Log SHA1 hash of X-Auth-Token value

Remove logging of sensitive information like the
token value from X-Auth-Token. Instead log the sha1
hash of the token value, prefixed with '{SHA1}'.

Conflicts:
	neutronclient/common/utils.py

Closes-Bug: #1367339
Change-Id: I72d2ff5ca569c942aa6896aeadab489ff0097255
(cherry picked from commit d8fa792ee720e7877fa371e69633546b752e73da)

1 files changed, 10 insertions, 2 deletions

diff --git a/neutronclient/common/utils.py b/neutronclient/common/utils.py
index dc5f7d6..27c2de2 100644
--- a/neutronclient/common/utils.py
+++ b/neutronclient/common/utils.py
@@ -18,6 +18,7 @@
 """Utilities and helper functions."""
 
 import argparse
+import hashlib
 import logging
 import netaddr
 import os
@@ -29,6 +30,8 @@ import six
 from neutronclient.common import exceptions
 from neutronclient.i18n import _
 
+SENSITIVE_HEADERS = ('X-Auth-Token',)
+
 
 def env(*vars, **kwargs):
     """Returns the first environment variable set.
@@ -127,8 +130,13 @@ def http_log_req(_logger, args, kwargs):
         else:
             string_parts.append(' %s' % element)
 
-    for element in kwargs['headers']:
-        header = ' -H "%s: %s"' % (element, kwargs['headers'][element])
+    for (key, value) in six.iteritems(kwargs['headers']):
+        if key in SENSITIVE_HEADERS:
+            v = value.encode('utf-8')
+            h = hashlib.sha1(v)
+            d = h.hexdigest()
+            value = "{SHA1}%s" % d
+        header = ' -H "%s: %s"' % (key, value)
         string_parts.append(header)
 
     if 'body' in kwargs and kwargs['body']: