Full service token is shown in logs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystoneauth |
Fix Released
|
Critical
|
Tin Lam | ||
Mitaka |
Fix Released
|
Critical
|
Tin Lam | ||
Newton |
Fix Released
|
Critical
|
Tin Lam | ||
python-keystoneclient |
Fix Released
|
High
|
Tin Lam | ||
Mitaka |
Fix Released
|
High
|
Tin Lam | ||
Newton |
Fix Released
|
High
|
Tin Lam |
Bug Description
The user token is hashed in the logs but it looks like the service token isn't, seen here:
2017-01-08 03:35:22.059 29520 DEBUG cinderclient.
I'm not entirely sure if this is an issue in keystoneauth or cinderclient.
Changed in keystoneauth: | |
assignee: | Tin Lam (tl3438) → Steve Martinelli (stevemar) |
Changed in keystoneauth: | |
assignee: | Steve Martinelli (stevemar) → Tin Lam (tl3438) |
Looks like we need to add X-Service-Token to the list of headers we hash:
secure_headers = ('authorization', 'x-auth-token',
'x- subject- token', )
https:/ /github. com/openstack/ keystoneauth/ blob/f345559a06 c0128dcb7fede4b 593487540da86ef /keystoneauth1/ session. py#L289- L290