Mask passwords in debug logs for auth_config_hook

The auth config hook can have credentials in it so
we have to mask the config before logging it. To
avoid doing the work of masking the password if we
aren't going to log it, there is a conditional put
around the actual debug statement.

Conflicts:
        openstackclient/common/client_config.py

NOTE(mriedem): The conflict was due to imports.

Change-Id: I8e626672ec94fc837610216bccb4354dbdedca17
Closes-Bug: #1630822
(cherry picked from commit cd1a412408)

openstackclient/common/client_config.py

@@ -16,6 +16,8 @@
 import logging
 
 from os_client_config import config
+from oslo_utils import strutils
+import six
 
 
 LOG = logging.getLogger(__name__)
@@ -179,7 +181,9 @@ class OSC_Config(config.OpenStackConfig):
         config = self._auth_v2_ignore_v3(config)
         config = self._auth_default_domain(config)
 
-        LOG.debug("auth_config_hook(): %s" % config)
+        if LOG.isEnabledFor(logging.DEBUG):
+            LOG.debug("auth_config_hook(): %s",
+                      strutils.mask_password(six.text_type(config)))
         return config
 
     def _validate_auth_ksc(self, config, cloud, fixed_argparse=None):