notmyname/remove_debug.path Secret

## remove_debug.path
From 02c6a35db8d5d01292575aa31a857753f7538a75 Mon Sep 17 00:00:00 2001
From: John Dickinson <me@not.mn>
Date: Wed, 11 Jan 2017 10:55:30 -0800
Subject: [PATCH 1/2] remove tokens and keys from debug

Change-Id: I8890125de5641545311b0dec8fb8f6bb10ca3ad5
---
 swift/common/middleware/tempauth.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/swift/common/middleware/tempauth.py b/swift/common/middleware/tempauth.py
index 11dad41f..349ac990 100644
--- a/swift/common/middleware/tempauth.py
+++ b/swift/common/middleware/tempauth.py
@@ -247,8 +247,6 @@ class TempAuth(object):
             if groups:
                 user = groups and groups.split(',', 1)[0] or ''
                 trans_id = env.get('swift.trans_id')
-                self.logger.debug('User: %s uses token %s (trans_id %s)' %
-                                  (user, 's3' if s3 else token, trans_id))
                 env['REMOTE_USER'] = groups
                 env['swift.authorize'] = self.authorize
                 env['swift.clean_acl'] = clean_acl
@@ -537,8 +535,7 @@ class TempAuth(object):
                 and (req.environ['swift_sync_key'] ==
                      req.headers.get('x-container-sync-key', None))
                 and 'x-timestamp' in req.headers):
-            self.logger.debug("Allow request with container sync-key: %s."
-                              % req.environ['swift_sync_key'])
+            self.logger.debug("Allow request with container sync-key")
             return None

         if req.method == 'OPTIONS':
--
2.11.0


From 692b881f2f64a937b25fbee61af1d98bb240d7d6 Mon Sep 17 00:00:00 2001
From: John Dickinson <me@not.mn>
Date: Wed, 11 Jan 2017 10:59:34 -0800
Subject: [PATCH 2/2] remove debug log noise

Change-Id: I62950aefeaf766713358ac51670c0ec7bc25e245
---
 swift/common/middleware/tempauth.py | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/swift/common/middleware/tempauth.py b/swift/common/middleware/tempauth.py
index 349ac990..361fa16e 100644
--- a/swift/common/middleware/tempauth.py
+++ b/swift/common/middleware/tempauth.py
@@ -508,8 +508,6 @@ class TempAuth(object):
                 account not in self.reseller_prefixes and \
                 not self._dot_account(account):
             req.environ['swift_owner'] = True
-            self.logger.debug("User %s has reseller admin authorizing."
-                              % account_user)
             return None

         if account in user_groups and \
@@ -521,40 +519,29 @@ class TempAuth(object):
                 'require_group')
             if require_group and require_group in user_groups:
                 req.environ['swift_owner'] = True
-                self.logger.debug("User %s has admin and %s group."
-                                  " Authorizing." % (account_user,
-                                                     require_group))
                 return None
             elif not require_group:
                 req.environ['swift_owner'] = True
-                self.logger.debug("User %s has admin authorizing."
-                                  % account_user)
                 return None

         if (req.environ.get('swift_sync_key')
                 and (req.environ['swift_sync_key'] ==
                      req.headers.get('x-container-sync-key', None))
                 and 'x-timestamp' in req.headers):
-            self.logger.debug("Allow request with container sync-key")
             return None

         if req.method == 'OPTIONS':
             # allow OPTIONS requests to proceed as normal
-            self.logger.debug("Allow OPTIONS request.")
             return None

         referrers, groups = parse_acl(getattr(req, 'acl', None))

         if referrer_allowed(req.referer, referrers):
             if obj or '.rlistings' in groups:
-                self.logger.debug("Allow authorizing %s via referer ACL."
-                                  % req.referer)
                 return None

         for user_group in user_groups:
             if user_group in groups:
-                self.logger.debug("User %s allowed in ACL: %s authorizing."
-                                  % (account_user, user_group))
                 return None

         # Check for access via X-Account-Access-Control
@@ -565,20 +552,14 @@ class TempAuth(object):
             user_group_set = set(user_groups)
             if user_group_set.intersection(acct_acls['admin']):
                 req.environ['swift_owner'] = True
-                self.logger.debug('User %s allowed by X-Account-Access-Control'
-                                  ' (admin)' % account_user)
                 return None
             if (user_group_set.intersection(acct_acls['read-write']) and
                     (container or req.method in ('GET', 'HEAD'))):
                 # The RW ACL allows all operations to containers/objects, but
                 # only GET/HEAD to accounts (and OPTIONS, above)
-                self.logger.debug('User %s allowed by X-Account-Access-Control'
-                                  ' (read-write)' % account_user)
                 return None
             if (user_group_set.intersection(acct_acls['read-only']) and
                     req.method in ('GET', 'HEAD')):
-                self.logger.debug('User %s allowed by X-Account-Access-Control'
-                                  ' (read-only)' % account_user)
                 return None

         return self.denied_response(req)
--
2.11.0
	From 02c6a35db8d5d01292575aa31a857753f7538a75 Mon Sep 17 00:00:00 2001
	From: John Dickinson <me@not.mn>
	Date: Wed, 11 Jan 2017 10:55:30 -0800
	Subject: [PATCH 1/2] remove tokens and keys from debug

