Python oslo_utils.strutils.mask_password() Examples
The following are 19
code examples of oslo_utils.strutils.mask_password().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
oslo_utils.strutils
, or try the search function
.
.
Example #1
| Source File: test_strutils.py From oslo.utils with Apache License 2.0 | 6 votes |
|
def test_json_message(self):
payload = """body: {"changePassword": {"adminPass": "1234567"}}"""
expected = """body: {"changePassword": {"adminPass": "***"}}"""
self.assertEqual(expected, strutils.mask_password(payload))
payload = """body: {"rescue": {"admin_pass": "1234567"}}"""
expected = """body: {"rescue": {"admin_pass": "***"}}"""
self.assertEqual(expected, strutils.mask_password(payload))
payload = """body: {"rescue": {"admin_password": "1234567"}}"""
expected = """body: {"rescue": {"admin_password": "***"}}"""
self.assertEqual(expected, strutils.mask_password(payload))
payload = """body: {"rescue": {"password": "1234567"}}"""
expected = """body: {"rescue": {"password": "***"}}"""
self.assertEqual(expected, strutils.mask_password(payload))
payload = """body: {"rescue": {"encryption_key_id": "1234567"}}"""
expected = """body: {"rescue": {"encryption_key_id": "***"}}"""
self.assertEqual(expected, strutils.mask_password(payload))
Example #2
| Source File: __init__.py From os-brick with Apache License 2.0 | 6 votes |
|
def get_encryption_metadata(context, volume_api, volume_id, connection_info):
metadata = {}
if ('data' in connection_info and
connection_info['data'].get('encrypted', False)):
try:
metadata = volume_api.get_volume_encryption_metadata(context,
volume_id)
if not metadata:
LOG.warning('Volume %s should be encrypted but there is no '
'encryption metadata.', volume_id)
except Exception as e:
LOG.error("Failed to retrieve encryption metadata for "
"volume %(volume_id)s: %(exception)s",
{'volume_id': volume_id, 'exception': e})
raise
if metadata:
msg = ("Using volume encryption metadata '%(metadata)s' for "
"connection: %(connection_info)s" %
{'metadata': metadata, 'connection_info': connection_info})
LOG.debug(strutils.mask_password(msg))
return metadata
Example #3
| Source File: iscsi.py From os-brick with Apache License 2.0 | 6 votes |
|
def _run_iscsiadm(self, connection_properties, iscsi_command, **kwargs):
check_exit_code = kwargs.pop('check_exit_code', 0)
attempts = kwargs.pop('attempts', 1)
delay_on_retry = kwargs.pop('delay_on_retry', True)
(out, err) = self._execute('iscsiadm', '-m', 'node', '-T',
connection_properties['target_iqn'],
'-p',
connection_properties['target_portal'],
*iscsi_command, run_as_root=True,
root_helper=self._root_helper,
check_exit_code=check_exit_code,
attempts=attempts,
delay_on_retry=delay_on_retry)
msg = ("iscsiadm %(iscsi_command)s: stdout=%(out)s stderr=%(err)s" %
{'iscsi_command': iscsi_command, 'out': out, 'err': err})
# don't let passwords be shown in log output
LOG.debug(strutils.mask_password(msg))
return (out, err)
Example #4
| Source File: tacker.py From tacker-horizon with Apache License 2.0 | 5 votes |
|
def create_vim(request, vim_arg):
LOG.debug("create_vim(): vim_arg=%s", strutils.mask_password(vim_arg))
vim_instance = tackerclient(request).create_vim(body=vim_arg)
return vim_instance
Example #5
| Source File: log.py From tacker with Apache License 2.0 | 5 votes |
|
def log(method):
"""Decorator helping to log method calls."""
def wrapper(*args, **kwargs):
instance = args[0]
data = {"class_name": (instance.__class__.__module__ + '.'
