Merge "Censoring secrets payload value from debug log"
This commit is contained in:
commit
e6fd8b4e30
|
@ -22,6 +22,14 @@ def filter_null_keys(dictionary):
|
|||
return dict(((k, v) for k, v in dictionary.items() if v is not None))
|
||||
|
||||
|
||||
def censored_copy(data_dict, censor_keys):
|
||||
'''Returns redacted dict copy for censored keys'''
|
||||
if censor_keys is None:
|
||||
censor_keys = []
|
||||
return {k: v if k not in censor_keys else '<redacted>' for k, v in
|
||||
data_dict.items()}
|
||||
|
||||
|
||||
def validate_ref(ref, entity):
|
||||
"""Verifies that there is a real uuid at the end of the uri
|
||||
|
||||
|
|
|
@ -221,7 +221,8 @@ class Container(ContainerFormatter):
|
|||
|
||||
def _get_secrets_and_store_them_if_necessary(self):
|
||||
# Save all secrets if they are not yet saved
|
||||
LOG.debug("Storing secrets: {0}".format(self.secrets))
|
||||
LOG.debug("Storing secrets: {0}".format(base.censored_copy(
|
||||
self.secrets, ['payload'])))
|
||||
secret_refs = []
|
||||
for name, secret in six.iteritems(self.secrets):
|
||||
if secret and not secret.secret_ref:
|
||||
|
|
|
@ -331,8 +331,8 @@ class Secret(SecretFormatter):
|
|||
secret_dict['payload_content_type'] = u'text/plain'
|
||||
|
||||
secret_dict = base.filter_null_keys(secret_dict)
|
||||
|
||||
LOG.debug("Request body: {0}".format(secret_dict))
|
||||
LOG.debug("Request body: {0}".format(base.censored_copy(secret_dict,
|
||||
['payload'])))
|
||||
|
||||
# Save, store secret_ref and return
|
||||
response = self._api.post(self._entity, json=secret_dict)
|
||||
|
|
|
@ -12,3 +12,13 @@ class TestValidateRef(testtools.TestCase):
|
|||
def test_invalid_uuid(self):
|
||||
ref = 'http://localhost/not_a_uuid'
|
||||
self.assertRaises(ValueError, base.validate_ref, ref, 'Thing')
|
||||
|
||||
def test_censored_copy(self):
|
||||
d1 = {'a': '1', 'password': 'my_password', 'payload': 'my_key',
|
||||
'b': '2'}
|
||||
d2 = base.censored_copy(d1, None)
|
||||
self.assertEqual(d1, d2, 'd2 contents are unchanged')
|
||||
self.assertFalse(d1 is d2, 'd1 and d2 are different instances')
|
||||
d3 = base.censored_copy(d1, ['payload'])
|
||||
self.assertNotEqual(d1, d3, 'd3 has redacted payload value')
|
||||
self.assertNotEqual(d3['payload'], 'my_key', 'no key in payload')
|
||||
|
|
Loading…
Reference in New Issue