Do not log password in swift URLs in g-registry
There was a debug level log with the locations added to it. This change fixes the log to not contain that sensitive info. Fixes bug 1348838 Change-Id: I3c5b29616c8d76bed17dbd31a8f4fc7ccd2dd945
This commit is contained in:
parent
ca4e2a1f26
commit
28fdfdbaca
|
@ -462,9 +462,10 @@ class Controller(object):
|
|||
|
||||
purge_props = req.headers.get("X-Glance-Registry-Purge-Props", "false")
|
||||
try:
|
||||
LOG.debug("Updating image %(id)s with metadata: "
|
||||
"%(image_data)r", {'id': id,
|
||||
'image_data': image_data})
|
||||
LOG.debug("Updating image %(id)s with metadata: %(image_data)r",
|
||||
{'id': id,
|
||||
'image_data': dict((k, v) for k, v in image_data.items()
|
||||
if k != 'locations')})
|
||||
image_data = _normalize_image_location_for_db(image_data)
|
||||
if purge_props == "true":
|
||||
purge_props = True
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
import datetime
|
||||
import uuid
|
||||
|
||||
import mock
|
||||
from oslo.config import cfg
|
||||
import routes
|
||||
import six
|
||||
|
@ -1316,6 +1317,37 @@ class TestRegistryAPI(base.IsolatedUnitTest, test_utils.RegistryAPIMixIn):
|
|||
for k, v in six.iteritems(fixture):
|
||||
self.assertEqual(v, res_dict['image'][k])
|
||||
|
||||
@mock.patch.object(rserver.images.LOG, 'debug')
|
||||
def test_update_image_not_log_sensitive_info(self, log_debug):
|
||||
"""
|
||||
Tests that there is no any sensitive info of image location
|
||||
was logged in glance during the image update operation.
|
||||
"""
|
||||
|
||||
def fake_log_debug(fmt_str, image_meta):
|
||||
self.assertNotIn("'locations'", fmt_str % image_meta)
|
||||
|
||||
fixture = {'name': 'fake public image #2',
|
||||
'min_disk': 5,
|
||||
'min_ram': 256,
|
||||
'disk_format': 'raw',
|
||||
'location': 'fake://image'}
|
||||
body = jsonutils.dumps(dict(image=fixture))
|
||||
|
||||
log_debug.side_effect = fake_log_debug
|
||||
|
||||
res = self.get_api_response_ext(200, url='/images/%s' % UUID2,
|
||||
body=body, method='PUT',
|
||||
content_type='json')
|
||||
|
||||
res_dict = jsonutils.loads(res.body)
|
||||
|
||||
self.assertNotEqual(res_dict['image']['created_at'],
|
||||
res_dict['image']['updated_at'])
|
||||
|
||||
for k, v in six.iteritems(fixture):
|
||||
self.assertEqual(v, res_dict['image'][k])
|
||||
|
||||
def test_update_image_not_existing(self):
|
||||
"""
|
||||
Tests proper exception is raised if attempt to update
|
||||
|
|
Loading…
Reference in New Issue