Comment 4 for bug 1685798

+2 WFM

Apr 24 18:53:14 ubuntu-xenial object-6010: 127.0.0.1 - - [24/Apr/2017:18:53:14 +0000] "HEAD /sdb1/645/AUTH_test/test/test" 200 8 "HEAD http://saio:8080/v1/AUTH_test/test/test?temp_url_expires=1493063464&temp_url_sig=d548ccbc..." "tx7decc83acfd9426bb3a10-0058fe499a" "proxy-server 10740" 0.0006 "-" 10735 0

I think Donagh's point is spot on

    [filter:tempurl]
    use = egg:swift#tempurl
    reveal_sensitive_prefix = 99999

^ that works for me, we definitely need to follow up with that in the example file.

Donagh, I think exempting accounts from truncation would be a good feature for followup after we get out from under the embargo. I can also confirmed, as Christian's commit message points out, that only authorized signatures are truncated - which could help with debugging for ops:

Apr 24 18:59:59 ubuntu-xenial proxy-server: 127.0.0.1 127.0.0.1 24/Apr/2017/18/59/59 HEAD /v1/AUTH_test/test/test%3Ftemp_url_sig%3Dbf2431dd9860764fb423a08d3bf7d01cd4312004%26temp_url_expires%3D1493063999 HTTP/1.0 401 - curl/7.47.0 - - - - tx3d9ba159317e45ee87c05-0058fe4b2f - 0.0016 - - 1493060399.179332018 1493060399.180957079 -

... or eventlet debug

Apr 24 19:00:08 ubuntu-xenial proxy-server: 127.0.0.1 127.0.0.1 24/Apr/2017/19/00/08 HEAD /v1/AUTH_test/test/test%3Ftemp_url_expires%3D1493064008%26temp_url_sig%3D3cafada5... HTTP/1.0 200 - curl/7.47.0 - - - - tx2db8598376d14dc2a48eb-0058fe4b38 - 0.0274 - - 1493060408.930609941 1493060408.957966089 0
Apr 24 19:00:08 ubuntu-xenial proxy-server: STDERR: 127.0.0.1 - - [24/Apr/2017 19:00:08] "HEAD /v1/AUTH_test/test/test?temp_url_sig=3cafada56bcdf1a37176926c13199e4251a4e010&temp_url_expires=1493064008 HTTP/1.1" 200 475 0.029963 (txn: tx2db8598376d14dc2a48eb-0058fe4b38)

So I think we have Donagh's very correct concern satiated and can/should move forward here to get out from embargo.