| 2020-01-03 08:17:59 |
kuangpeiling |
description |
when i use pki token,i find nova debug log include the whole pki certificate info,is this safety?need to modify?
my request is
curl -g -i -X GET https://identity.az1.dc1.domainname.com:443/identity-admin/v3/auth/tokens/OS-PKI/revoked
debug.log:
RESP BODY: {"signed": "-----BEGIN CMS-----\nMIIBuwYJKoZIhvcNAQcCoIIBrDCCAagCAQExDTALBglghkgBZQMEAgEwHgYJKoZI\nhvcNAQcBoBEED3sicmV2b2tlZCI6IFtdfTGCAXIwggFuAgEBMEkwPTELMAkGA1UE\nBhMCQ04xDzANBgNVBAoTBkh1YXdlaTEdMBsGA1UEAxMUSHVhd2VpIElUIFByb2R1\nY3QgQ0ECCBWpkSG6QZq3MAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQDF\nbzhT6VPqrir7wnKvxVxH+sYthHMX0Om+OaMecCL+VnQE1wcg7tAAh1LI7Z6qkSAr\nF1FnrQeq6PV+8EbD4ZsvfLisk0NHI8IgnS36dyTznitddX7zPTVl4g3TQVox2Qmm\nnPSYrqDx6bLxDQGcuMANkpbCDrlqmmOio2BMboHi6V6aNRMPdYGYOVAKxuYbt3s8\n3FDEsM/DpEDywdhQiXGL2fa81QaXIuu5LaS1wUbb8IBEtwF8YkZOS7tOWSSUxsZ9\nNdjKEmhBUN4qFg5yTRKU7WLVegrZnwKPFbcdqMbeDVcgGT0bcEhtBIa90uKI50Fb\nB6PVg7DpfJdPTE/fs0QO\n-----END CMS-----\n"} |
when i use pki token,i find nova debug log include the whole pki certificate info,is this safety?need to modify?
my request is
curl -g -i -X GET https://identity.az1.dc1.domainname.com:443/identity-admin/v3/auth/tokens/OS-PKI/revoked
debug.log such as:
RESP BODY: {"signed": "-----BEGIN CMS-----\nMIIBuwxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfs0QO\n-----END CMS-----\n"} |
|
| 2020-01-03 08:22:39 |
kuangpeiling |
description |
when i use pki token,i find nova debug log include the whole pki certificate info,is this safety?need to modify?
my request is
curl -g -i -X GET https://identity.az1.dc1.domainname.com:443/identity-admin/v3/auth/tokens/OS-PKI/revoked
debug.log such as:
RESP BODY: {"signed": "-----BEGIN CMS-----\nMIIBuwxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfs0QO\n-----END CMS-----\n"} |
when i use pki token,i find nova debug log include the whole pki certificate info,is this safety?need to modify?
my request is
curl -g -i -X GET https://identity.az1.dc1.domainname.com:443/identity-admin/v3/auth/tokens/OS-PKI/revoked
debug.log such as:
RESP BODY: {"signed": "-----BEGIN CMS-----\nMIIBuwxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfs0QO\n-----END CMS-----\n"}
code session.py:
if response is not None:
if not status_code:
status_code = response.status_code
if not headers:
headers = response.headers
if not text:
# NOTE(samueldmq): If the response does not provide enough info
# about the content type to decide whether it is useful and
# safe to log it or not, just do not log the body. Trying to
# read the response body anyways may result on reading a long
# stream of bytes and getting an unexpected MemoryError. See
# bug 1616105 for further details.
content_type = response.headers.get('content-type', None)
# NOTE(lamt): Per [1], the Content-Type header can be of the
# form Content-Type := type "/" subtype *[";" parameter]
# [1] https://www.w3.org/Protocols/rfc1341/4_Content-Type.html
for log_type in _LOG_CONTENT_TYPES:
if content_type is not None and content_type.startswith(
log_type):
text = self._remove_service_catalog(response.text)
break
else:
text = ('Omitted, Content-Type is set to %s. Only '
'%s responses have their bodies logged.')
text = text % (content_type, ', '.join(_LOG_CONTENT_TYPES))
if json:
text = self._json.encode(json)
string_parts = ['RESP:']
if status_code:
string_parts.append('[%s]' % status_code)
if headers:
for header in six.iteritems(headers):
string_parts.append('%s: %s' % self._process_header(header))
if text:
string_parts.append('\nRESP BODY: %s\n' % text) |
|
