Do not log password in swift URLs in g-registry

There was a debug level log with the locations added to it. This change fixes the log to not contain that sensitive info. Fixes bug 1348838 Conflicts: glance/registry/api/v1/images.py Needed changes for Icehouse: - use fixture.iteritems() instead of six.iteritems(fixture) in unit tests. Change-Id: I3c5b29616c8d76bed17dbd31a8f4fc7ccd2dd945 (cherry picked from commit 28fdfdbaca)
2014-07-30 13:34:32 -04:00 · 2014-07-30 13:34:32 -04:00 · 81ea399c7a
parent f43b1c2612
commit 81ea399c7a
2 changed files with 36 additions and 3 deletions
--- a/glance/registry/api/v1/images.py
+++ b/glance/registry/api/v1/images.py
@ -440,9 +440,10 @@ class Controller(object):

        purge_props = req.headers.get("X-Glance-Registry-Purge-Props", "false")
        try:
-            LOG.debug(_("Updating image %(id)s with metadata: "
-                        "%(image_data)r"), {'id': id,
-                                            'image_data': image_data})
+            LOG.debug("Updating image %(id)s with metadata: %(image_data)r",
+                      {'id': id,
+                       'image_data': dict((k, v) for k, v in image_data.items()
+                                          if k != 'locations')})
            image_data = _normalize_image_location_for_db(image_data)
            if purge_props == "true":
                purge_props = True
--- a/glance/tests/unit/v1/test_registry_api.py
+++ b/glance/tests/unit/v1/test_registry_api.py
@ -18,6 +18,7 @@
 import datetime
 import uuid

+import mock
 from oslo.config import cfg
 import routes
 import webob
@ -1315,6 +1316,37 @@ class TestRegistryAPI(base.IsolatedUnitTest, test_utils.RegistryAPIMixIn):
        for k, v in fixture.iteritems():
            self.assertEqual(v, res_dict['image'][k])

+    @mock.patch.object(rserver.images.LOG, 'debug')
+    def test_update_image_not_log_sensitive_info(self, log_debug):
+        """
+        Tests that there is no any sensitive info of image location
+        was logged in glance during the image update operation.
+        """
+
+        def fake_log_debug(fmt_str, image_meta):
+            self.assertNotIn("'locations'", fmt_str % image_meta)
+
+        fixture = {'name': 'fake public image #2',
+                   'min_disk': 5,
+                   'min_ram': 256,
+                   'disk_format': 'raw',
+                   'location': 'fake://image'}
+        body = jsonutils.dumps(dict(image=fixture))
+
+        log_debug.side_effect = fake_log_debug
+
+        res = self.get_api_response_ext(200, url='/images/%s' % UUID2,
+                                        body=body, method='PUT',
+                                        content_type='json')
+
+        res_dict = jsonutils.loads(res.body)
+
+        self.assertNotEqual(res_dict['image']['created_at'],
+                            res_dict['image']['updated_at'])
+
+        for k, v in fixture.iteritems():
+            self.assertEqual(v, res_dict['image'][k])
+
    def test_update_image_not_existing(self):
        """
        Tests proper exception is raised if attempt to update