+ instance.__class__.__name__),
"method_name": method.__name__,
"args": strutils.mask_password(args[1:]),
"kwargs": strutils.mask_password(kwargs)}
LOG.debug('%(class_name)s method %(method_name)s'
' called with arguments %(args)s %(kwargs)s', data)
return method(*args, **kwargs)
return wrapper
Example #6
| Source File: nfvo_plugin.py From tacker with Apache License 2.0 | 5 votes |
|
def _get_vim_from_vnf(self, context, vnf_id):
"""Figures out VIM based on a VNF
:param context: SQL Session Context
:param vnf_id: VNF ID
:return: VIM or VIM properties if fields are provided
"""
vnfm_plugin = manager.TackerManager.get_service_plugins()['VNFM']
vim_id = vnfm_plugin.get_vnf(context, vnf_id, fields=['vim_id'])
vim_obj = self.get_vim(context, vim_id['vim_id'], mask_password=False)
if vim_obj is None:
raise nfvo.VimFromVnfNotFoundException(vnf_id=vnf_id)
self._build_vim_auth(vim_obj)
return vim_obj
Example #7
| Source File: nfvo_plugin.py From tacker with Apache License 2.0 | 5 votes |
|
def _get_vim(self, context, vim_id):
if not self.is_vim_still_in_use(context, vim_id):
return self.get_vim(context, vim_id, mask_password=False)
Example #8
| Source File: nfvo_plugin.py From tacker with Apache License 2.0 | 5 votes |
|
def create_vim(self, context, vim):
LOG.debug('Create vim called with parameters %s',
strutils.mask_password(vim))
vim_obj = vim['vim']
vim_type = vim_obj['type']
if vim_type == 'openstack':
vim_obj['auth_url'] = utils.get_auth_url_v3(vim_obj['auth_url'])
vim_obj['id'] = uuidutils.generate_uuid()
vim_obj['status'] = 'PENDING'
try:
self._vim_drivers.invoke(vim_type,
'register_vim',
vim_obj=vim_obj)
res = super(NfvoPlugin, self).create_vim(context, vim_obj)
except Exception:
with excutils.save_and_reraise_exception():
self._vim_drivers.invoke(vim_type,
'delete_vim_auth',
vim_id=vim_obj['id'],
auth=vim_obj['auth_cred'])
try:
self.monitor_vim(context, vim_obj)
except Exception:
LOG.warning("Failed to set up vim monitoring")
return res
Example #9
| Source File: string_utils.py From syntribos with Apache License 2.0 | 5 votes |
|
def sanitize_secrets(content, mask="****"):
"""Extends oslo_utils strutils to make mask passwords more robust."""
def mask_dict_password(dictionary, secret="***"):
"""Overriding strutils.mask_dict_password.
Overriding mask_dict_password to accept CaseInsenstiveDict as well.
