Okay, I think this should do it. If it looks good I'll submit a review to oslo.log to get this fixed.
diff --git a/oslo_log/formatters.py b/oslo_log/formatters.py index 2545035..57e278e 100644 --- a/oslo_log/formatters.py +++ b/oslo_log/formatters.py @@ -28,6 +28,7 @@ from six import moves from oslo_context import context as context_utils from oslo_serialization import jsonutils from oslo_utils import encodeutils +from oslo_utils import strutils
if six.PY3: from functools import reduce @@ -206,11 +207,16 @@ class JSONFormatter(logging.Formatter): return lines
def format(self, record): + args = record.args + # If we were passed a dict object then we should attempt to mask any + # sensitive data. + if isinstance(args, dict): + args = strutils.mask_dict_password(dict(args)) message = {'message': record.getMessage(), 'asctime': self.formatTime(record, self.datefmt), 'name': record.name, 'msg': record.msg, - 'args': record.args, + 'args': args, 'levelname': record.levelname, 'levelno': record.levelno, 'pathname': record.pathname, diff --git a/oslo_log/tests/unit/test_log.py b/oslo_log/tests/unit/test_log.py index 7878525..b0ec22c 100644 --- a/oslo_log/tests/unit/test_log.py +++ b/oslo_log/tests/unit/test_log.py @@ -591,6 +591,11 @@ class JSONFormatterTestCase(LogTestBase): # convert it using repr() to prevent serialization error on logging. self.assertEqual(['repr'], data['args'])
+ def test_passwords_masked(self): + self.log.info('Test message', {'password': 'maskme'}) + data = jsonutils.loads(self.stream.getvalue()) + self.assertEqual('***', data['args']['password']) +
def get_fake_datetime(retval): class FakeDateTime(datetime.datetime):
Okay, I think this should do it. If it looks good I'll submit a review to oslo.log to get this fixed.
diff --git a/oslo_ log/formatters. py b/oslo_ log/formatters. py log/formatters. py log/formatters. py
index 2545035..57e278e 100644
--- a/oslo_
+++ b/oslo_
@@ -28,6 +28,7 @@ from six import moves
from oslo_context import context as context_utils
from oslo_serialization import jsonutils
from oslo_utils import encodeutils
+from oslo_utils import strutils
if six.PY3: logging. Formatter) :
from functools import reduce
@@ -206,11 +207,16 @@ class JSONFormatter(
return lines
def format(self, record): mask_dict_ password( dict(args) ) getMessage( ),
' asctime' : self.formatTime (record, self.datefmt),
' name': record.name,
' msg': record.msg,
' levelname' : record.levelname,
' levelno' : record.levelno,
' pathname' : record.pathname, log/tests/ unit/test_ log.py b/oslo_ log/tests/ unit/test_ log.py log/tests/ unit/test_ log.py log/tests/ unit/test_ log.py stCase( LogTestBase) :
self. assertEqual( ['repr' ], data['args'])
+ args = record.args
+ # If we were passed a dict object then we should attempt to mask any
+ # sensitive data.
+ if isinstance(args, dict):
+ args = strutils.
message = {'message': record.
- 'args': record.args,
+ 'args': args,
diff --git a/oslo_
index 7878525..b0ec22c 100644
--- a/oslo_
+++ b/oslo_
@@ -591,6 +591,11 @@ class JSONFormatterTe
# convert it using repr() to prevent serialization error on logging.
+ def test_passwords_ masked( self): loads(self. stream. getvalue( )) l('***' , data['args' ]['password' ])
+ self.log.info('Test message', {'password': 'maskme'})
+ data = jsonutils.
+ self.assertEqua
+
def get_fake_ datetime( retval) : datetime. datetime) :
class FakeDateTime(