diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-07-08 18:29:10 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-07-08 18:29:10 +0000 |
| commit | 6b547a7551d7b1ec174fc099d796b4638313630a (patch) | |
| tree | 9720389535612c1951a1b0e887506ad8f64e96b8 /openstack | |
| parent | eb605e8c1e2eacb4cae879a62e046cd0573c124d (diff) | |
| parent | 3006787997fbd4a545e80624cf6075e3297d6fe6 (diff) | |
| download | oslo-6b547a7551d7b1ec174fc099d796b4638313630a.tar.gz oslo-6b547a7551d7b1ec174fc099d796b4638313630a.tar.xz oslo-6b547a7551d7b1ec174fc099d796b4638313630a.zip | |
Merge "Sanitize passwords in _safe_log"
Diffstat (limited to 'openstack')
| -rw-r--r-- | openstack/common/rpc/common.py | 49 |
1 files changed, 14 insertions, 35 deletions
diff --git a/openstack/common/rpc/common.py b/openstack/common/rpc/common.py index 5eacd32..e116e92 100644 --- a/openstack/common/rpc/common.py +++ b/openstack/common/rpc/common.py @@ -261,41 +261,20 @@ class Connection(object): def _safe_log(log_func, msg, msg_data): """Sanitizes the msg_data field before logging.""" - SANITIZE = {'set_admin_password': [('args', 'new_pass')], - 'run_instance': [('args', 'admin_password')], - 'route_message': [('args', 'message', 'args', 'method_info', - 'method_kwargs', 'password'), - ('args', 'message', 'args', 'method_info', - 'method_kwargs', 'admin_password')]} - - has_method = 'method' in msg_data and msg_data['method'] in SANITIZE - has_context_token = '_context_auth_token' in msg_data - has_token = 'auth_token' in msg_data - - if not any([has_method, has_context_token, has_token]): - return log_func(msg, msg_data) - - msg_data = copy.deepcopy(msg_data) - - if has_method: - for arg in SANITIZE.get(msg_data['method'], []): - try: - d = msg_data - for elem in arg[:-1]: - d = d[elem] - d[arg[-1]] = '<SANITIZED>' - except KeyError as e: - LOG.info(_('Failed to sanitize %(item)s. Key error %(err)s'), - {'item': arg, - 'err': e}) - - if has_context_token: - msg_data['_context_auth_token'] = '<SANITIZED>' - - if has_token: - msg_data['auth_token'] = '<SANITIZED>' - - return log_func(msg, msg_data) + SANITIZE = ['_context_auth_token', 'auth_token', 'new_pass'] + + def _fix_passwords(d): + """Sanitizes the password fields in the dictionary.""" + for k in d.iterkeys(): + if k.lower().find('password') != -1: + d[k] = '<SANITIZED>' + elif k.lower() in SANITIZE: + d[k] = '<SANITIZED>' + elif isinstance(d[k], dict): + _fix_passwords(d[k]) + return d + + return log_func(msg, _fix_passwords(copy.deepcopy(msg_data))) def serialize_remote_exception(failure_info, log_failure=True): |