From ac8cd1aac084d5724a652589aee8c1133e4d8cf5 Mon Sep 17 00:00:00 2001 From: Roey Chen Date: Wed, 10 May 2017 11:39:18 -0700 Subject: [PATCH] NSXv: Mask passwords when logging debug messages Change-Id: I6e8ce42da8e92defc3c6411204203cb0d4b6a6c0 --- vmware_nsx/plugins/nsx_v/vshield/vcns.py | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/vmware_nsx/plugins/nsx_v/vshield/vcns.py b/vmware_nsx/plugins/nsx_v/vshield/vcns.py index 480bc00e2f..98872b84f1 100644 --- a/vmware_nsx/plugins/nsx_v/vshield/vcns.py +++ b/vmware_nsx/plugins/nsx_v/vshield/vcns.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +import re import time from oslo_config import cfg @@ -122,16 +123,27 @@ class Vcns(object): insecure=insecure) self._nsx_version = None + def _log_request(self, method, uri, body, format): + if format == 'json': + pattern = r'\"password\": [^,}]*' + body = re.sub(pattern, + '"password": "********"', body) + else: + pattern = r'.*?' + body = re.sub(pattern, + '********', body) + LOG.debug("VcnsApiHelper('%(method)s', '%(uri)s', '%(body)s')", { + 'method': method, + 'uri': uri, + 'body': body}) + @retry_upon_exception(exceptions.ServiceConflict) def _client_request(self, client, method, uri, params, headers, encodeParams): return client(method, uri, params, headers, encodeParams) def do_request(self, method, uri, params=None, format='json', **kwargs): - LOG.debug("VcnsApiHelper('%(method)s', '%(uri)s', '%(body)s')", { - 'method': method, - 'uri': uri, - 'body': jsonutils.dumps(params)}) + self._log_request(method, uri, jsonutils.dumps(params), format) headers = kwargs.get('headers') encodeParams = kwargs.get('encode', True) if format == 'json':