	Change-Id: I8890125de5641545311b0dec8fb8f6bb10ca3ad5
	---
	swift/common/middleware/tempauth.py \| 5 +----
	1 file changed, 1 insertion(+), 4 deletions(-)

	diff --git a/swift/common/middleware/tempauth.py b/swift/common/middleware/tempauth.py
	index 11dad41f..349ac990 100644
	--- a/swift/common/middleware/tempauth.py
	+++ b/swift/common/middleware/tempauth.py
	@@ -247,8 +247,6 @@ class TempAuth(object):
	if groups:
	user = groups and groups.split(',', 1)[0] or ''
	trans_id = env.get('swift.trans_id')
	- self.logger.debug('User: %s uses token %s (trans_id %s)' %
	- (user, 's3' if s3 else token, trans_id))
	env['REMOTE_USER'] = groups
	env['swift.authorize'] = self.authorize
	env['swift.clean_acl'] = clean_acl
	@@ -537,8 +535,7 @@ class TempAuth(object):
	and (req.environ['swift_sync_key'] ==
	req.headers.get('x-container-sync-key', None))
	and 'x-timestamp' in req.headers):
	- self.logger.debug("Allow request with container sync-key: %s."
	- % req.environ['swift_sync_key'])
	+ self.logger.debug("Allow request with container sync-key")
	return None

	if req.method == 'OPTIONS':
	--
	2.11.0


	From 692b881f2f64a937b25fbee61af1d98bb240d7d6 Mon Sep 17 00:00:00 2001
	From: John Dickinson <me@not.mn>
	Date: Wed, 11 Jan 2017 10:59:34 -0800
	Subject: [PATCH 2/2] remove debug log noise

	Change-Id: I62950aefeaf766713358ac51670c0ec7bc25e245
	---
	swift/common/middleware/tempauth.py \| 19 -------------------
	1 file changed, 19 deletions(-)

	diff --git a/swift/common/middleware/tempauth.py b/swift/common/middleware/tempauth.py
	index 349ac990..361fa16e 100644
	--- a/swift/common/middleware/tempauth.py
	+++ b/swift/common/middleware/tempauth.py
	@@ -508,8 +508,6 @@ class TempAuth(object):
	account not in self.reseller_prefixes and \
	not self._dot_account(account):
	req.environ['swift_owner'] = True
	- self.logger.debug("User %s has reseller admin authorizing."
	- % account_user)
	return None

	if account in user_groups and \
	@@ -521,40 +519,29 @@ class TempAuth(object):
	'require_group')
	if require_group and require_group in user_groups:
	req.environ['swift_owner'] = True
	- self.logger.debug("User %s has admin and %s group."
	- " Authorizing." % (account_user,
	- require_group))
	return None
	elif not require_group:
	req.environ['swift_owner'] = True
	- self.logger.debug("User %s has admin authorizing."
	- % account_user)
	return None

	if (req.environ.get('swift_sync_key')
	and (req.environ['swift_sync_key'] ==
	req.headers.get('x-container-sync-key', None))
	and 'x-timestamp' in req.headers):
	- self.logger.debug("Allow request with container sync-key")
	return None

	if req.method == 'OPTIONS':
	# allow OPTIONS requests to proceed as normal
	- self.logger.debug("Allow OPTIONS request.")
	return None

	referrers, groups = parse_acl(getattr(req, 'acl', None))

	if referrer_allowed(req.referer, referrers):
	if obj or '.rlistings' in groups:
	- self.logger.debug("Allow authorizing %s via referer ACL."
	- % req.referer)
	return None

	for user_group in user_groups:
	if user_group in groups:
	- self.logger.debug("User %s allowed in ACL: %s authorizing."
	- % (account_user, user_group))
	return None

	# Check for access via X-Account-Access-Control
	@@ -565,20 +552,14 @@ class TempAuth(object):
	user_group_set = set(user_groups)
	if user_group_set.intersection(acct_acls['admin']):
	req.environ['swift_owner'] = True
	- self.logger.debug('User %s allowed by X-Account-Access-Control'
	- ' (admin)' % account_user)
	return None
	if (user_group_set.intersection(acct_acls['read-write']) and
	(container or req.method in ('GET', 'HEAD'))):
	# The RW ACL allows all operations to containers/objects, but
	# only GET/HEAD to accounts (and OPTIONS, above)
	- self.logger.debug('User %s allowed by X-Account-Access-Control'
	- ' (read-write)' % account_user)
	return None
	if (user_group_set.intersection(acct_acls['read-only']) and
	req.method in ('GET', 'HEAD')):
	- self.logger.debug('User %s allowed by X-Account-Access-Control'
	- ' (read-only)' % account_user)
	return None

	return self.denied_response(req)
	--
	2.11.0