diff options
author | Jenkins <jenkins@review.openstack.org> | 2014-09-16 14:33:54 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2014-09-16 14:33:54 +0000 |
commit | 49feed7cba45d8dad75b69cb153196dbad962f2b (patch) | |
tree | e7a025e1b048c14cbff45da300d7b09a2215a8f5 | |
parent | 9fa62e378e1029db6ef2bea3a8cedf88c93c4f71 (diff) | |
parent | f980fc549247fa2deb87dfacebc6d8d13ccd45d1 (diff) | |
download | python-glanceclient-49feed7cba45d8dad75b69cb153196dbad962f2b.tar.gz |
Merge "Update how tokens are redacted"
-rw-r--r-- | glanceclient/common/http.py | 9 | ||||
-rw-r--r-- | glanceclient/common/utils.py | 12 |
2 files changed, 15 insertions, 6 deletions
diff --git a/glanceclient/common/http.py b/glanceclient/common/http.py index 91193db..44fd5c0 100644 --- a/glanceclient/common/http.py +++ b/glanceclient/common/http.py @@ -36,6 +36,7 @@ if not hasattr(parse, 'parse_qsl'): parse.parse_qsl = cgi.parse_qsl from glanceclient.common import https +from glanceclient.common.utils import safe_header from glanceclient import exc from glanceclient.openstack.common import importutils from glanceclient.openstack.common import network_utils @@ -95,9 +96,7 @@ class HTTPClient(object): headers.update(self.session.headers) for (key, value) in six.iteritems(headers): - if key.lower() == 'x-auth-token': - value = '*' * 3 - header = '-H \'%s: %s\'' % (key, value) + header = '-H \'%s: %s\'' % safe_header(key, value) curl.append(header) if not self.session.verify: @@ -123,9 +122,7 @@ class HTTPClient(object): status = (resp.raw.version / 10.0, resp.status_code, resp.reason) dump = ['\nHTTP/%.1f %s %s' % status] headers = resp.headers.items() - if 'X-Auth-Token' in resp.headers: - headers['X-Auth-Token'] = '*' * 3 - dump.extend(['%s: %s' % (k, v) for k, v in headers]) + dump.extend(['%s: %s' % safe_header(k, v) for k, v in headers]) dump.append('') if body: body = strutils.safe_decode(body) diff --git a/glanceclient/common/utils.py b/glanceclient/common/utils.py index d1a634e..d40a704 100644 --- a/glanceclient/common/utils.py +++ b/glanceclient/common/utils.py @@ -39,6 +39,8 @@ from glanceclient.openstack.common import strutils _memoized_property_lock = threading.Lock() +SENSITIVE_HEADERS = ('X-Auth-Token', ) + # Decorator for cli-args def arg(*args, **kwargs): @@ -385,3 +387,13 @@ def memoized_property(fn): setattr(self, attr_name, fn(self)) return getattr(self, attr_name) return _memoized_property + + +def safe_header(name, value): + if name in SENSITIVE_HEADERS: + v = value.encode('utf-8') + h = hashlib.sha1(v) + d = h.hexdigest() + return name, "{SHA1}%s" % d + else: + return name, value |