Use log debug instead of warning

Setting the default project is merely provided for convenience, does not need exist project and grant any actual authorization on it, This shouldn't be a warning. At the same time, if the log message exposes to the users, they know the identity authentication has already passed and the used password is valid, which could be useful to an attacker. Log warnings is not necessarily as locked down as debug log, I think this would be fine as a debug log. Change-Id: I85ed00ad3d08ed52b159d4da1526a006d72d9677
2017-07-04 00:35:20 +08:00 · 2017-07-04 00:35:20 +08:00 · 3fbdadafe7
parent bebd7056ad
commit 3fbdadafe7
1 changed files with 8 additions and 8 deletions
--- a/keystone/auth/controllers.py
+++ b/keystone/auth/controllers.py
@ -199,24 +199,24 @@ class Auth(controller.V3Controller):
                           " default project %(project_id)s. The token"
                           " will be unscoped rather than scoped to the"
                           " project.")
-                    LOG.warning(msg,
-                                {'user_id': user_ref['id'],
-                                 'project_id': default_project_id})
+                    LOG.debug(msg,
+                              {'user_id': user_ref['id'],
+                               'project_id': default_project_id})
            else:
                msg = ("User %(user_id)s's default project %(project_id)s"
                       " is disabled. The token will be unscoped rather"
                       " than scoped to the project.")
-                LOG.warning(msg,
-                            {'user_id': user_ref['id'],
-                             'project_id': default_project_id})
+                LOG.debug(msg,
+                          {'user_id': user_ref['id'],
+                           'project_id': default_project_id})
        except (exception.ProjectNotFound, exception.DomainNotFound):
            # default project or default project domain doesn't exist,
            # will issue unscoped token instead
            msg = ("User %(user_id)s's default project %(project_id)s not"
                   " found. The token will be unscoped rather than"
                   " scoped to the project.")
-            LOG.warning(msg, {'user_id': user_ref['id'],
-                              'project_id': default_project_id})
+            LOG.debug(msg, {'user_id': user_ref['id'],
+                            'project_id': default_project_id})

    def authenticate(self, request, auth_info, auth_context):
        """Authenticate user."""