Merge "Omit X-Subject-Token from log"

commit: f27b677d223373100d96c427086254416de9394a [log] [tgz]
author: Zuul <zuul@review.openstack.org> Fri Jul 20 05:14:31 2018 +0000
committer: Gerrit Code Review <review@openstack.org> Fri Jul 20 05:14:31 2018 +0000
tree: c17767a7fa83045bea57cd368940fd7ffdacd0c7
parent: b286ad402e6bd60f33dfd8251d6cf1ed1ceae69d [diff]
parent: 2902a7bcd6b839525a632b0102c5589d2e50f0c8 [diff]
diff --git a/releasenotes/notes/omit_X-Subject-Token_from_log-1bf5fef88c80334b.yaml b/releasenotes/notes/omit_X-Subject-Token_from_log-1bf5fef88c80334b.yaml
new file mode 100644
index 0000000..51c8f79
--- /dev/null
+++ b/releasenotes/notes/omit_X-Subject-Token_from_log-1bf5fef88c80334b.yaml

@@ -0,0 +1,7 @@
+---
+security:
+  - |
+    The x-subject-token of a response header is ommitted from log,
+    but clients specify the same token on a request header on
+    Keystone API and that was not omitted. In this release,
+    that has been omitted for a security reason.

diff --git a/tempest/lib/common/rest_client.py b/tempest/lib/common/rest_client.py
index 22276d4..bc9cfe2 100644
--- a/tempest/lib/common/rest_client.py
+++ b/tempest/lib/common/rest_client.py

@@ -416,6 +416,8 @@
                           resp_body=None, extra=None):
         if 'X-Auth-Token' in req_headers:
             req_headers['X-Auth-Token'] = '<omitted>'
+        if 'X-Subject-Token' in req_headers:
+            req_headers['X-Subject-Token'] = '<omitted>'
         # A shallow copy is sufficient
         resp_log = resp.copy()
         if 'x-subject-token' in resp_log:
commit	f27b677d223373100d96c427086254416de9394a	[log] [tgz]
author	Zuul <zuul@review.openstack.org>	Fri Jul 20 05:14:31 2018 +0000
committer	Gerrit Code Review <review@openstack.org>	Fri Jul 20 05:14:31 2018 +0000
tree	c17767a7fa83045bea57cd368940fd7ffdacd0c7
parent	b286ad402e6bd60f33dfd8251d6cf1ed1ceae69d [diff]
parent	2902a7bcd6b839525a632b0102c5589d2e50f0c8 [diff]