X-Serivce-Token should be hashed in the log

Currently, logs display the hash values of X-Auth-Token, Authorization, and X-Subject-Token, but not the value of the X-Service-Token. This patch set adds the X-Service-Token to the list of header fields to be hashed for logging purposes. Change-Id: Iaa3a27f4b6c3baf964fa0c71328ffe9df43b2c0a Closes-Bug: #1654847 (cherry picked from commit 56af8c90ec)
2017-01-09 10:31:35 -06:00 · 2017-01-09 10:31:35 -06:00 · 398c8fb516
parent 8f872e9a56
commit 398c8fb516
3 changed files with 8 additions and 2 deletions
--- a/keystoneclient/session.py
+++ b/keystoneclient/session.py
@ -164,7 +164,7 @@ class Session(object):
    def _process_header(header):
        """Redacts the secure headers to be logged."""
        secure_headers = ('authorization', 'x-auth-token',
-                          'x-subject-token',)
+                          'x-subject-token', 'x-service-token')
        if header[0].lower() in secure_headers:
            token_hasher = hashlib.sha1()
            token_hasher.update(header[1].encode('utf-8'))
--- a/keystoneclient/tests/unit/test_session.py
+++ b/keystoneclient/tests/unit/test_session.py
@ -152,7 +152,8 @@ class SessionTests(utils.TestCase):
        headers = {'HEADERA': 'HEADERVALB'}
        security_headers = {'Authorization': uuid.uuid4().hex,
                            'X-Auth-Token': uuid.uuid4().hex,
-                            'X-Subject-Token': uuid.uuid4().hex, }
+                            'X-Subject-Token': uuid.uuid4().hex,
+                            'X-Service-Token': uuid.uuid4().hex}
        body = 'BODYRESPONSE'
        data = 'BODYDATA'
        all_headers = dict(
--- a/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml
+++ b/releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    The ``X-Service-Token`` header value is now properly masked, and is
+    displayed as a hash value, in the log.