kgess-mirror/openstack-python-openstackclient
1
0
Fork 0
mirror of https://opendev.org/openstack/python-openstackclient.git synced 2026-01-17 07:20:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
openstack-python-openstackc.../openstackclient
History
ryanKor 62c52f5e61 config: Also mask non-prefix config 
The 'config show' command will show information about your current
configuration. When using a 'cloud.yaml' file and the 'OS_CLOUD'
environment variable, the output of this will look like so:

  $ openstack config show
  +---------------------------------------------+----------------------------------+
  | Field                                       | Value                            |
  +---------------------------------------------+----------------------------------+
  | additional_user_agent                       | [('osc-lib', '2.6.0')]           |
  | api_timeout                                 | None                             |
  | auth.auth_url                               | https://example.com:13000        |
  | auth.password                               | <redacted>                       |
  | auth.project_domain_id                      | default                          |
  | auth.project_id                             | c73b7097d07c46f78eb4b4dcfbac5ca8 |
  | auth.project_name                           | test-project                     |
  | auth.user_domain_name                       | example.com                      |
  | auth.username                               | john-doe                         |
  ...

All of the 'auth.'-prefixed values are extracted from the corresponding
entry in the 'clouds.yaml' file. You'll note that the 'auth.password'
value is not shown. Instead, it is masked and replaced with
'<redacted>'.

However, a 'clouds.yaml' file is not the only way to configure these
tools. You can also use old school environment variables. By using an
openrc file from Horizon (or the clouds2env tool [1]), we will set
various 'OS_'-prefixed environment variables. When you use the 'config
show' command with these environment variables set, we will see all of
these values appear in the output *without* an 'auth.' prefix. Scanning
down we will see the password value is not redacted.

  $ openstack config show
  +---------------------------------------------+----------------------------------+
  | Field                                       | Value                            |
  +---------------------------------------------+----------------------------------+
  | additional_user_agent                       | [('osc-lib', '2.6.0')]           |
  | api_timeout                                 | None                             |
  ...
  | password                                    | secret-password                  |
  ...

This will also happen if using tokens. This is obviously incorrect.
These should be masked also. Make it so. This involves enhancing our
fake config generation code to generate config that looks like it came
from environment variables.

Change-Id: I560b928e5e6bcdcd89c409e0678dfc0d0b056c0e
Story: 2008816
Task: 42260
2022-08-01 19:54:44 +09:00
..
api Remove usage of six 2020-10-07 02:15:25 +00:00
common config: Also mask non-prefix config 2022-08-01 19:54:44 +09:00
compute Merge "Add more filter option of columns for server list -c COLUMN" 2022-06-20 15:19:49 +00:00
identity Fix typos 2021-10-26 15:53:51 +02:00
image image: Split image creation depending on service 2022-06-30 11:54:45 +01:00
locale/tr_TR/LC_MESSAGES Imported Translations from Zanata 2018-03-01 07:25:50 +00:00
network Don't show tenant_id in network objects 2022-06-27 10:50:03 +02:00
object Add storage policy option to create container command 2020-02-19 10:08:48 +13:00
tests config: Also mask non-prefix config 2022-08-01 19:54:44 +09:00
volume Merge "volume: Correct output of 'volume attachment create'" 2022-06-27 15:54:20 +00:00
__init__.py Clean up W503 and E402 pep8 errors 2018-04-15 12:23:06 +09:00
i18n.py Remove log translations 2017-03-21 17:23:09 +08:00
shell.py Remove usage of six 2020-10-07 02:15:25 +00:00