Strip auth token from log output.

Fix bug 956777. This patch updates _safe_log, which is used for rpc debug logs, to not include auth tokens. Change-Id: I36bb4233acd356f85b0e6006a6b812a67605b393
openstack · Mar 21, 2012 · 5de274c · 5de274c
1 parent 4944a61
commit 5de274c
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 14 deletions.
diff --git a/nova/rpc/amqp.py b/nova/rpc/amqp.py
@@ -185,7 +185,7 @@ def unpack_context(msg):
             context_dict[key[9:]] = value
     context_dict['msg_id'] = msg.pop('_msg_id', None)
     ctx = RpcContext.from_dict(context_dict)
-    LOG.debug(_('unpacked context: %s'), ctx.to_dict())
+    rpc_common._safe_log(LOG.debug, _('unpacked context: %s'), ctx.to_dict())
     return ctx
 
 

diff --git a/nova/rpc/common.py b/nova/rpc/common.py
@@ -127,18 +127,33 @@ def consume_in_thread(self):
 
 def _safe_log(log_func, msg, msg_data):
     """Sanitizes the msg_data field before logging."""
-    SANITIZE = {
-                'set_admin_password': ('new_pass',),
-                'run_instance': ('admin_password',),
-               }
-    method = msg_data['method']
-    if method in SANITIZE:
-        msg_data = copy.deepcopy(msg_data)
-        args_to_sanitize = SANITIZE[method]
-        for arg in args_to_sanitize:
-            try:
-                msg_data['args'][arg] = "<SANITIZED>"
-            except KeyError:
-                pass
+    has_method = 'method' in msg_data
+    has_context_token = '_context_auth_token' in msg_data
+    has_token = 'auth_token' in msg_data
+
+    if not any([has_method, has_context_token, has_token]):
+        return log_func(msg, msg_data)
+
+    msg_data = copy.deepcopy(msg_data)
+
+    if has_method:
+        SANITIZE = {
+                    'set_admin_password': ('new_pass',),
+                    'run_instance': ('admin_password',),
+                   }
+        method = msg_data['method']
+        if method in SANITIZE:
+            args_to_sanitize = SANITIZE[method]
+            for arg in args_to_sanitize:
+                try:
+                    msg_data['args'][arg] = "<SANITIZED>"
+                except KeyError:
+                    pass
+
+    if has_context_token:
+        msg_data['_context_auth_token'] = '<SANITIZED>'
+
+    if has_token:
+        msg_data['auth_token'] = '<SANITIZED>'
 
     return log_func(msg, msg_data)