diff options
| author | Zhongyue Luo <zhongyue.nah@intel.com> | 2013-07-31 16:46:00 +0800 |
|---|---|---|
| committer | Zhongyue Luo <zhongyue.nah@intel.com> | 2013-08-02 21:26:50 +0900 |
| commit | 3f2f70e0785e11434f6f863ce8eacc1b0ef1782d (patch) | |
| tree | 70644962c44af86aab244e5660efa52780583dba /openstack | |
| parent | 466f1391545d4a01b31b12c5dac1c0d84b0ad2d6 (diff) | |
| download | oslo-3f2f70e0785e11434f6f863ce8eacc1b0ef1782d.tar.gz oslo-3f2f70e0785e11434f6f863ce8eacc1b0ef1782d.tar.xz oslo-3f2f70e0785e11434f6f863ce8eacc1b0ef1782d.zip | |
Helper function to sanitize db url credentials
The database url is sanitized in logfiles because of security issues.
However the connected url itself is useful information to devs and admins.
This patch provides a helper function to sanitize only the credentials
in a database url. All projects must process the CONF.database.connection
value using "sanitize_db_url" when updating the db package
Fixes bug #1076833
Change-Id: Id6cf7b120ef6c3fcda7f33fd26676b62a4475bb2
Diffstat (limited to 'openstack')
| -rw-r--r-- | openstack/common/db/sqlalchemy/session.py | 6 | ||||
| -rw-r--r-- | openstack/common/db/sqlalchemy/utils.py | 11 |
2 files changed, 13 insertions, 4 deletions
diff --git a/openstack/common/db/sqlalchemy/session.py b/openstack/common/db/sqlalchemy/session.py index e83009c..236136e 100644 --- a/openstack/common/db/sqlalchemy/session.py +++ b/openstack/common/db/sqlalchemy/session.py @@ -279,13 +279,11 @@ database_opts = [ deprecated_opts=[cfg.DeprecatedOpt('sql_connection', group='DEFAULT'), cfg.DeprecatedOpt('sql_connection', - group='DATABASE')], - secret=True), + group='DATABASE')]), cfg.StrOpt('slave_connection', default='', help='The SQLAlchemy connection string used to connect to the ' - 'slave database', - secret=True), + 'slave database'), cfg.IntOpt('idle_timeout', default=3600, deprecated_opts=[cfg.DeprecatedOpt('sql_idle_timeout', diff --git a/openstack/common/db/sqlalchemy/utils.py b/openstack/common/db/sqlalchemy/utils.py index caf5569..64edec2 100644 --- a/openstack/common/db/sqlalchemy/utils.py +++ b/openstack/common/db/sqlalchemy/utils.py @@ -18,6 +18,8 @@ # License for the specific language governing permissions and limitations # under the License. +import re + from migrate.changeset import UniqueConstraint import sqlalchemy from sqlalchemy import Boolean @@ -45,6 +47,15 @@ from openstack.common import timeutils LOG = logging.getLogger(__name__) +_DBURL_REGEX = re.compile(r"[^:]+://([^:]+):([^@]+)@.+") + + +def sanitize_db_url(url): + match = _DBURL_REGEX.match(url) + if match: + return '%s****:****%s' % (url[:match.start(1)], url[match.end(2):]) + return url + class InvalidSortKey(Exception): message = _("Sort key supplied was not valid.") |