From 5c9ec48f255721bd38ef0c063abe8887a9368a6f Mon Sep 17 00:00:00 2001
From: Dolph Mathews <dolph.mathews@gmail.com>
Date: Thu, 22 May 2014 08:57:48 -0500
Subject: [PATCH] indicate that sensitive messages can be disabled

Change-Id: I5b52ebe996457f2766939e1a66dbeed3dc5869c4
Closes-Bug: 1322187
---
 keystone/exception.py            |  5 ++++-
 keystone/tests/test_exception.py | 11 ++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/keystone/exception.py b/keystone/exception.py
index 604873d3bc..96aa96dd16 100644
--- a/keystone/exception.py
+++ b/keystone/exception.py
@@ -119,11 +119,14 @@ class PKITokenExpected(Error):
 
 class SecurityError(Error):
     """Avoids exposing details of security failures, unless in debug mode."""
+    amendment = _('(Disable debug mode to suppress these details.)')
 
     def _build_message(self, message, **kwargs):
         """Only returns detailed messages in debug mode."""
         if CONF.debug:
-            return message or self.message_format % kwargs
+            return _('%(message)s %(amendment)s') % {
+                'message': message or self.message_format % kwargs,
+                'amendment': self.amendment}
         else:
             return self.message_format % kwargs
 
diff --git a/keystone/tests/test_exception.py b/keystone/tests/test_exception.py
index 170c488aae..3a64578da2 100644
--- a/keystone/tests/test_exception.py
+++ b/keystone/tests/test_exception.py
@@ -133,7 +133,10 @@ class UnexpectedExceptionTestCase(ExceptionTestCase):
 
         e = subclass(debug_info=self.exc_str)
         expected = subclass.debug_message_format % {'debug_info': self.exc_str}
-        self.assertEqual(expected, six.text_type(e))
+        translated_amendment = six.text_type(exception.SecurityError.amendment)
+        self.assertEqual(
+            expected + six.text_type(' ') + translated_amendment,
+            six.text_type(e))
 
     def test_unexpected_error_custom_message_no_debug(self):
         self.config_fixture.config(debug=False)
@@ -144,8 +147,10 @@ class UnexpectedExceptionTestCase(ExceptionTestCase):
     def test_unexpected_error_custom_message_debug(self):
         self.config_fixture.config(debug=True)
         e = exception.UnexpectedError(self.exc_str)
-        self.assertEqual(self.exc_str,
-                         six.text_type(e))
+        translated_amendment = six.text_type(exception.SecurityError.amendment)
+        self.assertEqual(
+            self.exc_str + six.text_type(' ') + translated_amendment,
+            six.text_type(e))
 
 
 class SecurityErrorTestCase(ExceptionTestCase):