"""
out = deepcopy(dictionary)
for k, v in dictionary.items():
if is_dict(v):
out[k] = mask_dict_password(v, secret=secret)
continue
for sani_key in strutils._SANITIZE_KEYS:
if sani_key in k:
out[k] = secret
break
else:
if isinstance(v, six.string_types):
out[k] = strutils.mask_password(v, secret=secret)
return out
strutils.mask_dict_password = mask_dict_password
if is_dict(content):
return strutils.mask_dict_password(content, mask)
if is_string(content):
return strutils.mask_password(content, mask)
Example #10
| Source File: fields.py From oslo.versionedobjects with Apache License 2.0 | 5 votes |
|
def stringify(self, value):
return super(SensitiveString, self).stringify(
strutils.mask_password(value))
Example #11
| Source File: winrm_helper.py From manila with Apache License 2.0 | 5 votes |
|
def _parse_command(self, command):
if isinstance(command, list) or isinstance(command, tuple):
command = " ".join([six.text_type(c) for c in command])
sanitized_cmd = strutils.mask_password(command)
b64_command = base64.b64encode(command.encode("utf_16_le"))
command = ("powershell.exe -ExecutionPolicy RemoteSigned "
"-NonInteractive -EncodedCommand %s" % b64_command)
return command, sanitized_cmd
Example #12
| Source File: winrm_helper.py From manila with Apache License 2.0 | 5 votes |
|
def execute(self, server, command, check_exit_code=True,
retry=True):
retries = self._config.winrm_retry_count if retry else 1
conn = self._get_conn(server)
@utils.retry(exception=Exception,
interval=self._config.winrm_retry_interval,
retries=retries)
def _execute():
parsed_cmd, sanitized_cmd = self._parse_command(command)
LOG.debug("Executing command: %s", sanitized_cmd)
(stdout, stderr, exit_code) = conn.execute(parsed_cmd)
sanitized_stdout = strutils.mask_password(stdout)
sanitized_stderr = strutils.mask_password(stderr)
LOG.debug("Executed command: %(cmd)s. Stdout: %(stdout)s. "
"Stderr: %(stderr)s. Exit code %(exit_code)s",
dict(cmd=sanitized_cmd, stdout=sanitized_stdout,
stderr=sanitized_stderr, exit_code=exit_code))
if check_exit_code and exit_code != 0:
raise processutils.ProcessExecutionError(
stdout=sanitized_stdout,
stderr=sanitized_stderr,
exit_code=exit_code,
cmd=sanitized_cmd)
return (stdout, stderr)
return _execute()
Example #13
| Source File: gpfs.py From manila with Apache License 2.0 | 5 votes |
|
def _gpfs_ssh_execute(self, ssh, cmd, ignore_exit_code=None,
check_exit_code=True):
sanitized_cmd = strutils.mask_password(cmd)
LOG.debug('Running cmd (SSH): %s', sanitized_cmd)
stdin_stream, stdout_stream, stderr_stream = ssh.exec_command(cmd)
channel = stdout_stream.channel
stdout = stdout_stream.read()
sanitized_stdout = strutils.mask_password(stdout)
stderr = stderr_stream.read()
sanitized_stderr = strutils.mask_password(stderr)
stdin_stream.close()
exit_status = channel.recv_exit_status()
# exit_status == -1 if no exit code was returned
if exit_status != -1:
LOG.debug('Result was %s', exit_status)
if ((check_exit_code and exit_status != 0)
and
(ignore_exit_code is None or
exit_status not in ignore_exit_code)):
raise exception.ProcessExecutionError(exit_code=exit_status,
stdout=sanitized_stdout,
stderr=sanitized_stderr,
cmd=sanitized_cmd)
return (sanitized_stdout, sanitized_stderr)
Example #14
| Source File: rootwrap.py From os-brick with Apache License 2.0 | 5 votes |
|
def execute(*cmd, **kwargs):
"""NB: Raises processutils.ProcessExecutionError on failure."""
run_as_root = kwargs.pop('run_as_root', False)
kwargs.pop('root_helper', None)
try:
if run_as_root:
return execute_root(*cmd, **kwargs)
else:
return custom_execute(*cmd, **kwargs)
except OSError as e:
# Note:
# putils.execute('bogus', run_as_root=True)
# raises ProcessExecutionError(exit_code=1) (because there's a
# "sh -c bogus" involved in there somewhere, but:
# putils.execute('bogus', run_as_root=False)
# raises OSError(not found).
#
# Lots of code in os-brick catches only ProcessExecutionError
# and never encountered the latter when using rootwrap.
# Rather than fix all the callers, we just always raise
# ProcessExecutionError here :(
sanitized_cmd = strutils.mask_password(' '.join(cmd))
raise putils.ProcessExecutionError(
cmd=sanitized_cmd, description=six.text_type(e))
# See comment on `execute`
Example #15
| Source File: utils.py From zun with Apache License 2.0 | 5 votes |
|
def custom_execute(*cmd, **kwargs):
try:
return processutils.execute(*cmd, **kwargs)
except processutils.ProcessExecutionError as e:
sanitized_cmd = strutils.mask_password(' '.join(cmd))
raise exception.CommandError(cmd=sanitized_cmd,
error=str(e))
Example #16
| Source File: __init__.py From os-brick with Apache License 2.0 | 4 votes |
|
def get_volume_encryptor(root_helper,
connection_info,
keymgr,
execute=None,
*args, **kwargs):
"""Creates a VolumeEncryptor used to encrypt the specified volume.
