Omit X-Subject-Token from log
I213585e691f58e380a4be463b493591f1449422e has omitted x-subject-token
from response log, but clients specify the same token on a request
header on Keystone API and that is output on the log.
Actually the following log is output at the gate:
http://logs.openstack.org/62/581162/2/check/tempest-full/835acee/controller/logs/tempest_log.txt
2018-07-10 00:44:36.563 23617 DEBUG tempest.lib.common.rest_client
[req-20615e7c-76b6-4f6a-84c2-d3489a755000 ]
Request - Headers: {'X-Subject-Token': 'gAAAAABbRAF0Lv0N7i4o-5hPjcI
ZYXXKt1cxoo5FPUP_ukWuY_6_-4
S8oRXOkTfgReg0G9GT87Qiw4Gbd..',
'X-Auth-Token': '<omitted>'}
Body: None
Response - Headers: {u'content-type': 'application/json',
u'x-subject-token': '<omitted>',
.., 'status': '200'}
Body: _log_request_full tempest/lib/common/rest_client.py:434
This makes the log omitted as the same reason.
Change-Id: Iedd36f8feb9784553559ed5c79e7be2012d675f5
diff --git a/releasenotes/notes/omit_X-Subject-Token_from_log-1bf5fef88c80334b.yaml b/releasenotes/notes/omit_X-Subject-Token_from_log-1bf5fef88c80334b.yaml
new file mode 100644
index 0000000..51c8f79
--- /dev/null
+++ b/releasenotes/notes/omit_X-Subject-Token_from_log-1bf5fef88c80334b.yaml
@@ -0,0 +1,7 @@
+---
+security:
+ - |
+ The x-subject-token of a response header is ommitted from log,
+ but clients specify the same token on a request header on
+ Keystone API and that was not omitted. In this release,
+ that has been omitted for a security reason.