When you invoke any OpenStack API of any of the OpenStack services
e.g. glance, neutron, cinder, heat, ceilometer, nova, keystone
then it logs readable x-subject-token at the debug log level in the
respective log files.
Simply redacting the x-subject-token in keystone client response header
before logging it.
Reviewed: https:/ /review. openstack. org/123954 /git.openstack. org/cgit/ openstack/ python- keystoneclient/ commit/ ?id=ebeca911fa2 91e258c2c0b1ef5 5a26ff5ac009d2
Committed: https:/
Submitter: Jenkins
Branch: master
commit ebeca911fa291e2 58c2c0b1ef55a26 ff5ac009d2
Author: ankitagrawal <email address hidden>
Date: Fri Sep 19 04:46:11 2014 -0700
Redact x-subject-token from response headers
When you invoke any OpenStack API of any of the OpenStack services
e.g. glance, neutron, cinder, heat, ceilometer, nova, keystone
then it logs readable x-subject-token at the debug log level in the
respective log files.
Simply redacting the x-subject-token in keystone client response header
before logging it.
SecurityImpact 7544761beea9f5c 5d8ba29afac
Closes-Bug: #1371355
Change-Id: Iac16c635825067