:param: the connection information used to attach the volume
:returns VolumeEncryptor: the VolumeEncryptor for the volume
"""
encryptor = nop.NoOpEncryptor(root_helper=root_helper,
connection_info=connection_info,
keymgr=keymgr,
execute=execute,
*args, **kwargs)
location = kwargs.get('control_location', None)
if location and location.lower() == 'front-end': # case insensitive
provider = kwargs.get('provider')
# TODO(lyarwood): Remove the following in Queens and raise an
# ERROR if provider is not a key in SUPPORTED_ENCRYPTION_PROVIDERS.
# Until then continue to allow both the class name and path to be used.
if provider in LEGACY_PROVIDER_CLASS_TO_FORMAT_MAP:
LOG.warning("Use of the in tree encryptor class %(provider)s"
" by directly referencing the implementation class"
" will be blocked in the Queens release of"
" os-brick.", {'provider': provider})
provider = LEGACY_PROVIDER_CLASS_TO_FORMAT_MAP[provider]
if provider in FORMAT_TO_FRONTEND_ENCRYPTOR_MAP:
provider = FORMAT_TO_FRONTEND_ENCRYPTOR_MAP[provider]
elif provider is None:
provider = "os_brick.encryptors.nop.NoOpEncryptor"
else:
LOG.warning("Use of the out of tree encryptor class "
"%(provider)s will be blocked with the Queens "
"release of os-brick.", {'provider': provider})
try:
encryptor = importutils.import_object(
provider,
root_helper,
connection_info,
keymgr,
execute,
**kwargs)
except Exception as e:
LOG.error("Error instantiating %(provider)s: %(exception)s",
{'provider': provider, 'exception': e})
raise
msg = ("Using volume encryptor '%(encryptor)s' for connection: "
"%(connection_info)s" %
{'encryptor': encryptor, 'connection_info': connection_info})
LOG.debug(strutils.mask_password(msg))
return encryptor
Example #17
| Source File: test_strutils.py From oslo.utils with Apache License 2.0 | 4 votes |
|
def test_xml(self):
# Test 'adminPass' w/o spaces
payload = """<adminPass>TL0EfN33</adminPass>"""
expected = """<adminPass>***</adminPass>"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'adminPass' with spaces
payload = """<adminPass>
TL0EfN33
</adminPass>"""
expected = """<adminPass>***</adminPass>"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_pass' w/o spaces
payload = """<admin_pass>TL0EfN33</admin_pass>"""
expected = """<admin_pass>***</admin_pass>"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_pass' with spaces
payload = """<admin_pass>
TL0EfN33
</admin_pass>"""
expected = """<admin_pass>***</admin_pass>"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_password' w/o spaces
payload = """<admin_password>TL0EfN33</admin_password>"""
expected = """<admin_password>***</admin_password>"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_password' with spaces
payload = """<admin_password>
TL0EfN33
</admin_password>"""
expected = """<admin_password>***</admin_password>"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'password' w/o spaces
payload = """<password>TL0EfN33</password>"""
expected = """<password>***</password>"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'password' with spaces
payload = """<password>
TL0EfN33
</password>"""
expected = """<password>***</password>"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'Password1' - case-insensitive + number
payload = """<Password1>TL0EfN33</Password1>"""
expected = """<Password1>***</Password1>"""
self.assertEqual(expected, strutils.mask_password(payload))
Example #18
| Source File: test_strutils.py From oslo.utils with Apache License 2.0 | 4 votes |
|
def test_xml_attribute(self):
# Test 'adminPass' w/o spaces
payload = """adminPass='TL0EfN33'"""
