http_log_request will print debug info include pki certificate which is unsafety
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystoneauth |
Expired
|
Undecided
|
Unassigned |
Bug Description
when i use pki token,i find nova debug log include the whole pki certificate info,is this safety?need to modify?
my request is
curl -g -i -X GET https:/
debug.log such as:
RESP BODY: {"signed": "-----BEGIN CMS----
code session.py:
if response is not None:
if not status_code:
if not headers:
if not text:
# NOTE(samueldmq): If the response does not provide enough info
# about the content type to decide whether it is useful and
# safe to log it or not, just do not log the body. Trying to
# read the response body anyways may result on reading a long
# stream of bytes and getting an unexpected MemoryError. See
# bug 1616105 for further details.
# NOTE(lamt): Per [1], the Content-Type header can be of the
# form Content-Type := type "/" subtype *[";" parameter]
# [1] https:/
for log_type in _LOG_CONTENT_TYPES:
if json:
text = self._json.
if status_code:
if headers:
for header in six.iteritems(
if text:
The request you are making is the /v3/auth/ tokens/ OS-PKI/ revoked endpoint, whose whole purpose is to list revoked PKI tokens in the body of the response. This is working as designed, especially since those tokens are revoked and can't be used anyway.