desktopcouch

Merge lp://qastaging/~cmiller/desktopcouch/log-no-secrets-bug460974 into lp://qastaging/desktopcouch

  1. log-no-secrets-bug460974
  2. Merge into trunk
Proposed by Chad Miller
Status: Merged
Approved by: Elliot Murphy
Approved revision: 98
Merged at revision: not available
Proposed branch: lp://qastaging/~cmiller/desktopcouch/log-no-secrets-bug460974
Merge into: lp://qastaging/desktopcouch
Diff against target: 125 lines
3 files modified
desktopcouch/pair/couchdb_pairing/couchdb_io.py (+19/-9)
desktopcouch/pair/tests/test_couchdb_io.py (+12/-0)
desktopcouch/replication.py (+1/-1)
To merge this branch: bzr merge lp://qastaging/~cmiller/desktopcouch/log-no-secrets-bug460974
Reviewer Review Type Date Requested Status
Elliot Murphy (community) Approve
Eric Casteleijn (community) Approve
Review via email: mp+14047@code.qastaging.launchpad.net

Commit message

When logging replication events, replace all oauth secrets with a string of the same length. (LP: #460974)

Don't complain about non-error when looking for service replicator items.

Use the logging object instead of general logging module, in one place.

To post a comment you must log in.
Revision history for this message
Eric Casteleijn (thisfred) wrote :

Looks great! tests pass

review: Approve
Revision history for this message
Elliot Murphy (statik) wrote :

