)
self.assertEqual(self.datalist, data)
@mock.patch("keystoneauth1.loading.base.get_plugin_options",
return_value=opts)
def test_show_unmask(self, m_get_plugin_opts):
arglist = ['--unmask']
verifylist = [('mask', False)]
cmd = configuration.ShowConfiguration(self.app, None)
parsed_args = self.check_parser(cmd, arglist, verifylist)
columns, data = cmd.take_action(parsed_args)
self.assertEqual(self.columns, columns)
datalist = (
fakes.PASSWORD,
fakes.AUTH_TOKEN,
fakes.USERNAME,
fakes.VERSION,
fakes.REGION_NAME,
)
self.assertEqual(datalist, data)
@mock.patch("keystoneauth1.loading.base.get_plugin_options",
return_value=opts)
def test_show_mask(self, m_get_plugin_opts):
arglist = ['--mask']
verifylist = [('mask', True)]
cmd = configuration.ShowConfiguration(self.app, None)
parsed_args = self.check_parser(cmd, arglist, verifylist)
columns, data = cmd.take_action(parsed_args)
self.assertEqual(self.columns, columns)
self.assertEqual(self.datalist, data)