X-Serivce-Token should be hashed in the log
Currently, logs display the hash values of X-Auth-Token,
Authorization, and X-Subject-Token, but not the value of
the X-Service-Token. This patch set adds the X-Service-Token
to the list of header fields to be hashed for logging purposes.
Change-Id: Iaa3a27f4b6c3baf964fa0c71328ffe9df43b2c0a
Closes-Bug: #1654847
(cherry picked from commit 56af8c90ec
)
This commit is contained in:
parent
8f872e9a56
commit
398c8fb516
|
@ -164,7 +164,7 @@ class Session(object):
|
|||
def _process_header(header):
|
||||
"""Redacts the secure headers to be logged."""
|
||||
secure_headers = ('authorization', 'x-auth-token',
|
||||
'x-subject-token',)
|
||||
'x-subject-token', 'x-service-token')
|
||||
if header[0].lower() in secure_headers:
|
||||
token_hasher = hashlib.sha1()
|
||||
token_hasher.update(header[1].encode('utf-8'))
|
||||
|
|
|
@ -152,7 +152,8 @@ class SessionTests(utils.TestCase):
|
|||
headers = {'HEADERA': 'HEADERVALB'}
|
||||
security_headers = {'Authorization': uuid.uuid4().hex,
|
||||
'X-Auth-Token': uuid.uuid4().hex,
|
||||
'X-Subject-Token': uuid.uuid4().hex, }
|
||||
'X-Subject-Token': uuid.uuid4().hex,
|
||||
'X-Service-Token': uuid.uuid4().hex}
|
||||
body = 'BODYRESPONSE'
|
||||
data = 'BODYDATA'
|
||||
all_headers = dict(
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
The ``X-Service-Token`` header value is now properly masked, and is
|
||||
displayed as a hash value, in the log.
|
Loading…
Reference in New Issue