nice work, zip(cycle()) definitely was the nicest code i saw all day.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'desktopcouch/pair/couchdb_pairing/couchdb_io.py'
--- desktopcouch/pair/couchdb_pairing/couchdb_io.py 2009-10-15 00:56:15 +0000
+++ desktopcouch/pair/couchdb_pairing/couchdb_io.py 2009-10-27 19:05:20 +0000
@@ -22,6 +22,7 @@
22import socket22import socket
23import uuid23import uuid
24import datetime24import datetime
25from itertools import cycle
2526
26from desktopcouch import find_pid, find_port as desktopcouch_find_port27from desktopcouch import find_pid, find_port as desktopcouch_find_port
27from desktopcouch.records import server28from desktopcouch.records import server
@@ -31,6 +32,17 @@
31PAIRED_SERVER_RECORD_TYPE = RECTYPE_BASE + "paired_server"32PAIRED_SERVER_RECORD_TYPE = RECTYPE_BASE + "paired_server"
32MY_ID_RECORD_TYPE = RECTYPE_BASE + "server_identity"33MY_ID_RECORD_TYPE = RECTYPE_BASE + "server_identity"
3334
35def obsfuscate(d):
36 def maybe_hide(k, v):
37 if hasattr(k, "endswith") and k.endswith("secret"):
38 return "".join(rep for rep, vi in zip(cycle('Hidden'), v))
39 else:
40 return v
41
42 if not hasattr(d, "iteritems"):
43 return d
44 return dict((k, maybe_hide(k, obsfuscate(v))) for k, v in d.iteritems())
45
34def mkuri(hostname, port, has_ssl=False, path="", auth_pair=None):46def mkuri(hostname, port, has_ssl=False, path="", auth_pair=None):
35 """Create a URI from parts."""47 """Create a URI from parts."""
36 protocol = "https" if has_ssl else "http"48 protocol = "https" if has_ssl else "http"
@@ -95,8 +107,6 @@
95 service_name = row.value["service_name"]107 service_name = row.value["service_name"]
96 found[service_name] = pairing_id, to_pull, to_push108 found[service_name] = pairing_id, to_pull, to_push
97 except KeyError, e:109 except KeyError, e:
98 logging.warn("Skipping weird record. %s", e)
99 # FIXME maybe we should log this or be more specific
100 pass110 pass
101 unique_hosts = [(v1, sn, v2, v3) for111 unique_hosts = [(v1, sn, v2, v3) for
102 (sn), (v1, v2, v3) in found.items()]112 (sn), (v1, v2, v3) in found.items()]
@@ -184,7 +194,7 @@
184 else:194 else:
185 logging.debug("skipping record empty %s", key)195 logging.debug("skipping record empty %s", key)
186 else:196 else:
187 logging.debug("skipping record %s with no %s", record.value, key)197 logging.debug("skipping record %s with no %s", obsfuscate(record.value), key)
188 logging.debug("found %d %s records", len(values), key)198 logging.debug("found %d %s records", len(values), key)
189 return values199 return values
190200
@@ -206,7 +216,7 @@
206 # Target databases must exist before replicating to them.216 # Target databases must exist before replicating to them.
207 logging.debug(217 logging.debug(
208 "creating %r %s:%d %s", target_database, target_host,218 "creating %r %s:%d %s", target_database, target_host,
209 target_port, target_oauth)219 target_port, obsfuscate(target_oauth))
210 create_database(220 create_database(
211 target_host, target_port, target_database, use_ssl=target_ssl,221 target_host, target_port, target_database, use_ssl=target_ssl,
212 oauth_tokens=target_oauth)222 oauth_tokens=target_oauth)
@@ -215,7 +225,7 @@
215 logging.debug("db exists, and we're ready to replicate")225 logging.debug("db exists, and we're ready to replicate")
216 except:226 except:
217 logging.exception("can't create/verify %r %s:%d oauth=%s",227 logging.exception("can't create/verify %r %s:%d oauth=%s",
218 target_database, target_host, target_port, target_oauth)228 target_database, target_host, target_port, obsfuscate(target_oauth))
219 if source_host:229 if source_host:
220 source = mkuri(source_host, source_port, source_ssl, urllib.quote(230 source = mkuri(source_host, source_port, source_ssl, urllib.quote(
221 source_database, safe=""))231 source_database, safe=""))
@@ -243,19 +253,19 @@
243 url = mkuri("localhost", port,)253 url = mkuri("localhost", port,)
244254
245 logging.debug(255 logging.debug(
246 "asking %r to replicate %s to %s, using record %s", url, source, target,256 "asking %r to replicate %s to %s", obsfuscate(url),
247 record)257 obsfuscate(source), obsfuscate(target),)
248258
249 ### All until python-couchdb gets a Server.replicate() function259 ### All until python-couchdb gets a Server.replicate() function
250 local_server = server.OAuthCapableServer(url)260 local_server = server.OAuthCapableServer(url)
251 resp, data = local_server.resource.post(path='/_replicate',261 resp, data = local_server.resource.post(path='/_replicate',
252 content=record)262 content=record)
253263
254 logging.debug("replicate result: %r %r", resp, data)264 logging.debug("replicate result: %r %r", obsfuscate(resp), obsfuscate(data))
255 ###265 ###
256 except:266 except:
257 logging.exception("can't replicate %r %r <== %r", source_database,267 logging.exception("can't replicate %r %r <== %r", source_database,
258 url, record)268 url, obsfuscate(record))
259269
260def get_pairings(uri=None):270def get_pairings(uri=None):
261 """Get a list of paired servers."""271 """Get a list of paired servers."""
262272
=== modified file 'desktopcouch/pair/tests/test_couchdb_io.py'
--- desktopcouch/pair/tests/test_couchdb_io.py 2009-10-07 13:26:18 +0000
+++ desktopcouch/pair/tests/test_couchdb_io.py 2009-10-27 19:05:20 +0000
@@ -51,6 +51,18 @@
51 del self.mgt_database._server['management']51 del self.mgt_database._server['management']
52 del self.mgt_database._server['foo']52 del self.mgt_database._server['foo']
5353
54
55 def test_obsfuscation(self):
56 t = {'url': 'https://couchdb.one.ubuntu.com/u%2Fb2%2Fc8%2F276%2Ftest', 'auth': {'oauth': {'consumer_secret': 'SeCrEtSe', 'token': '3XRjQrWX92TTTJFDTWJJ', 'consumer_key': 'ubuntuone', 'token_secret': 'jBmSeCrEtawkefwklefliwuregqwlkeh347wq87w4fiuq4fyu3q4fiqwu4fqwfiqufM6xjsPwSeCrEt4'}}}
57 cleaned_t = couchdb_io.obsfuscate(t)
58 self.failIf("SeCrEt" in str(cleaned_t), {'url': 'https://couchdb.one.ubuntu.com/u%2Fb2%2Fc8%2F276%2Ftest', 'auth': {'oauth': {'consumer_secret': 'HiddenHidd', 'token': '3XRjQrWX92TTTJFDTWJJ', 'consumer_key': 'ubuntuone', 'token_secret': 'HiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHi'}}})
59
60 self.assertEqual(couchdb_io.obsfuscate(""), "")
61 self.assertEqual(couchdb_io.obsfuscate({}), {})
62 self.assertEqual(couchdb_io.obsfuscate({1:{}}), {1:{}})
63 self.assertEqual(couchdb_io.obsfuscate({1:1}), {1:1})
64
65
54 def test_put_static_paired_service(self):66 def test_put_static_paired_service(self):
55 service_name = "dummyfortest"67 service_name = "dummyfortest"
56 oauth_data = {68 oauth_data = {
5769
=== modified file 'desktopcouch/replication.py'
--- desktopcouch/replication.py 2009-10-22 17:54:35 +0000
+++ desktopcouch/replication.py 2009-10-27 19:05:20 +0000
@@ -103,7 +103,7 @@
103 # push caught exception back...103 # push caught exception back...
104 except:104 except:
105 # ... so that we log it here.105 # ... so that we log it here.
106 logging.exception(106 log.exception(
107 "failed to unpair from other end.")107 "failed to unpair from other end.")
108 continue108 continue
109 else:109 else:

Subscribers

People subscribed via source and target branches