Update how tokens are redacted

Using SHA-1 to match how Nova and Swift redact their tokens. Was discussed in the below thread: http://lists.openstack.org/pipermail/openstack-dev/2014-September/045802.html Here's what nova went with: https://review.openstack.org/#/c/99511/ swift seem to be following suit: https://review.openstack.org/#/c/99632/ Change-Id: I3045d6d9d2a13770f4022dbbd474b34eb1032f6e Closes-bug: 1329301
2014-09-15 16:17:18 -06:00
parent 4a5903bce7
commit f980fc5492
2 changed files with 15 additions and 6 deletions
@@ -39,6 +39,8 @@ from glanceclient.openstack.common import strutils

 _memoized_property_lock = threading.Lock()

+SENSITIVE_HEADERS = ('X-Auth-Token', )
+

 # Decorator for cli-args
 def arg(*args, **kwargs):
@@ -385,3 +387,13 @@ def memoized_property(fn):
                    setattr(self, attr_name, fn(self))
            return getattr(self, attr_name)
    return _memoized_property
+
+
+def safe_header(name, value):
+    if name in SENSITIVE_HEADERS:
+        v = value.encode('utf-8')
+        h = hashlib.sha1(v)
+        d = h.hexdigest()
+        return name, "{SHA1}%s" % d
+    else:
+        return name, value