diff options
| author | Zhenzan Zhou <zhenzan.zhou@intel.com> | 2015-01-28 13:10:02 +0800 |
|---|---|---|
| committer | Devananda van der Veen <devananda.vdv@gmail.com> | 2015-02-04 19:35:53 -0800 |
| commit | efb321c71a709a6f5b33d9de62587117f0c29ba3 (patch) | |
| tree | 58dbc896475726d7ebe3aca4a63b72f1511bb4a2 /ironic/common/context.py | |
| parent | 5a5b72718bd7b690d75bd561fb496b25dbc7a535 (diff) | |
| download | ironic-efb321c71a709a6f5b33d9de62587117f0c29ba3.tar.gz | |
Add policy show_password to mask passwords in driver_info
Ironic API already enforces admin role to run node-show. So a new
policy show_password is added to control if plain text passwords
in driver_info should be masked or not before sending back to
API calls. The default is masking password for all cases.
Change-Id: Icd3e6be049376bf7b4468f0c149a72a06643da32
Closes-Bug: #1406191
Diffstat (limited to 'ironic/common/context.py')
| -rw-r--r-- | ironic/common/context.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ironic/common/context.py b/ironic/common/context.py index 52885e629..26ca85d56 100644 --- a/ironic/common/context.py +++ b/ironic/common/context.py @@ -21,7 +21,7 @@ class RequestContext(context.RequestContext): def __init__(self, auth_token=None, domain_id=None, domain_name=None, user=None, tenant=None, is_admin=False, is_public_api=False, read_only=False, show_deleted=False, request_id=None, - roles=None): + roles=None, show_password=True): """Stores several additional request parameters: :param domain_id: The ID of the domain. @@ -29,12 +29,15 @@ class RequestContext(context.RequestContext): :param is_public_api: Specifies whether the request should be processed without authentication. :param roles: List of user's roles if any. + :param show_password: Specifies whether passwords should be masked + before sending back to API call. """ self.is_public_api = is_public_api self.domain_id = domain_id self.domain_name = domain_name self.roles = roles or [] + self.show_password = show_password super(RequestContext, self).__init__(auth_token=auth_token, user=user, tenant=tenant, @@ -54,6 +57,7 @@ class RequestContext(context.RequestContext): 'domain_id': self.domain_id, 'roles': self.roles, 'domain_name': self.domain_name, + 'show_password': self.show_password, 'is_public_api': self.is_public_api} @classmethod |