Merge "Mask passwords in debug log on user password operations" into stable/juno
This commit is contained in:
commit
1a3365bfa5
|
@ -25,6 +25,7 @@ from keystone import exception
|
|||
from keystone.i18n import _
|
||||
from keystone.models import token_model
|
||||
from keystone.openstack.common import log
|
||||
from keystone.openstack.common import strutils
|
||||
|
||||
|
||||
LOG = log.getLogger(__name__)
|
||||
|
@ -50,9 +51,12 @@ def v2_deprecated(f):
|
|||
|
||||
|
||||
def _build_policy_check_credentials(self, action, context, kwargs):
|
||||
kwargs_str = ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])
|
||||
kwargs_str = strutils.mask_password(kwargs_str)
|
||||
|
||||
LOG.debug('RBAC: Authorizing %(action)s(%(kwargs)s)', {
|
||||
'action': action,
|
||||
'kwargs': ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])})
|
||||
'kwargs': kwargs_str})
|
||||
|
||||
# see if auth context has already been created. If so use it.
|
||||
if ('environment' in context and
|
||||
|
|
|
@ -1662,8 +1662,6 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||
def test_create_user_password_not_logged(self):
|
||||
# When a user is created, the password isn't logged at any level.
|
||||
|
||||
# FIXME(blk-u): This doesn't work as expected, see bug 1465922
|
||||
|
||||
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
|
||||
|
||||
ref = self.new_user_ref(domain_id=self.domain_id)
|
||||
|
@ -1671,15 +1669,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||
'/users',
|
||||
body={'user': ref})
|
||||
|
||||
# This should be assert*Not*In, see bug 1465922
|
||||
self.assertIn(ref['password'], log_fix.output)
|
||||
self.assertNotIn(ref['password'], log_fix.output)
|
||||
|
||||
def test_update_password_not_logged(self):
|
||||
# When admin modifies user password, the password isn't logged at any
|
||||
# level.
|
||||
|
||||
# FIXME(blk-u): This doesn't work as expected, see bug 1465922
|
||||
|
||||
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
|
||||
|
||||
# bootstrap a user as admin
|
||||
|
@ -1694,9 +1689,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||
expected_status=200)
|
||||
|
||||
self.assertNotIn(password, log_fix.output)
|
||||
|
||||
# This should be assert*Not*In, see bug 1465922
|
||||
self.assertIn(new_password, log_fix.output)
|
||||
self.assertNotIn(new_password, log_fix.output)
|
||||
|
||||
|
||||
class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
|
||||
|
@ -2346,8 +2339,6 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
|
|||
# When a user changes their password, the password isn't logged at any
|
||||
# level.
|
||||
|
||||
# FIXME(blk-u): This doesn't work as expected, see bug 1465922
|
||||
|
||||
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
|
||||
|
||||
# change password
|
||||
|
@ -2356,6 +2347,5 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
|
|||
original_password=self.user_ref['password'],
|
||||
expected_status=204)
|
||||
|
||||
# These should be assert*Not*In, see bug 1465922
|
||||
self.assertIn(self.user_ref['password'], log_fix.output)
|
||||
self.assertIn(new_password, log_fix.output)
|
||||
self.assertNotIn(self.user_ref['password'], log_fix.output)
|
||||
self.assertNotIn(new_password, log_fix.output)
|
||||
|
|
Loading…
Reference in New Issue