[openstack-dev] masking X-Auth-Token in debug output - proposed consistency

Morgan Fainberg morgan.fainberg at gmail.com
Thu Jun 12 16:38:35 UTC 2014



On Thu, Jun 12, 2014 at 1:59 PM, Sean Dague <sean at dague.net> wrote:
The only thing it makes harder is you have to generate your own token to
run the curl command. The rest is there.

Well I would have imagine that the curl command debug are here so people can easily copy and paste them and/or tweak them, but sure it would just make it a bit harder.
 
Because everyone is running our
servers at debug levels, it means the clients are going to be running
debug level as well (yay python logging!), so this is something I don't
think people realized was a huge issue.

so maybe the issue is that those curl commands shows up in server log when they should only output when running swift/nova/etc/client --debug, right?
This would be much better. However, a good amount of the data provided in these curl commands is useful for debugging the services as well. Long term, I the data provided in these debug line should be emitted in a log-friendly format instead of “this would be the curl command to run to do this” if not used as a CLI.This type of change could be made via the move to OpenStackClient. However, in the short term, we should be masking this data that is being generated from our Session objects.

Most of the clients are using (or will be using in the nearish term) the Keystoneclient Session object. I expect to have a fix to address this in the session object (and after some back-and-forth, we’ve resolved the SHA1 issues so back to the original "{SHA1}<token>” concept), As we progress and can offer more distinction between CLI and non-CLI client use (when logging), moving towards this delineation where the ‘curl’ output would only be emitted when running in CLI mode is a great option.

—Morgan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140612/4691a10f/attachment.html>


More information about the OpenStack-dev mailing list