expected = """adminPass='***'"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'adminPass' with spaces
payload = """adminPass = 'TL0EfN33'"""
expected = """adminPass = '***'"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'adminPass' with double quotes
payload = """adminPass = "TL0EfN33\""""
expected = """adminPass = "***\""""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_pass' w/o spaces
payload = """admin_pass='TL0EfN33'"""
expected = """admin_pass='***'"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_pass' with spaces
payload = """admin_pass = 'TL0EfN33'"""
expected = """admin_pass = '***'"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_pass' with double quotes
payload = """admin_pass = "TL0EfN33\""""
expected = """admin_pass = "***\""""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_password' w/o spaces
payload = """admin_password='TL0EfN33'"""
expected = """admin_password='***'"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_password' with spaces
payload = """admin_password = 'TL0EfN33'"""
expected = """admin_password = '***'"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'admin_password' with double quotes
payload = """admin_password = "TL0EfN33\""""
expected = """admin_password = "***\""""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'password' w/o spaces
payload = """password='TL0EfN33'"""
expected = """password='***'"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'password' with spaces
payload = """password = 'TL0EfN33'"""
expected = """password = '***'"""
self.assertEqual(expected, strutils.mask_password(payload))
# Test 'password' with double quotes
payload = """password = "TL0EfN33\""""
expected = """password = "***\""""
self.assertEqual(expected, strutils.mask_password(payload))
Example #19
| Source File: test_strutils.py From oslo.utils with Apache License 2.0 | 4 votes |
|
def test_xml_message(self):
payload = """<?xml version="1.0" encoding="UTF-8"?>
<rebuild
xmlns="http://docs.openstack.org/compute/api/v1.1"
name="foobar"
imageRef="http://openstack.example.com/v1.1/32278/images/70a599e0-31e7"
accessIPv4="1.2.3.4"
accessIPv6="fe80::100"
adminPass="seekr3t">
<metadata>
<meta key="My Server Name">Apache1</meta>
</metadata>
</rebuild>"""
expected = """<?xml version="1.0" encoding="UTF-8"?>
<rebuild
xmlns="http://docs.openstack.org/compute/api/v1.1"
name="foobar"
imageRef="http://openstack.example.com/v1.1/32278/images/70a599e0-31e7"
accessIPv4="1.2.3.4"
accessIPv6="fe80::100"
adminPass="***">
<metadata>
<meta key="My Server Name">Apache1</meta>
</metadata>
</rebuild>"""
self.assertEqual(expected, strutils.mask_password(payload))
payload = """<?xml version="1.0" encoding="UTF-8"?>
<rescue xmlns="http://docs.openstack.org/compute/api/v1.1"
admin_pass="MySecretPass"/>"""
expected = """<?xml version="1.0" encoding="UTF-8"?>
<rescue xmlns="http://docs.openstack.org/compute/api/v1.1"
admin_pass="***"/>"""
self.assertEqual(expected, strutils.mask_password(payload))
payload = """<?xml version="1.0" encoding="UTF-8"?>
<rescue xmlns="http://docs.openstack.org/compute/api/v1.1"
admin_password="MySecretPass"/>"""
expected = """<?xml version="1.0" encoding="UTF-8"?>
<rescue xmlns="http://docs.openstack.org/compute/api/v1.1"
admin_password="***"/>"""
self.assertEqual(expected, strutils.mask_password(payload))
payload = """<?xml version="1.0" encoding="UTF-8"?>
<rescue xmlns="http://docs.openstack.org/compute/api/v1.1"
password="MySecretPass"/>"""
expected = """<?xml version="1.0" encoding="UTF-8"?>
<rescue xmlns="http://docs.openstack.org/compute/api/v1.1"
password="***"/>"""
self.assertEqual(expected, strutils.mask_password(payload))
