Mask the token used to allow access to consoles
Hide the novncproxy token from the logs.
When backported this patch needs to be extended to handle the same issue
in the consoleauth service.
Co-Authored-By:paul-carlton2 <paul.carlton2@hp.com>
Co-Authored-By:Tristan Cacqueray <tdecacqu@redhat.com>
Change-Id: I5b8fa4233d297722c3af08176901d12887bae3de
Closes-Bug: #1492140
(cherry picked from commit 26d4047e17
)
This commit is contained in:
parent
a5daa0ddb3
commit
d7826bcd76
|
@ -18,6 +18,7 @@ Websocket proxy that is compatible with OpenStack Nova.
|
|||
Leverages websockify.py by Joel Martin
|
||||
'''
|
||||
|
||||
import copy
|
||||
import socket
|
||||
import sys
|
||||
|
||||
|
@ -220,7 +221,10 @@ class NovaProxyRequestHandlerBase(object):
|
|||
detail = _("Origin header protocol does not match this host.")
|
||||
raise exception.ValidationError(detail=detail)
|
||||
|
||||
self.msg(_('connect info: %s'), str(connect_info))
|
||||
sanitized_info = copy.copy(connect_info)
|
||||
sanitized_info.token = '***'
|
||||
self.msg(_('connect info: %s'), sanitized_info)
|
||||
|
||||
host = connect_info.host
|
||||
port = connect_info.port
|
||||
|
||||
|
|
|
@ -219,6 +219,9 @@ class NovaProxyRequestHandlerBaseTestCase(test.NoDBTestCase):
|
|||
validate.assert_called_with(mock.ANY, "123-456-789")
|
||||
self.wh.socket.assert_called_with('node1', 10000, connect=True)
|
||||
self.wh.do_proxy.assert_called_with('<socket>')
|
||||
# ensure that token is masked when logged
|
||||
connection_info = self.wh.msg.mock_calls[0][1][1]
|
||||
self.assertEqual('***', connection_info.token)
|
||||
|
||||
@mock.patch('nova.console.websocketproxy.NovaProxyRequestHandlerBase.'
|
||||
'_check_console_port')
|
||||
|
|
Loading…
Reference in New Issue