Merge "Update how tokens are redacted"

author: Jenkins <jenkins@review.openstack.org> 2014-09-16 14:33:54 +0000
committer: Gerrit Code Review <review@openstack.org> 2014-09-16 14:33:54 +0000
commit: 49feed7cba45d8dad75b69cb153196dbad962f2b (patch)
tree: e7a025e1b048c14cbff45da300d7b09a2215a8f5
parent: 9fa62e378e1029db6ef2bea3a8cedf88c93c4f71 (diff)
parent: f980fc549247fa2deb87dfacebc6d8d13ccd45d1 (diff)
download: python-glanceclient-49feed7cba45d8dad75b69cb153196dbad962f2b.tar.gz
2 files changed, 15 insertions, 6 deletions
diff --git a/glanceclient/common/http.py b/glanceclient/common/http.py
index 91193db..44fd5c0 100644
--- a/glanceclient/common/http.py
+++ b/glanceclient/common/http.py
@@ -36,6 +36,7 @@ if not hasattr(parse, 'parse_qsl'):
     parse.parse_qsl = cgi.parse_qsl
 
 from glanceclient.common import https
+from glanceclient.common.utils import safe_header
 from glanceclient import exc
 from glanceclient.openstack.common import importutils
 from glanceclient.openstack.common import network_utils
@@ -95,9 +96,7 @@ class HTTPClient(object):
         headers.update(self.session.headers)
 
         for (key, value) in six.iteritems(headers):
-            if key.lower() == 'x-auth-token':
-                value = '*' * 3
-            header = '-H \'%s: %s\'' % (key, value)
+            header = '-H \'%s: %s\'' % safe_header(key, value)
             curl.append(header)
 
         if not self.session.verify:
@@ -123,9 +122,7 @@ class HTTPClient(object):
         status = (resp.raw.version / 10.0, resp.status_code, resp.reason)
         dump = ['\nHTTP/%.1f %s %s' % status]
         headers = resp.headers.items()
-        if 'X-Auth-Token' in resp.headers:
-            headers['X-Auth-Token'] = '*' * 3
-        dump.extend(['%s: %s' % (k, v) for k, v in headers])
+        dump.extend(['%s: %s' % safe_header(k, v) for k, v in headers])
         dump.append('')
         if body:
             body = strutils.safe_decode(body)
diff --git a/glanceclient/common/utils.py b/glanceclient/common/utils.py
index d1a634e..d40a704 100644
--- a/glanceclient/common/utils.py
+++ b/glanceclient/common/utils.py
@@ -39,6 +39,8 @@ from glanceclient.openstack.common import strutils
 
 _memoized_property_lock = threading.Lock()
 
+SENSITIVE_HEADERS = ('X-Auth-Token', )
+
 
 # Decorator for cli-args
 def arg(*args, **kwargs):
@@ -385,3 +387,13 @@ def memoized_property(fn):
                     setattr(self, attr_name, fn(self))
             return getattr(self, attr_name)
     return _memoized_property
+
+
+def safe_header(name, value):
+    if name in SENSITIVE_HEADERS:
+        v = value.encode('utf-8')
+        h = hashlib.sha1(v)
+        d = h.hexdigest()
+        return name, "{SHA1}%s" % d
+    else:
+        return name, value
author	Jenkins <jenkins@review.openstack.org>	2014-09-16 14:33:54 +0000
committer	Gerrit Code Review <review@openstack.org>	2014-09-16 14:33:54 +0000
commit	49feed7cba45d8dad75b69cb153196dbad962f2b (patch)
tree	e7a025e1b048c14cbff45da300d7b09a2215a8f5
parent	9fa62e378e1029db6ef2bea3a8cedf88c93c4f71 (diff)
parent	f980fc549247fa2deb87dfacebc6d8d13ccd45d1 (diff)
download	python-glanceclient-49feed7cba45d8dad75b69cb153196dbad962f2b.tar.gz