remove token from notifier middleware

oslo-incubator sync to address the security bug
in middleware (as below).

notifier middleware is capturing token and sending it to MQ. this
is not advisable so we should filter it out.

Change-Id: Ia1bfa1bd24989681db1d2f385defc12e69a01f8d
Closes-Bug: #1321080

2 files changed, 2 insertions, 2 deletions

diff --git a/ceilometer/openstack/common/middleware/audit.py b/ceilometer/openstack/common/middleware/audit.py
index 1bda8d11..bb69e313 100644
--- a/ceilometer/openstack/common/middleware/audit.py
+++ b/ceilometer/openstack/common/middleware/audit.py
@@ -1,6 +1,6 @@
 # vim: tabstop=4 shiftwidth=4 softtabstop=4
 
-# Copyright (c) 2013 OpenStack LLC.
+# Copyright (c) 2013 OpenStack Foundation
 # All Rights Reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/ceilometer/openstack/common/middleware/notifier.py b/ceilometer/openstack/common/middleware/notifier.py
index ab744ff0..8006fe74 100644
--- a/ceilometer/openstack/common/middleware/notifier.py
+++ b/ceilometer/openstack/common/middleware/notifier.py
@@ -66,7 +66,7 @@ class RequestNotifier(base.Middleware):
 
         """
         return dict((k, v) for k, v in environ.iteritems()
-                    if k.isupper())
+                    if k.isupper() and k != 'HTTP_X_AUTH_TOKEN')
 
     @log_and_ignore_error
     def process_request(self, request):